'Re: [PacketFence-users] =?utf-8?q?Administrator_RADIUS_role?='

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       packetfence-users
Subject:    Re: [PacketFence-users] =?utf-8?q?Administrator_RADIUS_role?=
From:       ÐÐ°Ð²ÐµÐ» Ð¡ÐµÐ¼ÐµÐ½Ð¸ÑÐµÐ² via PacketFence-users <pack
Date:       2021-08-20 14:36:35
Message-ID: 1629470195.826870515 () f738 ! i ! mail ! ru
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]

[Attachment #4 (text/plain)]


Hi there
Has anyone configured RBAC for packetfence admins via external RADIUS?
 
 
--
Best Regards,
Pavel
 
  
> Среда, 18 августа 2021, 19:46 +03:00 от Павел Семенищев via PacketFence-users \
> <packetfence-users@lists.sourceforge.net>: 
> Hi there
> 
> I’ve just installed ZEN-v10.3.0
> I am trying to set up web administrators authorization through an external RADIUS \
> server. If I create Authentication Source -> Administration Rules
> without conditions, then the administrator is authorized with the required role
> 
> [NasRadius rule AdminRoleNode]
> action0 = set_access_level = Node Manager
> status = enabled
> match = any
> class = administration
> 
> But I need to assign different roles to different administrators.
> How to add a condition and in which RADIUS attribute should I transfer the role?
> 
> I have tried adding a condition
> 
> [NasRadius rule AdminRoleNode]
> action0 = set_access_level = Node Manager
> condition0 = radius_request.Reply-Message, equals, NodeManager
> status = enabled
> match = any
> class = administration
> 
> External RADIUS returns role in attribute
> 
> Access-Accept (2), id: 0xa5, Authenticator: 63540bff74a2eb318a4ba0b6b8b6c9c6
> Reply-Message Attribute (18), length: 13, Value: NodeManager
> 
> But PF does not authorize the web administrator.
> 
> --
> Kind regards,
> Pavel Semenischev
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
 


[Attachment #5 (text/html)]


<HTML><BODY><div>Hi there</div><div>Has anyone configured RBAC for packetfence admins \
via external RADIUS?</div><div>&nbsp;</div><div>&nbsp;</div><div>--<br>Best \
Regards,</div><div>Pavel</div><div>&nbsp;</div><div>&nbsp;</div><blockquote \
style="border-left:1px solid #0857A6; margin:10px; padding:0 0 0 10px;">Ð¡ÑÐµÐ´Ð°, \
18 Ð°Ð²Ð³ÑÑÑÐ° 2021, 19:46 +03:00 Ð¾Ñ ÐÐ°Ð²ÐµÐ» Ð¡ÐµÐ¼ÐµÐ½Ð¸ÑÐµÐ² via \
PacketFence-users &lt;packetfence-users@lists.sourceforge.net&gt;:<br>&nbsp;<div \
id=""><div class="js-helper js-readmsg-msg"><div><div \
id="style_16293051601615996046_BODY"><div class="cl_497802"><div>Hi \
there</div><div>&nbsp;</div><div>I've just \
installed&nbsp;ZEN-v10.3.0</div><div><div>I am trying to set up web administrators \
authorization through an external RADIUS server.<br>If I create Authentication Source \
-&gt; Administration Rules<br>without conditions, then the administrator is \
authorized with the required role</div><div>&nbsp;</div><div>[NasRadius rule \
AdminRoleNode]<br>action0 = set_access_level = Node Manager<br>status = \
enabled<br>match = any<br>class = administration</div><div>&nbsp;</div><div>But I \
need to assign different roles to different administrators.<br>How to add a condition \
and in which RADIUS attribute should I transfer the \
role?</div><div>&nbsp;</div><div><div>I have tried adding a \
condition</div><div>&nbsp;</div><div>[NasRadius rule AdminRoleNode]<br>action0 = \
set_access_level = Node Manager<br>condition0 = radius_request.Reply-Message, equals, \
NodeManager<br>status = enabled<br>match = any<br>class = \
administration</div><div>&nbsp;</div><div>External RADIUS returns role in \
attribute</div><div>&nbsp;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; Access-Accept (2), \
id: 0xa5, Authenticator: 63540bff74a2eb318a4ba0b6b8b6c9c6<br>&nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; Reply-Message Attribute (18), length: 13, Value: \
NodeManager</div><div>&nbsp;</div><div>But PF does not authorize the web \
administrator.</div></div></div><div>&nbsp;</div><div>--<br>Kind \
regards,</div><div>Pavel \
Semenischev</div></div></div><div>_______________________________________________<br>PacketFence-users \
mailing list<br><a href="/compose?To=PacketFence%2dusers@lists.sourceforge.net">PacketFence-users@lists.sourceforge.net</a><br><a \
href="https://lists.sourceforge.net/lists/listinfo/packetfence-users" \
target="_blank">https://lists.sourceforge.net/lists/listinfo/packetfence-users</a></div></div></div></div></blockquote><div>&nbsp;</div></BODY></HTML>






_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic