Bug Tracking System

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001002PacketFenceconfigurationpublic2010-06-02 05:292012-02-29 10:46
Assigned Toobilodeau 
PlatformOSOS Version
Product Version 
Target Version2.0.0Fixed in Version2.0.0 
Summary0001002: Optional auto-registration of authenticated devices
DescriptionSomething that is interesting in a 802.1x environment is that since the devices are already authenticated against a trusted source (AD), we can auto-register them as soon as they connect.

However, some things needs to be changed to support that.

- add $user_name to the call on locationlog_synchronize()
- add $username in the pf::vlan::update_node_if_not_accurate() call and alter its logic
- add $username to the pf::vlan::getNodeUpdatedInfo() and update pid if it changed
- provide a way to opt-in or opt-out of this behavior (config parameter? or a method that that needs to be override in vlan/
- node_modify() needs to insert pid if it doesn't already exist
- add a 'dot1x_username' field in locationlog to represent user logged at that time, modify locationlog_sync..() to keep it current

I want to talk to the guys about how to opt-in, opt-out of this behavior but I think it's the way to go. Maybe a new [802.1x] section under conf/pf.conf?
TagsNo tags attached.
fixed in git revision
fixed in mtn revisiona21987b3117a37f92a8c52d03802844bdfd9d268
Attached Files

- Relationships
parent of 0001034closedobilodeau Our freeradius module is not aware of EAP's success or failure 
parent of 0001000closedobilodeau add 802.1x $user_name to the method signature of pf::vlan::getNodeInfoForAutoReg 
has duplicate 0001015closedobilodeau automatically update pid of a MAC based on 802.1X username 

-  Notes
obilodeau (reporter)
2010-07-21 13:37

0001034 needs to be fixed before this can be reliably solved.
obilodeau (reporter)
2010-10-01 16:25

What we are going for now is that locationlog's dot1x_username will always have the latest successfully registered 802.1X username and pid will be the user who registered the node in the first place.

locationlog's dot1x_username will be exposed to in the node view as last_dot1x_username.
obilodeau (reporter)
2010-10-01 17:44

Partially fixed by: 5550de5cc36563f74d8d6f4612d09d1905977e58

dot1x_username is now available in locationlog and exposed through node views as last_dot1x_username.

regarding the tasks:
locationlog_synchronize can handle it, pf::vlan's update node, etc. were deprecated by yesterday's refactoring commit, no default behavior change needed as the username is provided in an additional field instead of overwriting pid.
obilodeau (reporter)
2010-10-01 18:07

Optional auto-registration with username accountability is now possible!

- Issue History
Date Modified Username Field Change
2010-06-02 05:29 obilodeau New Issue
2010-06-02 05:29 obilodeau Status new => assigned
2010-06-02 05:29 obilodeau Assigned To => obilodeau
2010-06-09 05:26 obilodeau Relationship added has duplicate 0001015
2010-07-21 13:36 obilodeau Relationship added parent of 0001034
2010-07-21 13:37 obilodeau Note Added: 0001607
2010-07-21 14:27 obilodeau Relationship added parent of 0001000
2010-10-01 16:25 obilodeau Note Added: 0001707
2010-10-01 17:44 obilodeau Note Added: 0001709
2010-10-01 18:07 obilodeau mtn revision => a21987b3117a37f92a8c52d03802844bdfd9d268
2010-10-01 18:07 obilodeau Note Added: 0001710
2010-10-01 18:07 obilodeau Status assigned => resolved
2010-10-01 18:07 obilodeau Fixed in Version => trunk
2010-10-01 18:07 obilodeau Resolution open => fixed
2010-11-19 14:25 obilodeau Target Version 1.10.0 => 2.0.0
2010-12-15 11:37 obilodeau Fixed in Version trunk => 2.0.0
2011-01-26 15:42 obilodeau Status resolved => closed
2012-02-29 10:46 obilodeau Category feature => configuration

Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker