Hi Fabrice, In our configuration the user should be able to only login via 1 device at a time, but they should be able to change devices. How can this be accomplished?
> On Feb 9, 2022, at 8:52 AM, Fabrice Durand <[email protected]> wrote: > > Which is normal, it´s what you have in the radius request. > > > Le mar. 8 févr. 2022 à 18:48, Jorge Nolla <[email protected] > <mailto:[email protected]>> a écrit : > > > From PF MAC and USERNAME not matching > > <Screen Shot 2022-02-08 at 4.47.55 PM.png> > > >> On Feb 8, 2022, at 4:44 PM, Jorge Nolla <[email protected] >> <mailto:[email protected]>> wrote: >> >> Fabrice, >> >> There is an odd behavior we are trying to understand. If we use the same >> username name and password in different devices, for some reason it picks >> only the MAC address to authenticate as user. >> >> <AirEngine9700-M1>display access-user >> >> ------------------------------------------------------------------------------------------------------ >> UserID Username IP address MAC >> Status >> >> ------------------------------------------------------------------------------------------------------ >> 11 admin 10.99.1.20 >> - Success >> 393634 f0:2f:4b:14:67:d9 10.9.71.61 >> 62ca-4992-a03d Success < second device MAC and USERNAME do not match >> 393636 f0:2f:4b:14:67:d9 10.9.86.158 >> f02f-4b14-67d9 Success >> >> >> >> >> >> >>> On Feb 8, 2022, at 11:51 AM, Jorge Nolla <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Fabrice, >>> >>> For some reason I cannot get accounting forwarding to the Billing/Radius >>> Server. This server has the plans for the customers. >>> >>> <Screen Shot 2022-02-08 at 11.48.23 AM.png> >>> >>> >>> <Screen Shot 2022-02-08 at 11.50.20 AM.png> >>> >>> >>> <Screen Shot 2022-02-08 at 11.48.01 AM.png> >>> >>> >>> <Screen Shot 2022-02-08 at 11.51.33 AM.png> >>> >>>> On Feb 8, 2022, at 11:39 AM, Jorge Nolla <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> Hi Fabrice, >>>> >>>> It worked. I had to change to HTTPS and DNS for the cert on the server to >>>> work. We also changed the method to GET. Will try POST, not sure if this >>>> will make a difference. >>>> >>>> my $html_form = qq[ >>>> <form name="weblogin_form" data-autosubmit="1000" method="GET" >>>> action="https://portal.fispy.mx:8443/login >>>> <https://portal.fispy.mx:8443/login>"> >>>> <input type="hidden" name="username" value="$mac"> >>>> <input type="hidden" name="password" value="$mac"> >>>> </form> >>>> <script src="/content/autosubmit.js" type="text/javascript"></script> >>>> >>>> Here is the a sample of the radius info on PF. Top entry is with new >>>> configuration MAC address as username. Bottom one is the old >>>> configuration, where we were submitting the url request manually. >>>> >>>> <Screen Shot 2022-02-08 at 11.34.52 AM.png> >>>> >>>> >>>>> On Feb 8, 2022, at 9:30 AM, Fabrice Durand <[email protected] >>>>> <mailto:[email protected]>> wrote: >>>>> >>>>> Yes, that's it. >>>>> >>>>> Le mar. 8 févr. 2022 à 11:23, Jorge Nolla <[email protected] >>>>> <mailto:[email protected]>> a écrit : >>>>> Fabrice, >>>>> >>>>> The document you had provided didn’t layout the configuration steps. I >>>>> think this might be the correct document for the configuration you are >>>>> referring. If you have a chance take a look and let me know. >>>>> >>>>> https://support.huawei.com/enterprise/mx/knowledge/EKB1100055064 >>>>> <https://support.huawei.com/enterprise/mx/knowledge/EKB1100055064> >>>>> >>>>> >>>>> >>>>>> On Feb 8, 2022, at 9:14 AM, Fabrice Durand <[email protected] >>>>>> <mailto:[email protected]>> wrote: >>>>>> >>>>>> You can try that instead: >>>>>> >>>>>> my $html_form = qq[ >>>>>> <form name="weblogin_form" data-autosubmit="1000" method="POST" >>>>>> action="http://$controller_ip:8443/login >>>>>> <http://$controller_ip:8443/login>"> >>>>>> <input type="hidden" name="username" value="$mac"> >>>>>> <input type="hidden" name="password" value="$mac"> >>>>>> </form> >>>>>> <script src="/content/autosubmit.js" >>>>>> type="text/javascript"></script> >>>>>> ]; >>>>>> >>>>>> It will pass the mac address of the device in the radius request as >>>>>> username and password instead of the real username and password who has >>>>>> been authenticated previously on the portal. >>>>>> Then you just need to configure the registration role in the switch >>>>>> configuration to be -1 (packetfence side) and if the device is unreg >>>>>> then the request will be rejected. >>>>>> >>>>>> >>>>>> Le mar. 8 févr. 2022 à 11:04, Jorge Nolla <[email protected] >>>>>> <mailto:[email protected]>> a écrit : >>>>>> Hi Fabrice, >>>>>> >>>>>> Let me check what the difference is in configuration on the AC side, >>>>>> I’ll report within the hour. Any clues as to why the parameters are not >>>>>> being passed? >>>>>> >>>>>> >>>>>>> On Feb 8, 2022, at 8:55 AM, Fabrice Durand <[email protected] >>>>>>> <mailto:[email protected]>> wrote: >>>>>>> >>>>>>> Hello Jorge, >>>>>>> >>>>>>> i really think that it´s not the correct way to support the web auth in >>>>>>> Huawei. >>>>>>> The only thing you can do with the portal is to authenticate with a >>>>>>> username and password, there is no way to do anything else >>>>>>> (sms/email/sponsor/....). >>>>>>> >>>>>>> Also when you authenticate on the portal , the portal validate your >>>>>>> username and password and with the workflow you have it will >>>>>>> authenticate twice (portal and radius) and it doesn´t make sense. >>>>>>> >>>>>>> So if you want to keep this way then you will need a simple html page >>>>>>> with a username and password field that post on >>>>>>> https://portal.fispy.mx:8443/login <https://portal.fispy.mx:8443/login> >>>>>>> then configure packetfence to authenticate the username and password >>>>>>> from radius. >>>>>>> >>>>>>> The other way who looks really better is to use that: >>>>>>> (https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_2 >>>>>>> >>>>>>> <https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_2>) >>>>>>> >>>>>>> <download.png> >>>>>>> >>>>>>> As i said , it´s exactly how it works with the cisco wlc and it will >>>>>>> support all authentication mechanisms available on the portal. >>>>>>> >>>>>>> Regards >>>>>>> Fabrice >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Le lun. 7 févr. 2022 à 20:25, Jorge Nolla <[email protected] >>>>>>> <mailto:[email protected]>> a écrit : >>>>>>> >>>>>>> Radius request from the AC once it receives the correct values. This is >>>>>>> sent back to Radius which in this case is PF >>>>>>> >>>>>>> User-Name = “5blz” <<< VALUE NEEDED IN URL as username >>>>>>> User-Password = "******” <<< VALUE NEEDED IN URL as password >>>>>>> NAS-IP-Address = 10.7.255.2 >>>>>>> NAS-Port = 900 >>>>>>> Service-Type = Framed-User >>>>>>> Framed-Protocol = PPP >>>>>>> Framed-IP-Address = 10.9.91.31 >>>>>>> Called-Station-Id = "c0:f6:c2:a5:c4:d0:FISPY-WiFi" >>>>>>> Calling-Station-Id = "f0:2f:4b:14:67:d9" >>>>>>> NAS-Identifier = "AirEngine9700-M1" >>>>>>> NAS-Port-Type = Wireless-802.11 >>>>>>> Acct-Session-Id = "AirEngi00000000000900d5d66c0600187" >>>>>>> Event-Timestamp = "Feb 7 2022 18:05:13 MST" >>>>>>> NAS-Port-Id = "slot=0;subslot=0;port=0;vlanid=900" >>>>>>> Huawei-Loopback-Address = "C0F6-C2A5-C4D0" >>>>>>> Huawei-User-Mac = "\000\000\000\003" >>>>>>> Stripped-User-Name = "5blz" >>>>>>> Realm = "null" >>>>>>> FreeRADIUS-Client-IP-Address = 10.7.255.2 >>>>>>> Called-Station-SSID = "FISPY-WiFi" >>>>>>> PacketFence-KeyBalanced = "aa86741e358fa86079a91aaf4dc581f9" >>>>>>> PacketFence-Radius-Ip = "10.0.255.99" >>>>>>> SQL-User-Name = "5blz" >>>>>>> >>>>>>>> On Feb 7, 2022, at 3:58 PM, Jorge Nolla <[email protected] >>>>>>>> <mailto:[email protected]>> wrote: >>>>>>>> >>>>>>>> Hi Fabrice, >>>>>>>> >>>>>>>> I did hardcode as follow: >>>>>>>> >>>>>>>> <form name="weblogin_form" data-autosubmit="1000" method="GET" >>>>>>>> action="https://portal.fispy.mx:8443/login?username=bob&password=bob >>>>>>>> <https://portal.fispy.mx:8443/login?username=bob&password=bob>" >>>>>>>> style="display:none"> >>>>>>>> >>>>>>>> But the redirect which the client is getting, is only this part, not >>>>>>>> sure why: >>>>>>>> >>>>>>>> https://portal.fispy.mx:8443/login? >>>>>>>> <https://portal.fispy.mx:8443/login?> >>>>>>>> >>>>>>>> >>>>>>>> Here is the flow of the External Portal Authentication as per Huawei. >>>>>>>> Portal Server - Notify the STA of the login URL >>>>>>>> STA - Send the username and password in HTTP GET POST. When this is >>>>>>>> configured to use ISE as per the guide, the ISE server sends the >>>>>>>> redirect to the STA as per the format. >>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >>>>>>>> >>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)> >>>>>>>> >>>>>>>> >>>>>>>> <PastedGraphic-1.tiff> >>>>>>>> >>>>>>>>> On Feb 7, 2022, at 2:51 PM, Fabrice Durand <[email protected] >>>>>>>>> <mailto:[email protected]>> wrote: >>>>>>>>> >>>>>>>>> Did you try to hardcode that in the code and see if it works ? >>>>>>>>> >>>>>>>>> Also i don´t understand the goal of passing the username and password >>>>>>>>> , is there any extra check after that ? What happen if the user >>>>>>>>> register by sms/email ? >>>>>>>>> >>>>>>>>> And i just found that: >>>>>>>>> https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_1 >>>>>>>>> >>>>>>>>> <https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_1> >>>>>>>>> Is it something that can be configured on the Hawei ? If yes then it >>>>>>>>> will mimic the way the Cisco WLC works. >>>>>>>>> >>>>>>>>> Regards >>>>>>>>> Fabrice >>>>>>>>> >>>>>>>>> >>>>>>>>> Le lun. 7 févr. 2022 à 16:01, Jorge Nolla <[email protected] >>>>>>>>> <mailto:[email protected]>> a écrit : >>>>>>>>> Hi Fabrice, >>>>>>>>> >>>>>>>>> This line needs to be HTTPS for it to work >>>>>>>>> <form name="weblogin_form" data-autosubmit="1000" method="GET" >>>>>>>>> action="http://$controller_ip:8443/login?username=bob&password=bob >>>>>>>>> <http://$controller_ip:8443/login?username=bob&password=bob>" >>>>>>>>> style="display:none”> >>>>>>>>> >>>>>>>>> This needs to be the username and password which is being entered by >>>>>>>>> the user in the PF portal, which is the Radius username and password >>>>>>>>> username=bob&password=bob >>>>>>>>> >>>>>>>>> >>>>>>>>>> On Feb 7, 2022, at 12:03 PM, Fabrice Durand <[email protected] >>>>>>>>>> <mailto:[email protected]>> wrote: >>>>>>>>>> >>>>>>>>>> I just pushed a fix. >>>>>>>>>> >>>>>>>>>> cd /usr/local/pf >>>>>>>>>> curl >>>>>>>>>> https://github.com/inverse-inc/packetfence/commit/7628afddf46e0226667560dc33df192f9c4cf420.diff >>>>>>>>>> >>>>>>>>>> <https://github.com/inverse-inc/packetfence/commit/7628afddf46e0226667560dc33df192f9c4cf420.diff> >>>>>>>>>> | patch -p1 >>>>>>>>>> and restart >>>>>>>>>> >>>>>>>>>> Le lun. 7 févr. 2022 à 13:46, Jorge Nolla <[email protected] >>>>>>>>>> <mailto:[email protected]>> a écrit : >>>>>>>>>> Here are the log outputs for /usr/local/pf/logs/packetfence.log >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Feb 7 11:03:04 wifi packetfence_httpd.portal[61371]: >>>>>>>>>> httpd.portal(61371) INFO: [mac:[undef]] URI '/Huawei' is detected as >>>>>>>>>> an external captive portal URI (pf::web::externalportal::handle) >>>>>>>>>> Feb 7 11:03:04 wifi packetfence_httpd.portal[61371]: >>>>>>>>>> httpd.portal(61371) ERROR: [mac:[undef]] Cannot load perl module for >>>>>>>>>> switch type 'pf::Switch::Huawei'. Either switch type is unknown or >>>>>>>>>> switch type perl module have compilation errors. See the following >>>>>>>>>> message for details: (pf::web::externalportal::handle) >>>>>>>>>> Feb 7 11:03:06 wifi packetfence_httpd.portal[61370]: >>>>>>>>>> httpd.portal(61370) INFO: [mac:[undef]] URI '/Huawei' is detected as >>>>>>>>>> an external captive portal URI (pf::web::externalportal::handle) >>>>>>>>>> Feb 7 11:03:06 wifi packetfence_httpd.portal[61370]: >>>>>>>>>> httpd.portal(61370) ERROR: [mac:[undef]] Cannot load perl module for >>>>>>>>>> switch type 'pf::Switch::Huawei'. Either switch type is unknown or >>>>>>>>>> switch type perl module have compilation errors. See the following >>>>>>>>>> message for details: (pf::web::externalportal::handle) >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> On Feb 7, 2022, at 10:50 AM, Jorge Nolla <[email protected] >>>>>>>>>>> <mailto:[email protected]>> wrote: >>>>>>>>>>> >>>>>>>>>>> Here is the output for HAProxy >>>>>>>>>>> >>>>>>>>>>> Feb 7 10:48:54 wifi haproxy[2285]: 10.9.215.39:63814 >>>>>>>>>>> <http://10.9.215.39:63814/> [07/Feb/2022:10:48:54.074] >>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1 >>>>>>>>>>> <http://127.0.0.1/> 0/0/0/13/13 501 413 - - ---- 2/1/0/0/0 0/0 >>>>>>>>>>> {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET >>>>>>>>>>> /Huawei?ac-ip=10.7.255.2&userip=10.9.215.39&ssid=FISPY-WiFi&ap-mac=f02f4b1467d9 >>>>>>>>>>> HTTP/1.1” >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> On Feb 7, 2022, at 10:06 AM, Jorge Nolla <[email protected] >>>>>>>>>>>> <mailto:[email protected]>> wrote: >>>>>>>>>>>> >>>>>>>>>>>> Hi Fabrice, >>>>>>>>>>>> >>>>>>>>>>>> From the Pf portal after the patch is applied. >>>>>>>>>>>> >>>>>>>>>>>> type: 'Huawei' is not a valid value The chosen type (Huawei) is >>>>>>>>>>>> not supported. >>>>>>>>>>>> >>>>>>>>>>>>> On Feb 6, 2022, at 6:49 PM, Jorge Nolla <[email protected] >>>>>>>>>>>>> <mailto:[email protected]>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> This is the only option on the config. >>>>>>>>>>>>> >>>>>>>>>>>>> <Screen Shot 2022-02-06 at 6.48.16 PM.png> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>> On Feb 6, 2022, at 6:41 PM, Jorge