Re: [PacketFence-users] AD Users and computer bypass Auth

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Rick,

   I‘m rather new to PacketFence myself, but I had the same issue.  There is the suggestion to use vlan filters, but if you want to bypass the captive portal for all users (well, all that I know of, I don’t know yet if you can not bypass for some users while bypassing for others) you can edit the custom.pm file in pf/lib/pf/vlan/ and uncomment the shouldAutoRegister section.

Robert

From: Rick Chan 益龍 (中光電) [mailto:ric...@co...]
Sent: Monday, July 13, 2015 11:00 PM
To: pac...@li...
Subject: [PacketFence-users] AD Users and computer bypass Auth

HI,
  I followed Administration Guide V5.0 P.23 to setting my lab.

  But when I use Domain computer connet to switch and open browser, it still redirect to captive portal require auth.

  Can somebody helpme how to bypass it ?

pf.conf
[interface eth0.1]
enforcement=vlan
ip=192.168.11.1
type=internal
mask=255.255.255.0

[interface eth0.2]
enforcement=vlan
ip=192.168.12.1
type=internal
mask=255.255.255.0

[interface eth0]
ip=10.2.27.17
type=management
mask=255.255.252.0

Networks.conf
[192.168.11.0]
dns=192.168.11.1
dhcp_start=192.168.11.10
gateway=192.168.11.1
domain-name=vlan-registration.coretronic.com
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=600
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.11.246
type=vlan-registration
netmask=255.255.255.0
dhcp_default_lease_time=300

[192.168.12.0]
dns=192.168.12.1
dhcp_start=192.168.12.10
gateway=192.168.12.1
domain-name=vlan-isolation.coretronic.com
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=600
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.12.246
type=vlan-isolation
netmask=255.255.255.0
dhcp_default_lease_time=300

switches.conf
[default]
description=Switches Default Values
vlans=1,2,3,4,5
normalVlan=1
registrationVlan=2
isolationVlan=3
macDetectionVlan=4
voiceVlan=5
inlineVlan=6
inlineTrigger=
normalRole=normal
registrationRole=registration
isolationRole=isolation
macDetectionRole=macDetection
voiceRole=voice
inlineRole=inline
VoIPEnabled=N
VlanMap=Y
RoleMap=Y
mode=production
macSearchesMaxNb=30
macSearchesSleepInterval=2
uplink=dynamic
#
# Command Line Interface
#
# cliTransport could be: Telnet, SSH or Serial
cliTransport=Telnet
#
# SNMP section
#
# PacketFence -> Switch
SNMPVersion=3
SNMPCommunityRead=public
SNMPCommunityWrite=private
#SNMPEngineID = 0000000000000
SNMPUserNameRead=readUser
SNMPAuthProtocolRead=MD5
SNMPAuthPasswordRead=authpwdread
SNMPPrivProtocolRead=AES
SNMPPrivPasswordRead=privpwdread
SNMPUserNameWrite=writeUser
SNMPAuthProtocolWrite=MD5
SNMPAuthPasswordWrite=authpwdwrite
SNMPPrivProtocolWrite=AES
SNMPPrivPasswordWrite=privpwdwrite
# Switch -> PacketFence
SNMPVersionTrap=3
SNMPUserNameTrap=readUser
SNMPAuthProtocolTrap=MD5
SNMPAuthPasswordTrap=authpwdread
SNMPPrivProtocolTrap=AES
SNMPPrivPasswordTrap=privpwdread
SNMPCommunityTrap=public
AccessListMap=N
type=Cisco::Catalyst_2960

[192.168.0.1]
description=Test Switch
type=Cisco::Catalyst_2900XL
mode=production
uplink=23,24
#SNMPVersion = 3
#SNMPEngineID = 0000000000000
#SNMPUserNameRead = readUser
#SNMPAuthProtocolRead = MD5
#SNMPAuthPasswordRead = authpwdread
#SNMPPrivProtocolRead = DES
#SNMPPrivPasswordRead = privpwdread
#SNMPUserNameWrite = writeUser
#SNMPAuthProtocolWrite = MD5
#SNMPAuthPasswordWrite = authpwdwrite
#SNMPPrivProtocolWrite = DES
#SNMPPrivPasswordWrite = privpwdwrite
#SNMPVersionTrap = 3
#SNMPUserNameTrap = readUser
#SNMPAuthProtocolTrap = MD5
#SNMPAuthPasswordTrap = authpwdread
#SNMPPrivProtocolTrap = DES
#SNMPPrivPasswordTrap = privpwdread

________________________________
This e-mail transmission and its attachment are intended only for the use of the individual or entity to which it is addressed, and may contain information that is privileged, confidential and exempted from disclosure under applicable law. If the reader is not the intended recipient, you are hereby notified that any disclosure, dissemination, distribution or copying of this communication, in part or entirety, is strictly prohibited. If you are not the intended recipient for this confidential e-mail, delete it immediately without keeping or distributing any copy and notify the sender immediately. The hard copies should also be destroyed. Thank you for your cooperation. It is advisable that any unauthorized use of confidential information of this Company is strictly prohibited; and any information in this email that does not relate to the official business of this Company shall be deemed as neither given nor endorsed by this Company.