Hi Fabrice,
Even better! 😊
Herewith my minimal modifications, I’ll submit a patch after doing some more
testing but everything looks good so far:
--- Mikrotik.pm.orig 2021-05-08 07:38:14.976719201
+0200
+++ /usr/local/pf/lib/pf/Switch/Mikrotik.pm 2021-05-19 23:05:18.489619568
+0200
@@ -29,6 +29,7 @@
$SSID
$WIRELESS_MAC_AUTH
$WEBAUTH_WIRELESS
+ $WIRELESS
);
sub description { 'Mikrotik' }
@@ -46,6 +47,8 @@
# CAPABILITIES
# access technology supported
use pf::SwitchSupports qw(
+ WiredMacAuth
+ WiredDot1x
WirelessMacAuth
ExternalPortal
WebFormRegistration
@@ -139,7 +142,8 @@
sub deauthTechniques {
my ($self, $method, $connection_type) = @_;
my $logger = $self->logger;
- my $default = $SNMP::SSH;
+ my $default = $SNMP::RADIUS;
my %tech = (
$SNMP::SSH => 'deauthenticateMacSSH',
$SNMP::RADIUS => 'deauthenticateMacRadius',
@@ -257,8 +261,8 @@
Don't forget to fill /usr/share/freeradius/dictionary.mikrotik with the
following attributes:
-ATTRIBUTE Mikrotik-Wireless-VlanID 26 integer
-ATTRIBUTE Mikrotik-Wireless-VlanIDType 27 integer
+ATTRIBUTE Mikrotik-Wireless-VLANID 26 integer
+ATTRIBUTE Mikrotik-Wireless-VLANID-Type 27 integer
=cut
@@ -276,10 +280,18 @@
# Inline Vs. VLAN enforcement
my $role = "";
if ( (!$args->{'wasInline'} || ($args->{'wasInline'} && $args->{'vlan'} !=
0) ) && isenabled($self->{_VlanMap})) {
- $radius_reply_ref = {
- 'Mikrotik-Wireless-VLANID' => $args->{'vlan'} . "",
- 'Mikrotik-Wireless-VLANID-Type' => "0",
- };
+ if (($args->{'connection_type'} & $WIRELESS) == $WIRELESS) {
+ $radius_reply_ref = {
+ 'Mikrotik-Wireless-VLANID' => $args->{'vlan'} . "",
+ 'Mikrotik-Wireless-VLANID-Type' => "0",
+ };
+ } else {
+ $radius_reply_ref = {
+ 'Tunnel-Type' => "13",
+ 'Tunnel-Medium-Type' => "6",
+ 'Tunnel-Private-Group-ID' => $args->{'vlan'} . "",
+ };
+ }
}
$logger->info("(".$self->{'_id'}.") Returning ACCEPT with VLAN
$args->{'vlan'} and role $role");
PS: mac fallback is confirmed to be a problem since 6.48 and should get fixed
in the next stable release…
Regards
David Herselman
From: Fabrice Durand <[email protected]>
Sent: Wednesday, 19 May 2021 3:00 AM
To: David Herselman <[email protected]>
Subject: Re: [PacketFence-users] MikroTik dot1x (Ethernet not WiFi)
Hello David,
what you can do instead of merging wired and wireless attributes is to test the
connection type.
use pf::config qw(
$MAC
$SSID
$WIRELESS_MAC_AUTH
$WEBAUTH_WIRELESS
$WIRELESS
);
....
if (($args->{'connection_type'} & $WIRELESS) == $WIRELESS) {
} else {
}
Regards
Fabrice
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
