Menu
▾
▴
Re: [PacketFence-users] Replacing authorized device
|
From: Durand f. <fd...@in...> - 2015-08-05 06:45:04
|
Hello Paul, yes, if the student have 3 live devices then the 4th will just fail to connect. eduPersonPrimaryAffiliation is just an example of an ldap attribute you can use but you can probably use more complexe request http://wiki.freeradius.org/modules/rlm_ldap#LDAP-xlat Regards Fabrice Le 2015-08-03 20:49, Polar Geek a écrit : > > Fabrice, > > Thanks for this, I just want to clarify something. > > If in your example a student has 3 live devices and tries to connect a > 4^th does it just fail to connect? > > Also is the eduPersonPrimaryAffiliation attribute in your example a > container, group or some sort of custom ldap attribute? > > Paul > > *From:*Durand fabrice [mailto:fd...@in...] > *Sent:* August 2, 2015 11:30 AM > *To:* pac...@li... > *Subject:* Re: [PacketFence-users] Replacing authorized device > > Hello Paul, > > What you can probably do is the following: > > In the role section let's use the 10 value for student and teacher > (Only 10 registered devices are allowed per user). > I suppose you are using an Active Directory as authentication source > and you use it to associate the roles. > > So let's have a look first in raddb/modules > edit ldap then add (Feel free to adapt it) : > > ldap ldap_ad_user { > server = "info.acme.ca" > identity = "CN=admin,DC=acme,DC=ca" > password = password > basedn = "DC=info,DC=acme,DC=ca" > filter = "(sAMAccountName=%{User-Name})" > scope = "sub" > base_filter = "(objectclass=user)" > password_attribute = NT-Password > } > > then in packetfence-tunnel (in conf/radiusd/packetfence-tunnel) in > authorize section: > > update request { > Tmp-String-1 := > "%{ldap_ad_user:ldap:///OU=Users,DC=acme,DC=ca > <ldap://OU=Users,DC=acme,DC=ca>? > eduPersonPrimaryAffiliation?sub?sAMAccountName=%{User-Name}}" > } > if (Tmp-String-1 == "student") { > update control { > Simultaneous-Use := 3 > } > } > elsif (Tmp-String-1 == "teacher") { > update control { > Simultaneous-Use := 5 > } > } > # else { > # update control { > # Simultaneous-Use := 0 > # } > # } > > > So with this configuration, only 10 devices are allowed to be > registered per user. > Then if the attribute eduPersonPrimaryAffiliation contain student then > only 3 devices can be connected at the same time and if it contain > teacher then only 5 devices can be connected at the same times. > > This setup is not exactly what you want but it's close. > > Regards > Fabrice > > Le 2015-08-01 01:29, Polar Geek a écrit : > > Hello all, > > While my main issue is being looked into I have an additional > question. > > Basically what I want to know is this. If I have set a user > account to allow only 1 registered device and they want to > register a new/replacement device before the existing registration > expires. How does the end user accomplish this. > > In several other captive portal solutions I have used either as an > admin or end-user, if a user logins into a new device it > automatically disables the existing device. PacketFence instead > seems to just deny the new device with no recourse for a > replacement. Am I missing something like a setting that would > change this behaviour? > > Effectively what I would like is to allow my students and teachers > to use only specific number of non-school provided devices > simultaneously. Students might legitimately need to use a laptop, > tablet or phone on our network at any given time. But I don’t want > all those devices live the moment they enter the school. Just the > one they’re actually using. > > Thanks in advance. > > Paul Taylor > > Luther College High School > > > > > ------------------------------------------------------------------------------ > > > > > _______________________________________________ > > PacketFence-users mailing list > > Pac...@li... <mailto:Pac...@li...> > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > PacketFence-users mailing list > Pac...@li... > https://lists.sourceforge.net/lists/listinfo/packetfence-users |
