PacketFence - BTS - PacketFence
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0001002PacketFenceconfigurationpublic2010-06-02 05:292012-02-29 10:46
Reporterobilodeau 
Assigned Toobilodeau 
PrioritynormalSeverityfeatureReproducibilityN/A
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target Version2.0.0Fixed in Version2.0.0 
fixed in git revision
fixed in mtn revisiona21987b3117a37f92a8c52d03802844bdfd9d268
Summary0001002: Optional auto-registration of authenticated devices
DescriptionSomething that is interesting in a 802.1x environment is that since the devices are already authenticated against a trusted source (AD), we can auto-register them as soon as they connect.

However, some things needs to be changed to support that.

- add $user_name to the call on locationlog_synchronize()
- add $username in the pf::vlan::update_node_if_not_accurate() call and alter its logic
- add $username to the pf::vlan::getNodeUpdatedInfo() and update pid if it changed
- provide a way to opt-in or opt-out of this behavior (config parameter? or a method that that needs to be override in vlan/custom.pm)
- node_modify() needs to insert pid if it doesn't already exist
- add a 'dot1x_username' field in locationlog to represent user logged at that time, modify locationlog_sync..() to keep it current

I want to talk to the guys about how to opt-in, opt-out of this behavior but I think it's the way to go. Maybe a new [802.1x] section under conf/pf.conf?
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
parent of 0001034closed obilodeau Our freeradius module is not aware of EAP's success or failure 
parent of 0001000closed obilodeau add 802.1x $user_name to the method signature of pf::vlan::getNodeInfoForAutoReg 
has duplicate 0001015closed obilodeau automatically update pid of a MAC based on 802.1X username 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2010-06-02 05:29obilodeauNew Issue
2010-06-02 05:29obilodeauStatusnew => assigned
2010-06-02 05:29obilodeauAssigned To => obilodeau
2010-06-09 05:26obilodeauRelationship addedhas duplicate 0001015
2010-07-21 13:36obilodeauRelationship addedparent of 0001034
2010-07-21 13:37obilodeauNote Added: 0001607
2010-07-21 14:27obilodeauRelationship addedparent of 0001000
2010-10-01 16:25obilodeauNote Added: 0001707
2010-10-01 17:44obilodeauNote Added: 0001709
2010-10-01 18:07obilodeaumtn revision => a21987b3117a37f92a8c52d03802844bdfd9d268
2010-10-01 18:07obilodeauNote Added: 0001710
2010-10-01 18:07obilodeauStatusassigned => resolved
2010-10-01 18:07obilodeauFixed in Version => trunk
2010-10-01 18:07obilodeauResolutionopen => fixed
2010-11-19 14:25obilodeauTarget Version1.10.0 => 2.0.0
2010-12-15 11:37obilodeauFixed in Versiontrunk => 2.0.0
2011-01-26 15:42obilodeauStatusresolved => closed
2012-02-29 10:46obilodeauCategoryfeature => configuration

Notes
(0001607)
obilodeau   
2010-07-21 13:37   
0001034 needs to be fixed before this can be reliably solved.
(0001707)
obilodeau   
2010-10-01 16:25   
What we are going for now is that locationlog's dot1x_username will always have the latest successfully registered 802.1X username and pid will be the user who registered the node in the first place.

locationlog's dot1x_username will be exposed to in the node view as last_dot1x_username.
(0001709)
obilodeau   
2010-10-01 17:44   
Partially fixed by: 5550de5cc36563f74d8d6f4612d09d1905977e58

dot1x_username is now available in locationlog and exposed through node views as last_dot1x_username.

regarding the tasks:
locationlog_synchronize can handle it, pf::vlan's update node, etc. were deprecated by yesterday's refactoring commit, no default behavior change needed as the username is provided in an additional field instead of overwriting pid.
(0001710)
obilodeau   
2010-10-01 18:07   
Optional auto-registration with username accountability is now possible!