Hi Team, Any input on this? We really would like to get this to work.
Thank you! Jorge > On Feb 2, 2022, at 7:48 PM, Jorge Nolla <[email protected]> wrote: > > Hi Fabrice, > > This is the sequence: > > Feb 2 14:51:32 wifi haproxy[2427]: 10.9.79.52:61132 > [02/Feb/2022:14:51:32.663] portal-http-10.0.255.99 > 10.0.255.99-backend/127.0.0.1 0/0/0/201/201 200 7146 - - ---- 3/1/0/0/0 0/0 > {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET /access?lang= HTTP/1.1" > Feb 2 14:51:37 wifi haproxy[2427]: 10.9.79.52:61133 > [02/Feb/2022:14:51:37.905] portal-http-10.0.255.99 static/127.0.0.1 0/0/0/2/2 > 200 228 - - ---- 4/2/0/0/0 0/0 {10.0.255.99} "GET > /common/network-access-detection.gif?r=1643838705224 HTTP/1.1" > Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61130 > [02/Feb/2022:14:51:43.927] portal-https-10.0.255.99~ > 10.0.255.99-backend/127.0.0.1 0/0/0/122/122 302 1018 - - ---- 4/1/0/0/0 0/0 > {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET > /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin > HTTP/1.1" > Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61132 > [02/Feb/2022:14:51:44.060] portal-http-10.0.255.99 > 10.0.255.99-backend/127.0.0.1 0/0/0/129/129 200 7146 - - ---- 4/2/0/0/0 0/0 > {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET /access?lang= HTTP/1.1" > Feb 2 14:51:49 wifi haproxy[2427]: 10.9.79.52:61133 > [02/Feb/2022:14:51:49.219] portal-http-10.0.255.99 static/127.0.0.1 0/0/0/1/1 > 200 228 - - ---- 4/2/0/0/0 0/0 {10.0.255.99} "GET > /common/network-access-detection.gif?r=1643838716546 HTTP/1.1" > Feb 2 14:51:55 wifi haproxy[2427]: 10.9.79.52:61130 > [02/Feb/2022:14:51:55.287] portal-https-10.0.255.99~ > 10.0.255.99-backend/127.0.0.1 0/0/0/136/136 302 1018 - - ---- 4/1/0/0/0 0/0 > {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET > /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin > HTTP/1.1” > > > >> On Feb 2, 2022, at 7:12 PM, Fabrice Durand <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hello Jorge, >> >> i will have a look closer. >> But i have a question, when the device is forwarded to the captive portal, >> (just before >> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >> >> <https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin>) >> , what is the url ? >> You should be able to see it in the haproxy-portal.log file. >> >> Regards >> Fabrice >> >> Le mer. 2 févr. 2022 à 10:18, Jorge Nolla <[email protected] >> <mailto:[email protected]>> a écrit : >> Hi Fabrice, >> >> >> We almost have the configuration working, but are not sure how to get the >> redirect to the client to work correctly. Attached is the documentation for >> Cisco ISE which we used for PacketFence as well. >> >> Portal.fispy.mx <http://portal.fispy.mx/> is the Huawei AC. >> >> This is the format the client should get from PacketFence. This is the only >> piece we are missing for this to work. >> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)> >> >> >> If we manually click on the link above, then the flow of traffic works >> correctly CLIENT > AC > RADIUS (PacketFence), and authentication works. The >> problem is that when the user logs in to the portal the redirect is broken. >> The parameter for the redirect that PacketFence is serving, comes from a >> configuration parameter within the AC. This configuration works fine for >> Cisco ISE, but the URL format is not working for PacketFence. >> >> >> When we configure the redirect this is what the client is getting from >> PacketFence >> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >> >> <https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin> >> >> >> url-template name PacketFence >> url https://wifi.fispy.mx/captive-portal >> <https://wifi.fispy.mx/captive-portal> >> url-parameter login-url switch_url https://portal.fispy.mx:8443/login >> <https://portal.fispy.mx:8443/login> <<< THIS IS THE PARAMETER FOR THE >> REDIRECT TO PACKETFENCE >> >> >> >> AC CONFIG >> >> authentication-profile name PacketFence >> portal-access-profile PacketFence >> free-rule-template default_free_rule >> authentication-scheme PacketFence >> accounting-scheme PacketFence >> radius-server PacketFence >> force-push url https://www.fispy.mx <https://www.fispy.mx/> >> >> radius-server template PacketFence >> radius-server shared-key cipher >> %^%#*)l=:1.X-Yd$\<~orEF@]<}NMejv3)E^\6;7:NUY%^%# >> radius-server authentication 10.0.255.99 1812 source ip-address 10.7.255.2 >> weight 90 >> radius-server accounting 10.0.255.99 1813 source ip-address 10.7.255.2 >> weight 80 >> undo radius-server user-name domain-included >> calling-station-id mac-format unformatted >> called-station-id wlan-user-format ac-mac >> radius-server attribute translate >> radius-attribute disable HW-NAS-Startup-Time-Stamp send >> radius-attribute disable HW-IP-Host-Address send >> radius-attribute disable HW-Connect-ID send >> radius-attribute disable HW-Version send >> radius-attribute disable HW-Product-ID send >> radius-attribute disable HW-Domain-Name send >> radius-attribute disable HW-User-Extend-Info send >> >> url-template name PacketFence >> url https://wifi.fispy.mx/captive-portal >> <https://wifi.fispy.mx/captive-portal> >> url-parameter login-url switch_url https://portal.fispy.mx:8443/login >> <https://portal.fispy.mx:8443/login> <<< THIS IS THE PARAMETER FOR THE >> REDIRECT TO PACKETFENCE >> >> web-auth-server PacketFence >> server-ip 10.0.255.99 >> port 443 >> url-template PacketFence >> protocol http >> http get-method enable >> >> portal-access-profile name PacketFence >> web-auth-server PacketFence direct >> >> >> authentication-scheme PacketFence >> authentication-mode radius >> >> wlan >> security-profile name FISPY-WiFi >> >> vap-profile name FISPY-WiFi >> service-vlan vlan-id 900 >> permit-vlan vlan-id 900 >> ssid-profile FISPY-WiFi >> security-profile FISPY-WiFi >> authentication-profile PacketFence >> sta-network-detect disable >> service-experience-analysis enable >> mdns-snooping enable >> >> >> >> >> ###CISCO ISE CONFIG TO COMPARE### >> >> url-template name CISCO-ISE >> url >> https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02 >> >> <https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02> >> parameter start-mark # >> url-parameter login-url switch_url https://portal.fispy.mx:8443/login >> <https://portal.fispy.mx:8443/login> >> >> #################################### >> >> >> >> >> >> >>> On Feb 2, 2022, at 6:17 AM, Fabrice Durand <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Hello Jorge, >>> >>> do you have any Huawei documentation to implement that ? >>> >>> Regards >>> Fabrice >>> >>> >>> Le mer. 26 janv. 2022 à 15:59, Jorge Nolla via PacketFence-users >>> <[email protected] >>> <mailto:[email protected]>> a écrit : >>> Hi Team, >>> >>> We were wondering if anyone has had any success in configuring Web Auth for >>> the Huawei AC? It’s somewhat critical for us to get this going. >>> >>> Thank you! >>> Jorge >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> <mailto:[email protected]> >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> >> >> >> >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
