Re: [PacketFence-users] Multiple Roles with Self-Reg Portal(s)?

[Toren Smith via PacketFence-users]

Hm. I was able to get some of what I want by adding a second NIC, and
creating a new connection profile with a filter for the FQDN for that NIC's
IP address, and then pointed that profile at the different
self-registration portal. When I do that, I can connect to the two
different URLs and be presented with different options for picking a device
role. Which is great! Except for some reason both of the self-reg portals
are using the same authentication source, regardless of what I set the
second profile to. I can set the new connection profile to use "file" as
the auth source, and point it at the new portal config, and it will still
validate me with the AD source but will display the correct role list for
that page. So, I'm closer, but not there yet. Is this one of the known
issues you were referring to?

On Wed, Feb 16, 2022 at 8:19 AM Zammit, Ludovic  wrote:

> The self registration portal are per Connection Profile basis.
>
> As long you have a different URI to reach it or source you should be able
> to display different one.
>
> The default URI are https://pf.domain.com/status and
> https://pf.domain.com/device-registration
>
> It’s a known issue that we do have problems displaying multiple ones. It
> needs to be tested in your case.
>
> Thanks,
>
> *Ludovic Zammit*
> *Product Support Engineer Principal*
> *Cell:* +1.613.670.8432
> Akamai Technologies - Inverse
> 145 Broadway
> Cambridge, MA 02142
> Connect with Us:  
>  
> 
> 
>
> On Feb 15, 2022, at 9:31 AM, Toren Smith via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
> Does the portal module customization affect the self-registration
> portal? The documentation only talks about using it for the captive
> portal, which I'm not using.
>
> Is it possible to just have two separate self-registration portals?
> I'm fine with people having to go to separate URLs to register things.
>
> On Tue, Feb 15, 2022 at 8:48 AM Diego Garcia del Rio 
> wrote:
>
>
> you could create two authentication sources (both pointing to the same
> LDAP), one which filters faculty and another students.(you would have to
> play with the LDAP filters so that the user is not even found if it you
> search for faculty using the student's authentication source)
> and then you could present two different "login options" -> faculty login
> (which only uses the faculty LDAP as authentication source) and student
> login(which only uses the student LDAP as auth source), each which leads to
> the the two different "select-role" portal modules, one tuned for faculty
> and the other for staff
>
> it its only 2 "paths" then its probably ok... otherwise, it could become a
> bit un-manageable
>
>
> On Tue, Feb 15, 2022 at 8:03 AM Toren Smith via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>
> I'm not sure what the right approach is for this, or how much of this
> PacketFence can do. I'm not planning on using PF as a captive portal,
> I just want to use it for the self-service device registration page
> for MAB on wired and wireless connections. Ideally what I wanted was a
> system where our faculty or students could sign in to the portal and
> register their devices and select from a couple of different roles for
> each device. I can authenticate the accounts via AD or LDAP just fine,
> and I can assign roles to the users based on LDAP attributes. If I
> don't specify a list of roles for the Self-Service Portal, it'll
> assign the student/faculty role to the device when it's registered,
> but if I put in a list of roles they can choose from, then *all* users
> can choose from any of those, regardless of the user's role.
>
> So what I want is for students to sign into the Portal and get the
> option of registering their devices in role A or role B, while faculty
> signing in get to choose between roles C or D. But right now if I
> leave the list blank, neither of them gets to choose a role for their
> devices, and if I put the list of these in, they can all chose from A,
> B, C, or D.
>
> I'd be fine with having two separate portal pages for the two groups,
> but I don't see an obvious way of doing that. I've read through all
> the documentation, but it didn't seem to cover these cases.
>
> Does anybody know the answer? Thanks.
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
>
> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!EJK5_O3kHtaYO-iN3tqu6GQbMaWfFePEGrxSAoKKeJRfjsoRJFzBZ53_JcpHSMIC$
>
>
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
>
> https://urldefense.com/v3/__https://lists

Re: [PacketFence-users] Multiple Roles with Self-Reg Portal(s)?

[Zammit, Ludovic via PacketFence-users]

Yes, based on the self portal config, it’s either you assigned the role that is 
assign to your current user or you add multiple roles and they can choose from 
a drop down list from the self registration page.