Nolla <[email protected] >>>>>>>>>>>>>> <mailto:[email protected]>> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>> Hi Fabrice, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Getting an error page from PF >>>>>>>>>>>>>> >>>>>>>>>>>>>> Not Implemented >>>>>>>>>>>>>> GET no supported for current URL. >>>>>>>>>>>>>> >>>>>>>>>>>>>> How is the switch supposed to be defined in PF? >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Feb 6, 2022, at 5:55 PM, Fabrice Durand <[email protected] >>>>>>>>>>>>>>> <mailto:[email protected]>> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I am just not sure what to set for username and password, if >>>>>>>>>>>>>>> you do sms auth then there is no password. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Also in the url it looks that it miss the mac address of the >>>>>>>>>>>>>>> device , can you try to add device-mac and see if the device >>>>>>>>>>>>>>> mac is in the url ? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Here the first draft: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> cd /usr/local/pf/ >>>>>>>>>>>>>>> curl >>>>>>>>>>>>>>> https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff> >>>>>>>>>>>>>>> | patch -p1 >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> then restart packetfence. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On the controller: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> url-template name PacketFence >>>>>>>>>>>>>>> url https://wifi.fispy.mx/ >>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>Hawei >>>>>>>>>>>>>>> url-parameter device-ip device-mac ac-ip user-ipaddress userip >>>>>>>>>>>>>>> ssid ssid user-mac ap-mac >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> So when the device will be forwarded to the portal it should be >>>>>>>>>>>>>>> able to recognise the mac address and the ip of the device (in >>>>>>>>>>>>>>> the bottom). >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Register on the portal and you should be forwarded to >>>>>>>>>>>>>>> http://$controller_ip:8443/login?username=bob&password=bob >>>>>>>>>>>>>>> <http://$controller_ip:8443/login?username=bob&password=bob> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Let me know how it behave. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Regards >>>>>>>>>>>>>>> Fabrice >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Le dim. 6 févr. 2022 à 18:58, Jorge Nolla <[email protected] >>>>>>>>>>>>>>> <mailto:[email protected]>> a écrit : >>>>>>>>>>>>>>> Hi Fabrice >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> This is the GET the AC is expecting: >>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> If successful it will return as per image below. If it fails >>>>>>>>>>>>>>> the AC will redirect back to the Portal >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <WebAuthentication.png> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Here is the configuration: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> url-template name PacketFence >>>>>>>>>>>>>>> url https://wifi.fispy.mx/captive-portal >>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal> >>>>>>>>>>>>>>> url-parameter login-url destination_url >>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> HA Proxy output >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Feb 6 16:44:26 wifi haproxy[2427]: 10.9.70.173:52266 >>>>>>>>>>>>>>> <http://10.9.70.173:52266/> [06/Feb/2022:16:44:26.153] >>>>>>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1 >>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/202/202 200 9003 - - ---- 2/1/0/0/0 >>>>>>>>>>>>>>> 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET >>>>>>>>>>>>>>> /captive-portal?destination_url=https://portal.fispy.mx:8443/login?username=($username)&password=($password) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)> >>>>>>>>>>>>>>> HTTP/1.1" >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Only problem is that PacketFence is not updating the dynamic >>>>>>>>>>>>>>> values with username and password for it to work >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> AC = Access Controller. This manages the APs’ as they are >>>>>>>>>>>>>>> operating in Fit/Lightweight mode. >>>>>>>>>>>>>>> AP = Access Points. These are the actual radios. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Best Regards, >>>>>>>>>>>>>>> Jorge >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Feb 6, 2022, at 4:40 PM, Fabrice Durand <[email protected] >>>>>>>>>>>>>>>> <mailto:[email protected]>> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hello Jorge, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> i have what i need at least to be able to support the web-auth. >>>>>>>>>>>>>>>> The only thing i am not sure is at the end of the registration >>>>>>>>>>>>>>>> process what we are supposed to do. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> I will create a branch on github in order for you to test. (it >>>>>>>>>>>>>>>> will be an update of the Huawei switch module). >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> For information, what is the ac-ip ac-mac versus ap-ip ap-mac ? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Regards >>>>>>>>>>>>>>>> Fabrice >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Le dim. 6 févr. 2022 à 18:30, Jorge Nolla <[email protected] >>>>>>>>>>>>>>>> <mailto:[email protected]>> a écrit : >>>>>>>>>>>>>>>> If I try to manually send the redirect in the browser here is >>>>>>>>>>>>>>>> what HA proxy records. This is a simple copy and paste in the >>>>>>>>>>>>>>>> browser and the output: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> https://wifi.fispy.mx/captive-portal >>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>?destination_url=https://portal.fispy.mx:8443/login?username=539z&password=0uf3 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=539z&password=0uf3> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 4875 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx >>>>>>>>>>>>>>>> <http://wifi.fispy.mx/>} "GET >>>>>>>>>>>>>>>> /captive-portal?destination_url=https://portal.fispy.mx:8443/login?username=539z&password=0uf3 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=539z&password=0uf3> >>>>>>>>>>>>>>>> HTTP/1.1" >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> It doesn’t let it go through as it seems that is trying to >>>>>>>>>>>>>>>> validate network connectivity >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Feb 6, 2022, at 4:07 PM, Jorge Nolla <[email protected] >>>>>>>>>>>>>>>>> <mailto:[email protected]>> wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Seems weird how the format of the URL is recorded/sent >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Here is a normal redirect, the url is formatted correctly, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Feb 6 16:03:41 wifi haproxy[2427]: 10.99.1.20:63577 >>>>>>>>>>>>>>>>> <http://10.99.1.20:63577/> [06/Feb/2022:16:03:41.232] >>>>>>>>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1 >>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/1/233/234 200 4910 - - ---- 2/1/0/0/0 >>>>>>>>>>>>>>>>> 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET >>>>>>>>>>>>>>>>> /captive-portal?destination_url=https://www.fispy.mx/ >>>>>>>>>>>>>>>>> <https://www.fispy.mx/> HTTP/1.1" >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> I’m not sure why the value sent by the AP has all the % and >>>>>>>>>>>>>>>>> weird symbols >>>>>>>>>>>>>>>>> destination%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal?switch_url=https://portal.fispy.mx:8443/login> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> On Feb 6, 2022, at 4:00 PM, Jorge Nolla <[email protected] >>>>>>>>>>>>>>>>>> <mailto:[email protected]>> wrote: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi Fabrice, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Here are the options that can be added: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> [AirEngine9700-M1-url-template-PacketFence]url-parameter ? >>>>>>>>>>>>>>>>>> ap-group-name AP group name >>>>>>>>>>>>>>>>>> ap-ip AP IP address >>>>>>>>>>>>>>>>>> ap-location AP location >>>>>>>>>>>>>>>>>> ap-mac AP MAC address >>>>>>>>>>>>>>>>>> ap-name AP name >>>>>>>>>>>>>>>>>> device-ip Device IP address >>>>>>>>>>>>>>>>>> device-mac Device MAC address >>>>>>>>>>>>>>>>>> login-url Device's login URL provided to the >>>>>>>>>>>>>>>>>> external portal server >>>>>>>>>>>>>>>>>> mac-address Mac address >>>>>>>>>>>>>>>>>> redirect-url The url in user original http packet >>>>>>>>>>>>>>>>>> set Set >>>>>>>>>>>>>>>>>> ssid SSID >>>>>>>>>>>>>>>>>> sysname Device name >>>>>>>>>>>>>>>>>> user-ipaddress User IP address >>>>>>>>>>>>>>>>>> user-mac User MAC address >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> url-template name PacketFence >>>>>>>>>>>>>>>>>> url https://wifi.fispy.mx/captive-portal >>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal> >>>>>>>>>>>>>>>>>> url-parameter device-ip ac-ip user-ipaddress userip ssid >>>>>>>>>>>>>>>>>> ssid user-mac ap-mac >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> 200 9003 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx >>>>>>>>>>>>>>>>>> <http://wifi.fispy.mx/>} "GET >>>>>>>>>>>>>>>>>> /captive-portal?ac%2Dip=10%2E7%2E255%2E2&userip=10%2E9%2E70%2E173&ssid=FISPY%2DWiFi&ap%2Dmac=f02f4b1467d9 >>>>>>>>>>>>>>>>>> HTTP/1.1" >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> If we do not specify the URL on this configuration, where >>>>>>>>>>>>>>>>>> would PacketFence get the value for the AC Web >>>>>>>>>>>>>>>>>> Authentication call? >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Best Regards, >>>>>>>>>>>>>>>>>> Jorge >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> On Feb 5, 2022, at 8:23 PM, Fabrice Durand >>>>>>>>>>>>>>>>>>> <[email protected] <mailto:[email protected]>> wrote: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Hello Jorge, >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> what we need is the user mac and the ap information. >>>>>>>>>>>>>>>>>>> I found that >>>>>>>>>>>>>>>>>>> https://support.huawei.com/enterprise/en/doc/EDOC1100008283/659354b1/display-url-template >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> <https://support.huawei.com/enterprise/en/doc/EDOC1100008283/659354b1/display-url-template> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Is it possible to add extra parameters like user-mac ssid >>>>>>>>>>>>>>>>>>> ap-ip ap-mac ? >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> And if yes can you provide me the url generated by the >>>>>>>>>>>>>>>>>>> controller when it redirect ? (haproxy-portal log) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Regards >>>>>>>>>>>>>>>>>>> Fabrice >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Le sam. 5 févr. 2022 à 20:42, Jorge Nolla <[email protected] >>>>>>>>>>>>>>>>>>> <mailto:[email protected]>> a écrit : >>>>>>>>>>>>>>>>>>> Hi Team, >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Any input on this? We really would like to get this to work. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Thank you! >>>>>>>>>>>>>>>>>>> Jorge >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> On Feb 2, 2022, at 7:48 PM, Jorge Nolla <[email protected] >>>>>>>>>>>>>>>>>>>> <mailto:[email protected]>> wrote: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Hi Fabrice, >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> This is the sequence: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Feb 2 14:51:32 wifi haproxy[2427]: 10.9.79.52:61132 >>>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61132/> [02/Feb/2022:14:51:32.663] >>>>>>>>>>>>>>>>>>>> portal-http-10.0.255.99 10.0.255.99-backend/127.0.0.1 >>>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/201/201 200 7146 - - ---- >>>>>>>>>>>>>>>>>>>> 3/1/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET >>>>>>>>>>>>>>>>>>>> /access?lang= HTTP/1.1" >>>>>>>>>>>>>>>>>>>> Feb 2 14:51:37 wifi haproxy[2427]: 10.9.79.52:61133 >>>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61133/> [02/Feb/2022:14:51:37.905] >>>>>>>>>>>>>>>>>>>> portal-http-10.0.255.99 static/127.0.0.1 >>>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/2/2 200 228 - - ---- 4/2/0/0/0 >>>>>>>>>>>>>>>>>>>> 0/0 {10.0.255.99} "GET >>>>>>>>>>>>>>>>>>>> /common/network-access-detection.gif?r=1643838705224 >>>>>>>>>>>>>>>>>>>> HTTP/1.1" >>>>>>>>>>>>>>>>>>>> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61130 >>>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61130/> [02/Feb/2022:14:51:43.927] >>>>>>>>>>>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1 >>>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/122/122 302 1018 - - ---- >>>>>>>>>>>>>>>>>>>> 4/1/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET >>>>>>>>>>>>>>>>>>>> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>>>>>>>>>>>>>>>>>>> HTTP/1.1" >>>>>>>>>>>>>>>>>>>> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61132 >>>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61132/> [02/Feb/2022:14:51:44.060] >>>>>>>>>>>>>>>>>>>> portal-http-10.0.255.99 10.0.255.99-backend/127.0.0.1 >>>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/129/129 200 7146 - - ---- >>>>>>>>>>>>>>>>>>>> 4/2/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET >>>>>>>>>>>>>>>>>>>> /access?lang= HTTP/1.1" >>>>>>>>>>>>>>>>>>>> Feb 2 14:51:49 wifi haproxy[2427]: 10.9.79.52:61133 >>>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61133/> [02/Feb/2022:14:51:49.219] >>>>>>>>>>>>>>>>>>>> portal-http-10.0.255.99 static/127.0.0.1 >>>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/1/1 200 228 - - ---- 4/2/0/0/0 >>>>>>>>>>>>>>>>>>>> 0/0 {10.0.255.99} "GET >>>>>>>>>>>>>>>>>>>> /common/network-access-detection.gif?r=1643838716546 >>>>>>>>>>>>>>>>>>>> HTTP/1.1" >>>>>>>>>>>>>>>>>>>> Feb 2 14:51:55 wifi haproxy[2427]: 10.9.79.52:61130 >>>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61130/> [02/Feb/2022:14:51:55.287] >>>>>>>>>>>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1 >>>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/136/136 302 1018 - - ---- >>>>>>>>>>>>>>>>>>>> 4/1/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET >>>>>>>>>>>>>>>>>>>> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>>>>>>>>>>>>>>>>>>> HTTP/1.1” >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> On Feb 2, 2022, at 7:12 PM, Fabrice Durand >>>>>>>>>>>>>>>>>>>>> <[email protected] <mailto:[email protected]>> wrote: >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Hello Jorge, >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> i will have a look closer. >>>>>>>>>>>>>>>>>>>>> But i have a question, when the device is forwarded to >>>>>>>>>>>>>>>>>>>>> the captive portal, (just before >>>>>>>>>>>>>>>>>>>>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal?switch_url=https://portal.fispy.mx:8443/login>) >>>>>>>>>>>>>>>>>>>>> , what is the url ? >>>>>>>>>>>>>>>>>>>>> You should be able to see it in the haproxy-portal.log >>>>>>>>>>>>>>>>>>>>> file. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Regards >>>>>>>>>>>>>>>>>>>>> Fabrice >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Le mer. 2 févr. 2022 à 10:18, Jorge Nolla >>>>>>>>>>>>>>>>>>>>> <[email protected] <mailto:[email protected]>> a écrit : >>>>>>>>>>>>>>>>>>>>> Hi Fabrice, >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> We almost have the configuration working, but are not >>>>>>>>>>>>>>>>>>>>> sure how to get the redirect to the client to work >>>>>>>>>>>>>>>>>>>>> correctly. Attached is the documentation for Cisco ISE >>>>>>>>>>>>>>>>>>>>> which we used for PacketFence as well. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Portal.fispy.mx <http://portal.fispy.mx/> is the Huawei >>>>>>>>>>>>>>>>>>>>> AC. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> This is the format the client should get from >>>>>>>>>>>>>>>>>>>>> PacketFence. This is the only piece we are missing for >>>>>>>>>>>>>>>>>>>>> this to work. >>>>>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> If we manually click on the link above, then the flow of >>>>>>>>>>>>>>>>>>>>> traffic works correctly CLIENT > AC > RADIUS >>>>>>>>>>>>>>>>>>>>> (PacketFence), and authentication works. The problem is >>>>>>>>>>>>>>>>>>>>> that when the user logs in to the portal the redirect is >>>>>>>>>>>>>>>>>>>>> broken. The parameter for the redirect that PacketFence >>>>>>>>>>>>>>>>>>>>> is serving, comes from a configuration parameter within >>>>>>>>>>>>>>>>>>>>> the AC. This configuration works fine for Cisco ISE, but >>>>>>>>>>>>>>>>>>>>> the URL format is not working for PacketFence. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> When we configure the redirect this is what the client is >>>>>>>>>>>>>>>>>>>>> getting from PacketFence >>>>>>>>>>>>>>>>>>>>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> url-template name PacketFence >>>>>>>>>>>>>>>>>>>>> url https://wifi.fispy.mx/captive-portal >>>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal> >>>>>>>>>>>>>>>>>>>>> url-parameter login-url switch_url >>>>>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login >>>>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login> <<< THIS IS THE >>>>>>>>>>>>>>>>>>>>> PARAMETER FOR THE REDIRECT TO PACKETFENCE >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> AC CONFIG >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> authentication-profile name PacketFence >>>>>>>>>>>>>>>>>>>>> portal-access-profile PacketFence >>>>>>>>>>>>>>>>>>>>> free-rule-template default_free_rule >>>>>>>>>>>>>>>>>>>>> authentication-scheme PacketFence >>>>>>>>>>>>>>>>>>>>> accounting-scheme PacketFence >>>>>>>>>>>>>>>>>>>>> radius-server PacketFence >>>>>>>>>>>>>>>>>>>>> force-push url https://www.fispy.mx >>>>>>>>>>>>>>>>>>>>> <https://www.fispy.mx/> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> radius-server template PacketFence >>>>>>>>>>>>>>>>>>>>> radius-server shared-key cipher >>>>>>>>>>>>>>>>>>>>> %^%#*)l=:1.X-Yd$\<~orEF@]<}NMejv3)E^\6;7:NUY%^%# >>>>>>>>>>>>>>>>>>>>> radius-server