Menu
▾
▴
Re: [PacketFence-users] Delete account when the access duration of its first registred node is expired?
|
From: Florian M. <f.m...@te...> - 2013-07-24 12:17:15
|
Hi Arthur, thanks for your help, > We have developed an interesting guest policy that you might > wish to consider using. When someone registers for guest > access, they can only register one device per limit setting > in PF. When their guest access expires, we trigger a > violation on the device that expires in 30 days and throws > them into quarantine. The result is that the device can only > be used on our guest network once every 30 days. This > prevents "permanent" repeating guests, which I suspect is > your goal. It took only a few lines of additional code in PF > 3.6.1 to make this work... Though there's the problem, if the guest connects again within the 30 days, we have to move the node manually. So I finally did a different approach. It's really ugly, but it works so far ;) I edited the "getNormalVlan()"-subroutine in lib/pf/vlan/custom.pm. First i copied the whole routine from lib/pf/vlan.pm, so the functionality doesn't change Then I added a bunch of code: - If the username begins with "guest_" -> Read out the users access duration from the pf-database -> Set the expiration date of the user to now() + access duration Also i set max_nodes to 1. So in the end the guest account expires, when the node expires. Complete custom.pm is attached. If somebody knows a better solution or has improvements for the script just let me know :) Regards, Florian |
