Net::NetReg::Variables - provides global settings for NetReg registration system
use Net::NetReg::Variables;
This module acts as a deployment descriptor for NetReg. All customized settings and variables are stored here.
Some settings require IP addresses or fully-qualified domain names. Many settings are either 0 (off) or 1 (on). Sample values are provided.
Hash with various organization-specific strings.
name Name of the organization. helpdesk Name of the help desk. Likely possibilities are things like ``Help Desk'' or ``Support Center''. helpcontact Help desk organization's phone number. copyright Text that is printed as a copyright notice at the bottom of each page. The recommended format is ``Copyright © DATE ORGANIZATION'' where DATE is the year Netreg was installed, and ORGANIZATION is the official name of your organization.
The keys of this hash are the names of different classes of NetReg users. Values pointed to by the keys are text to be printed in the sidebar. This should be information that might assist users who have difficulty registering their computer.
Determines which authentication method should be used by users during the registraion process. Possible methods include FTP, POP, IMAP, LDAP or RADIUS.
Turn on if you want all usernames to be sent as lowercase. Since the display of some information is sorted by usernames in the admin CGI script, ensuring uniformity, when possible, assures correctly displayed information.
The IP address of the POP server to be used for authentication. Only needs to be specified if POP is the selected AUTH_METHOD. The the Mail::POP3Client manpage module is used for actual authentication of user credentials.
The IP address of the FTP server to be used for authentication. Only needs to be specified if FTP is the selected AUTH_METHOD. The the Net::FTP manpage module is used for actual authentication of user credentials.
The IP address of the IMAP server to be used for authentication. Only needs to be specified if IMAP is the selected AUTH_METHOD. The the Net::IMAP::Simple manpage module is used for actual authentication of user credentials.
Hash that contains LDAP settings. Keys are as follows:
A list of all LDAP servers to be used for authentication. Only needs to be specificed if LDAP is the selected AUTH_METHOD. The the Net::LDAP manpage module is used for actual authentication of user credentials. Specify each server in standard URI format (protocol://host:port). The protocol is optional if it is plain ldap (and not ldaps). The port is optional if it is standard. A random server from the list will be tried first. If no response is received within LDAP{timeout} seconds, a random server from the remaining servers in the list will be chosen until no more servers remain to be tried. This results is some failover capabilities as well as crude load-balancing.
How many seconds to wait to failover to next server following a connection failure.
Set if you wish to use Microsoft's Active Directory Server as your authentication source
ADS can authenticate using user@domain form. This is what is used, rather than the normal two-step process for LDAP: search for the entry matching the LDAP{auth_attr} and the supplied username, then bind against the directory using the DN of that entry and the supplied password. Instead, with ADS, the domain is appended to the username and we bind directly using the supplied password
The searchbase where the DNs of registering users can be found in the LDAP DIT. This can be used to restrict which users can register. If you are using ADS (Microsoft's Active Directory Server), this is not referenced.
This specifies which attribute in the user's entry matches their
username. Typically this will be uid, or perhaps cn.
DN of user to bind as for searches. Leave either this or LDAP{bindpw} blank for anonymous bind. Non-anonymous bind should only be needed if you do not allow public access to your LDAP.
One example case of when anonymous bind might not work is if you have a protected branch of your DIT for students who exercised their FERPA rights. Then you might need to specify credentials for searching that would include access to that branch.
Password for non-anonymous binding, if needed. Leave blank for anonyous bind. This should only be needed if you do not allow public access to your LDAP directory.
Set if your LDAP server uses pass-through authentication, *and*
you need to re-map part(s) of the DIT. For example, the DIT
may not match the authentication server's DIT; this allows
re-writing of the dn to match.
Pairs of elements: lefthand side is what you expect to see returned in the search, and the righthand side is what it should be re-mapped to to match the authenticating server.
Hash containing RADIUS configuration data.
List of all RADIUS servers as a comma-separated list of quoted strings If special ports are needed, use a.b.c.d:port to override the default port. As with LDAP servers, selection is randomized, with failover after RADIUS{timeout} seconds, again providing a failover mechanism and crude load-balancing.
The shared secret for the RADIUS server.
How long to wait to failover to next server after a connection failure
A flag to turn on Nessus scanning capabilities
Hash to contain Nessus configuration data. Keys are as follows:
The username to be used when binding to the Nessus scanner
The password to be used when binding to the Nessus scanner
The IP address or FQDN of the Nessus host
The port the Nessus scanner is listening on for connections; by default this is TCP port 1214.
A flag indicating whether or not a secure connection to the Nessus host should be used.
A semicolon-separated list of plugins to use for host attacks.
A flag to enable guest access.
Hash that describes settings for guest access.
Maximum number of registrations per user. Zero is unlimited.
The subnet from which manual registration are allowed in the admin CGI script. The admin CGI script should be protected through some mechanism anyway, but this provides an extra layer of defense. The subnet is specified in CIDR notation. A single host would be indicated by using a /32 mask.
Maximum length of usernames for the manual registration form. Malicious long strings could have unexpected side-effects if allowed into your DHCP configuration.
The path from the web server root to the graphics directory for NetReg image files.
The full path to the DHCP leases file. The user running the web server must have read access to this file.
The name of the file used to store host registrations. This should point to the file that will be included into the actual dhcpd.conf file, NOT the dhcpd.conf file itself. The default value is dhcpd.netreg. A second file, DHCPDCONF.new is used for writing host registrations. The web server user requires write access to this file. Note, if you change the default name of this file, you will also need to edit the refresh-dhcpdconf shell script delivered with NetReg to reflect this.
The name of dhcpd's PID file.
The complete file system path for the file to which errors during host registrations are written.
The complete file system path for the file holding network configuration information about how and where NetReg is to be used. See the NetReg::Subnet manpage for more information.
The complete file system path for the list of MACs and IDs that are not allowed to register.
The complete file system path for the list of username-password pairs that will be allowed to register regardless of being in the normal authentication system.
This value is only of importance if you employ DDNS. Turn off (0) to use the host-supplied hostname to update A and PTR records. Turn on (1) to use the derived hostname in the DHCPDCONF host declaration as the hostname in DDNS updates, e.g. username-N.
The URL of your online directory application. Usernames displayed in the admin CGI script will have a link to open a new window and lookup the user's directory information. Set to the empty string if you do not have an online directory application. Remember to URL-encode special characters. Leave \<USERNAME\> where the username should be substituted into the URL.
The filename of your organization's logo image. This file must be located in the $GFX directory.
The filename of your IT department's logo image. This file must be located in the $GFX directory.
This is the IP address of the host using the registration CGI script.
How to reference the currently-running script; either a URL or path.