authentication 10.0.255.99 1812 source >>>>>>>>>>>>>>>>>>>>> ip-address 10.7.255.2 weight 90 >>>>>>>>>>>>>>>>>>>>> radius-server accounting 10.0.255.99 1813 source >>>>>>>>>>>>>>>>>>>>> ip-address 10.7.255.2 weight 80 >>>>>>>>>>>>>>>>>>>>> undo radius-server user-name domain-included >>>>>>>>>>>>>>>>>>>>> calling-station-id mac-format unformatted >>>>>>>>>>>>>>>>>>>>> called-station-id wlan-user-format ac-mac >>>>>>>>>>>>>>>>>>>>> radius-server attribute translate >>>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-NAS-Startup-Time-Stamp send >>>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-IP-Host-Address send >>>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-Connect-ID send >>>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-Version send >>>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-Product-ID send >>>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-Domain-Name send >>>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-User-Extend-Info send >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> url-template name PacketFence >>>>>>>>>>>>>>>>>>>>> url https://wifi.fispy.mx/captive-portal >>>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal> >>>>>>>>>>>>>>>>>>>>> url-parameter login-url switch_url >>>>>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login >>>>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login> <<< THIS IS THE >>>>>>>>>>>>>>>>>>>>> PARAMETER FOR THE REDIRECT TO PACKETFENCE >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> web-auth-server PacketFence >>>>>>>>>>>>>>>>>>>>> server-ip 10.0.255.99 >>>>>>>>>>>>>>>>>>>>> port 443 >>>>>>>>>>>>>>>>>>>>> url-template PacketFence >>>>>>>>>>>>>>>>>>>>> protocol http >>>>>>>>>>>>>>>>>>>>> http get-method enable >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> portal-access-profile name PacketFence >>>>>>>>>>>>>>>>>>>>> web-auth-server PacketFence direct >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> authentication-scheme PacketFence >>>>>>>>>>>>>>>>>>>>> authentication-mode radius >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> wlan >>>>>>>>>>>>>>>>>>>>> security-profile name FISPY-WiFi >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> vap-profile name FISPY-WiFi >>>>>>>>>>>>>>>>>>>>> service-vlan vlan-id 900 >>>>>>>>>>>>>>>>>>>>> permit-vlan vlan-id 900 >>>>>>>>>>>>>>>>>>>>> ssid-profile FISPY-WiFi >>>>>>>>>>>>>>>>>>>>> security-profile FISPY-WiFi >>>>>>>>>>>>>>>>>>>>> authentication-profile PacketFence >>>>>>>>>>>>>>>>>>>>> sta-network-detect disable >>>>>>>>>>>>>>>>>>>>> service-experience-analysis enable >>>>>>>>>>>>>>>>>>>>> mdns-snooping enable >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> ###CISCO ISE CONFIG TO COMPARE### >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> url-template name CISCO-ISE >>>>>>>>>>>>>>>>>>>>> url >>>>>>>>>>>>>>>>>>>>> https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02 >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> <https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02> >>>>>>>>>>>>>>>>>>>>> parameter start-mark # >>>>>>>>>>>>>>>>>>>>> url-parameter login-url switch_url >>>>>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login >>>>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> #################################### >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> On Feb 2, 2022, at 6:17 AM, Fabrice Durand >>>>>>>>>>>>>>>>>>>>>> <[email protected] <mailto:[email protected]>> wrote: >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Hello Jorge, >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> do you have any Huawei documentation to implement that ? >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Regards >>>>>>>>>>>>>>>>>>>>>> Fabrice >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Le mer. 26 janv. 2022 à 15:59, Jorge Nolla via >>>>>>>>>>>>>>>>>>>>>> PacketFence-users >>>>>>>>>>>>>>>>>>>>>> <[email protected] >>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]>> a >>>>>>>>>>>>>>>>>>>>>> écrit : >>>>>>>>>>>>>>>>>>>>>> Hi Team, >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> We were wondering if anyone has had any success in >>>>>>>>>>>>>>>>>>>>>> configuring Web Auth for the Huawei AC? It’s somewhat >>>>>>>>>>>>>>>>>>>>>> critical for us to get this going. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Thank you! >>>>>>>>>>>>>>>>>>>>>> Jorge >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]> >>>>>>>>>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
