PacketFence
Bug Tracking System

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001002PacketFenceconfigurationpublic2010-06-02 05:292012-02-29 10:46
Reporterobilodeau 
Assigned Toobilodeau 
PrioritynormalSeverityfeatureReproducibilityN/A
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target Version2.0.0Fixed in Version2.0.0 
Summary0001002: Optional auto-registration of authenticated devices
DescriptionSomething that is interesting in a 802.1x environment is that since the devices are already authenticated against a trusted source (AD), we can auto-register them as soon as they connect.

However, some things needs to be changed to support that.

- add $user_name to the call on locationlog_synchronize()
- add $username in the pf::vlan::update_node_if_not_accurate() call and alter its logic
- add $username to the pf::vlan::getNodeUpdatedInfo() and update pid if it changed
- provide a way to opt-in or opt-out of this behavior (config parameter? or a method that that needs to be override in vlan/custom.pm)
- node_modify() needs to insert pid if it doesn't already exist
- add a 'dot1x_username' field in locationlog to represent user logged at that time, modify locationlog_sync..() to keep it current

I want to talk to the guys about how to opt-in, opt-out of this behavior but I think it's the way to go. Maybe a new [802.1x] section under conf/pf.conf?
TagsNo tags attached.
fixed in git revision
fixed in mtn revisiona21987b3117a37f92a8c52d03802844bdfd9d268
Attached Files

- Relationships
parent of 0001034closedobilodeau Our freeradius module is not aware of EAP's success or failure 
parent of 0001000closedobilodeau add 802.1x $user_name to the method signature of pf::vlan::getNodeInfoForAutoReg 
has duplicate 0001015closedobilodeau automatically update pid of a MAC based on 802.1X username 

-  Notes
(0001607)
obilodeau (reporter)
2010-07-21 13:37

0001034 needs to be fixed before this can be reliably solved.
(0001707)
obilodeau (reporter)
2010-10-01 16:25

What we are going for now is that locationlog's dot1x_username will always have the latest successfully registered 802.1X username and pid will be the user who registered the node in the first place.

locationlog's dot1x_username will be exposed to in the node view as last_dot1x_username.
(0001709)
obilodeau (reporter)
2010-10-01 17:44

Partially fixed by: 5550de5cc36563f74d8d6f4612d09d1905977e58

dot1x_username is now available in locationlog and exposed through node views as last_dot1x_username.

regarding the tasks:
locationlog_synchronize can handle it, pf::vlan's update node, etc. were deprecated by yesterday's refactoring commit, no default behavior change needed as the username is provided in an additional field instead of overwriting pid.
(0001710)
obilodeau (reporter)
2010-10-01 18:07

Optional auto-registration with username accountability is now possible!

- Issue History
Date Modified Username Field Change
2010-06-02 05:29 obilodeau New Issue
2010-06-02 05:29 obilodeau Status new => assigned
2010-06-02 05:29 obilodeau Assigned To => obilodeau
2010-06-09 05:26 obilodeau Relationship added has duplicate 0001015
2010-07-21 13:36 obilodeau Relationship added parent of 0001034
2010-07-21 13:37 obilodeau Note Added: 0001607
2010-07-21 14:27 obilodeau Relationship added parent of 0001000
2010-10-01 16:25 obilodeau Note Added: 0001707
2010-10-01 17:44 obilodeau Note Added: 0001709
2010-10-01 18:07 obilodeau mtn revision => a21987b3117a37f92a8c52d03802844bdfd9d268
2010-10-01 18:07 obilodeau Note Added: 0001710
2010-10-01 18:07 obilodeau Status assigned => resolved
2010-10-01 18:07 obilodeau Fixed in Version => trunk
2010-10-01 18:07 obilodeau Resolution open => fixed
2010-11-19 14:25 obilodeau Target Version 1.10.0 => 2.0.0
2010-12-15 11:37 obilodeau Fixed in Version trunk => 2.0.0
2011-01-26 15:42 obilodeau Status resolved => closed
2012-02-29 10:46 obilodeau Category feature => configuration


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker