Manualshelf

Developers guide

ManualsBrandsRed Hat ManualsComputer equipmentNETWORK 4.1.0 -
11121314151617181920
Chapter 5
Copyright © 2008-2013 Inverse inc.
Configuration 15
The other files in this directory are managed by PacketFence using templates, so it is easy to modify
these files based on your configuration. SSL is enabled by default to secure access.
Upon PacketFence installation, self-signed certificates will be created in /usr/local/pf/conf/ssl
(server.key and server.crt). Those certificates can be replaced anytime by your 3rd-party or existing
wildcard certificate without problems. Please note that the CN (Common Name) needs to be the same as
the one defined in the PacketFence configuration file (pf.conf).
Captive Portal
Important parameters to configure regarding the captive portal are the following:
Redirect URL under Configuration � Trappings
For some browsers, is it preferable to redirect the user to a specific URL instead of the URL the user
originally intended to visit. For these browsers, the URL defined in redirecturl will be the one where
the user will be redirected. Affected browsers are Firefox 3 and later.
IP under Configuration � Captive portal
This IP is used as the web server who hosts the common/network-access-detection.gif which is
used to detect if network access was enabled. It cannot be a domain name since it is used in registration
or quarantine where DNS is black-holed. It is recommended that you allow your users to reach your
PacketFence server and put your LAN’s PacketFence IP. By default we will make this reach PacketFence’s
website as an easier and more accessible solution.
SELinux
Even if this feature may be wanted by some organizations, PacketFence will not run properly if SELinux
is set to enforced. You will need to explicitly disable it in the /etc/selinux/config file.
Roles Management
Roles in PacketFence can be created from PacketFence administrative GUI - from the Configuration
Users Roles section. From this interface, you can also limit the number of devices users belonging
to certain roles can register.
Roles are dynamically computed by PacketFence, based on the rules (ie., a set of conditions and actions)
from authentication sources, using a first-match wins algorithm. Roles are then matched to VLAN or
internal roles on equipment from the Configuration � Network � Switches module.