Thanks,

Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:   
    
  
  


> On Feb 15, 2022, at 9:36 AM, Toren Smith  wrote:
> 
> I know this is the general sort of thing that PacketFence is designed for, 
> which is why I'm working with it. My question is whether I can have two 
> separate self-registration portals for separate groups, or if I can present 
> different lists of device roles to different users based on their roles. 
> Right now I can have people log in with different roles assigned, and have 
> their roles assigned to the devices they register, but if I want to include 
> additional device role options in the portal, then all the role options are 
> available to both groups.
> 
> On Tue, Feb 15, 2022 at 8:51 AM Zammit, Ludovic  > wrote:
> Hello Toren,
> 
> You just described what PacketFence does!
> 
> Have a good day,
> 
> Ludovic Zammit
> Product Support Engineer Principal
> 
> Cell: +1.613.670.8432
> Akamai Technologies - Inverse
> 145 Broadway
> Cambridge, MA 02142
> Connect with Us:     
>   
> 
>   
> 
>   
> 
>   
> 
> 
>> On Feb 14, 2022, at 8:49 PM, Toren Smith via PacketFence-users 
>> > > wrote:
>> 
>> I'm not sure what the right approach is for this, or how much of this
>> PacketFence can do. I'm not planning on using PF as a captive portal,
>> I just want to use it for the self-service device registration page
>> for MAB on wired and wireless connections. Ideally what I wanted was a
>> system where our faculty or students could sign in to the portal and
>> register their devices and select from a couple of different roles for
>> each device. I can authenticate the accounts via AD or LDAP just fine,
>> and I can assign roles to the users based on LDAP attributes. If I
>> don't specify a list of roles for the Self-Service Portal, it'll
>> assign the student/faculty role to the device when it's registered,
>> but if I put in a list of roles they can choose from, then *all* users
>> can choose from any of those, regardless of the user's role.
>> 
>> So what I want is for students to sign into the Portal and get the
>> option of registering their devices in role A or role B, while faculty
>> signing in get to choose between roles C or D. But right now if I
>> leave the list blank, neither of them gets to choose a role for their
>> devices, and if I put the list of these in, they can all chose from A,
>> B, C, or D.
>> 
>> I'd be fine with having two separate portal pages for the two groups,
>> but I don't see an obvious way of doing that. I've read through all
>> the documentation, but it didn't seem to cover these cases.
>> 
>> Does anybody know the answer? Thanks.
>> 
>> 
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net 
>> 
>> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!Eua_TojEQgaB0C1AAuzS8_JAR34YmJQ56SbFoc9_7jWdbUIjCvrnhWQP7wjjLfAA$
>>  
>> 
>>  
> 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Multiple Roles with Self-Reg Portal(s)?

[Zammit, Ludovic via PacketFence-users]

The self registration portal are per Connection Profile basis.

As long you have a different URI to reach it or source you should be able to 
display different one. 

The default URI are https://pf.domain.com/status  
and https://pf.domain.com/device-registration 
 

It’s a known issue that we do have problems displaying multiple ones. It needs 
to be tested in your case.

Thanks,

Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:   
    
  
  


> On Feb 15, 2022, at 9:31 AM, Toren Smith via PacketFence-users 
>  wrote:
> 
> Does the portal module customization affect the self-registration
> portal? The documentation only talks about using it for the captive
> portal, which I'm not using.
> 
> Is it possible to just have two separate self-registration portals?
> I'm fine with people having to go to separate URLs to register things.
> 
> On Tue, Feb 15, 2022 at 8:48 AM Diego Garcia del Rio  > wrote:
>> 
>> you could create two authentication sources (both pointing to the same 
>> LDAP), one which filters faculty and another students.(you would have to 
>> play with the LDAP filters so that the user is not even found if it you 
>> search for faculty using the student's authentication source)
>> and then you could present two different "login options" -> faculty login 
>> (which only uses the faculty LDAP as authentication source) and student 
>> login(which only uses the student LDAP as auth source), each which leads to 
>> the the two different "select-role" portal modules, one tuned for faculty 
>> and the other for staff
>> 
>> it its only 2 "paths" then its probably ok... otherwise, it could become a 
>> bit un-manageable
>> 
>> 
>> On Tue, Feb 15, 2022 at 8:03 AM Toren Smith via PacketFence-users 
>>  wrote:
>>> 
>>> I'm not sure what the right approach is for this, or how much of this
>>> PacketFence can do. I'm not planning on using PF as a captive portal,
>>> I just want to use it for the self-service device registration page
>>> for MAB on wired and wireless connections. Ideally what I wanted was a
>>> system where our faculty or students could sign in to the portal and
>>> register their devices and select from a couple of different roles for
>>> each device. I can authenticate the accounts via AD or LDAP just fine,
>>> and I can assign roles to the users based on LDAP attributes. If I
>>> don't specify a list of roles for the Self-Service Portal, it'll
>>> assign the student/faculty role to the device when it's registered,
>>> but if I put in a list of roles they can choose from, then *all* users
>>> can choose from any of those, regardless of the user's role.
>>> 
>>> So what I want is for students to sign into the Portal and get the
>>> option of registering their devices in role A or role B, while faculty
>>> signing in get to choose between roles C or D. But right now if I
>>> leave the list blank, neither of them gets to choose a role for their
>>> devices, and if I put the list of these in, they can all chose from A,
>>> B, C, or D.
>>> 
>>> I'd be fine with having two separate portal pages for the two groups,
>>> but I don't see an obvious way of doing that. I've read through all
>>> the documentation, but it didn't seem to cover these cases.
>>> 
>>> Does anybody know the answer? Thanks.
>>> 
>>> 
>>> ___
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!EJK5_O3kHtaYO-iN3tqu6GQbMaWfFePEGrxSAoKKeJRfjsoRJFzBZ53_JcpHSMIC$
>>>  
>>> 
>>>  
> 
> 
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net 
> 
> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!EJK5_O3kHtaYO-iN3tqu6GQbMaWfFePEGrxSAoKKeJRfjsoRJFzBZ53_JcpHSMIC$
>  
> 


smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Multiple Roles with Self-Reg Portal(s)?

[Toren Smith via PacketFence-users]

I know this is the general sort of thing that PacketFence is designed for,
which is why I'm working with it. My question is whether I can have two
separate self-registration portals for separate groups, or if I can present
different lists of device roles to different users based on their roles.
Right now I can have people log in with different roles assigned, and have
their roles assigned to the devices they register, but if I want to include
additional device role options in the portal, then all the role options are
available to both groups.

On Tue, Feb 15, 2022 at 8:51 AM Zammit, Ludovic  wrote:

> Hello Toren,
>
> You just described what PacketFence does!
>
> Have a good day,
>
> *Ludovic Zammit*
> *Product Support Engineer Principal*
> *Cell:* +1.613.670.8432
> Akamai Technologies - Inverse
> 145 Broadway
> Cambridge, MA 02142
> Connect with Us:  
>  
> 
> 
>
> On Feb 14, 2022, at 8:49 PM, Toren Smith via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
> I'm not sure what the right approach is for this, or how much of this
> PacketFence can do. I'm not planning on using PF as a captive portal,
> I just want to use it for the self-service device registration page
> for MAB on wired and wireless connections. Ideally what I wanted was a
> system where our faculty or students could sign in to the portal and
> register their devices and select from a couple of different roles for
> each device. I can authenticate the accounts via AD or LDAP just fine,
> and I can assign roles to the users based on LDAP attributes. If I
> don't specify a list of roles for the Self-Service Portal, it'll
> assign the student/faculty role to the device when it's registered,
> but if I put in a list of roles they can choose from, then *all* users
> can choose from any of those, regardless of the user's role.
>
> So what I want is for students to sign into the Portal and get the
> option of registering their devices in role A or role B, while faculty
> signing in get to choose between roles C or D. But right now if I
> leave the list blank, neither of them gets to choose a role for their
> devices, and if I put the list of these in, they can all chose from A,
> B, C, or D.
>
> I'd be fine with having two separate portal pages for the two groups,
> but I don't see an obvious way of doing that. I've read through all
> the documentation, but it didn't seem to cover these cases.
>
> Does anybody know the answer? Thanks.
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
>
> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!Eua_TojEQgaB0C1AAuzS8_JAR34YmJQ56SbFoc9_7jWdbUIjCvrnhWQP7wjjLfAA$
>
>
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Multiple Roles with Self-Reg Portal(s)?

[Toren Smith via PacketFence-users]

Does the portal module customization affect the self-registration
portal? The documentation only talks about using it for the captive
portal, which I'm not using.

Is it possible to just have two separate self-registration portals?
I'm fine with people having to go to separate URLs to register things.

On Tue, Feb 15, 2022 at 8:48 AM Diego Garcia del Rio  wrote:
>
> you could create two authentication sources (both pointing to the same LDAP), 
> one which filters faculty and another students.(you would have to play with 
> the LDAP filters so that the user is not even found if it you search for 
> faculty using the student's authentication source)
> and then you could present two different "login options" -> faculty login 
> (which only uses the faculty LDAP as authentication source) and student 
> login(which only uses the student LDAP as auth source), each which leads to 
> the the two different "select-role" portal modules, one tuned for faculty and 
> the other for staff
>
> it its only 2 "paths" then its probably ok... otherwise, it could become a 
> bit un-manageable
>
>
> On Tue, Feb 15, 2022 at 8:03 AM Toren Smith via PacketFence-users 
>  wrote:
>>
>> I'm not sure what the right approach is for this, or how much of this
>> PacketFence can do. I'm not planning on using PF as a captive portal,
>> I just want to use it for the self-service device registration page
>> for MAB on wired and wireless connections. Ideally what I wanted was a
>> system where our faculty or students could sign in to the portal and
>> register their devices and select from a couple of different roles for
>> each device. I can authenticate the accounts via AD or LDAP just fine,
>> and I can assign roles to the users based on LDAP attributes. If I
>> don't specify a list of roles for the Self-Service Portal, it'll
>> assign the student/faculty role to the device when it's registered,
>> but if I put in a list of roles they can choose from, then *all* users
>> can choose from any of those, regardless of the user's role.
>>
>> So what I want is for students to sign into the Portal and get the
>> option of registering their devices in role A or role B, while faculty
>> signing in get to choose between roles C or D. But right now if I
>> leave the list blank, neither of them gets to choose a role for their
>> devices, and if I put the list of these in, they can all chose from A,
>> B, C, or D.
>>
>> I'd be fine with having two separate portal pages for the two groups,
>> but I don't see an obvious way of doing that. I've read through all
>> the documentation, but it didn't seem to cover these cases.
>>
>> Does anybody know the answer? Thanks.
>>
>>
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Multiple Roles with Self-Reg Portal(s)?

[Zammit, Ludovic via PacketFence-users]

Hello Toren,

You just described what PacketFence does!

Have a good day,

Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:   
    
  
  


> On Feb 14, 2022, at 8:49 PM, Toren Smith via PacketFence-users 
>  wrote:
> 
> I'm not sure what the right approach is for this, or how much of this
> PacketFence can do. I'm not planning on using PF as a captive portal,
> I just want to use it for the self-service device registration page
> for MAB on wired and wireless connections. Ideally what I wanted was a
> system where our faculty or students could sign in to the portal and
> register their devices and select from a couple of different roles for
> each device. I can authenticate the accounts via AD or LDAP just fine,
> and I can assign roles to the users based on LDAP attributes. If I
> don't specify a list of roles for the Self-Service Portal, it'll
> assign the student/faculty role to the device when it's registered,
> but if I put in a list of roles they can choose from, then *all* users
> can choose from any of those, regardless of the user's role.
> 
> So what I want is for students to sign into the Portal and get the
> option of registering their devices in role A or role B, while faculty
> signing in get to choose between roles C or D. But right now if I
> leave the list blank, neither of them gets to choose a role for their
> devices, and if I put the list of these in, they can all chose from A,
> B, C, or D.
> 
> I'd be fine with having two separate portal pages for the two groups,
> but I don't see an obvious way of doing that. I've read through all
> the documentation, but it didn't seem to cover these cases.
> 
> Does anybody know the answer? Thanks.
> 
> 
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!Eua_TojEQgaB0C1AAuzS8_JAR34YmJQ56SbFoc9_7jWdbUIjCvrnhWQP7wjjLfAA$
>  



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Multiple Roles with Self-Reg Portal(s)?

[Diego Garcia del Rio via PacketFence-users]

you could create two authentication sources (both pointing to the same
LDAP), one which filters faculty and another students.(you would have to
play with the LDAP filters so that the user is not even found if it you
search for faculty using the student's authentication source)
and then you could present two different "login options" -> faculty login
(which only uses the faculty LDAP as authentication source) and student
login(which only uses the student LDAP as auth source), each which leads to
the the two different "select-role" portal modules, one tuned for faculty
and the other for staff

it its only 2 "paths" then its probably ok... otherwise, it could become a
bit un-manageable


On Tue, Feb 15, 2022 at 8:03 AM Toren Smith via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> I'm not sure what the right approach is for this, or how much of this
> PacketFence can do. I'm not planning on using PF as a captive portal,
> I just want to use it for the self-service device registration page
> for MAB on wired and wireless connections. Ideally what I wanted was a
> system where our faculty or students could sign in to the portal and
> register their devices and select from a couple of different roles for
> each device. I can authenticate the accounts via AD or LDAP just fine,
> and I can assign roles to the users based on LDAP attributes. If I
> don't specify a list of roles for the Self-Service Portal, it'll
> assign the student/faculty role to the device when it's registered,
> but if I put in a list of roles they can choose from, then *all* users
> can choose from any of those, regardless of the user's role.
>
> So what I want is for students to sign into the Portal and get the
> option of registering their devices in role A or role B, while faculty
> signing in get to choose between roles C or D. But right now if I
> leave the list blank, neither of them gets to choose a role for their
> devices, and if I put the list of these in, they can all chose from A,
> B, C, or D.
>
> I'd be fine with having two separate portal pages for the two groups,
> but I don't see an obvious way of doing that. I've read through all
> the documentation, but it didn't seem to cover these cases.
>
> Does anybody know the answer? Thanks.
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users