Another configuration file with references to the billing server Splynx:
[root@wifi raddb]# cat mods-config/perl/multi_domain_constants.pm
package multi_domain_constants;
our $VAR1 = {
'1' => {
'ConfigRealm' => {
'local' => {
'radius_strip_username' =>
'disabled',
'eap' => 'default',
'admin_strip_username' =>
'disabled',
'portal_strip_username' =>
'disabled'
},
'default' => {
'radius_acct_proxy_type'
=> 'load-balance',
'radius_auth_compute_in_pf' => 'disabled',
'eduroam_radius_auth_proxy_type' => 'keyed-balance',
'radius_auth_proxy_type'
=> 'keyed-balance',
'portal_strip_username' =>
'disabled',
'admin_strip_username' =>
'disabled',
'radius_auth' => '',
'radius_strip_username' =>
'disabled',
'eap' => 'default',
'eduroam_radius_acct' =>
'',
'eduroam_radius_acct_proxy_type' => 'load-balance',
'permit_custom_attributes'
=> 'disabled',
'eduroam_radius_auth_compute_in_pf' => 'enabled',
'eduroam_radius_auth' =>
'',
'radius_acct' => ''
},
'null' => {
'eap' => 'default',
'radius_strip_username' =>
'disabled',
'admin_strip_username' =>
'disabled',
'portal_strip_username' =>
'disabled'
},
'fispy.mx' => {
'eduroam_radius_acct' =>
'',
'eap' => 'default',
'radius_strip_username'
=> 'enabled',
'admin_strip_username' =>
'enabled',
'radius_auth' => 'Splynx',
'portal_strip_username'
=> 'enabled',
'eduroam_radius_auth_proxy_type' => 'keyed-balance',
'radius_auth_proxy_type'
=> 'keyed-balance',
'radius_acct_proxy_type'
=> 'load-balance',
'radius_auth_compute_in_pf' => 'enabled',
'eduroam_radius_auth' =>
'',
'radius_acct' => 'Splynx',
'eduroam_radius_auth_compute_in_pf' => 'enabled',
'eduroam_radius_acct_proxy_type' => 'load-balance',
'permit_custom_attributes' => 'disabled'
}
},
'ConfigDomain' => {},
'ConfigOrderedRealm' => [
'default',
'local',
'null',
'fispy.mx'
]
},
'0' => {
'ConfigDomain' => {},
'ConfigRealm' => {},
'ConfigOrderedRealm' => []
}
};
our $DATA = $VAR1;
1;
[root@wifi raddb]#
> On Feb 9, 2022, at 5:19 PM, Jorge Nolla <[email protected]> wrote:
>
> Hi Team,
>
> Still can’t get accounting to proxy to the billing server. I don’t see the
> configuration on the proxy.conf so I imagine is pulling from this file.
>
>
> [root@wifi raddb]# cat proxy.conf.inc
> # This file is generated from a template at
> /usr/local/pf/conf/radiusd/proxy.conf.inc
> # Any changes made to this file will be lost on restart
>
> # Eduroam integration is not configured
>
> realm default {
>
> }
> realm local {
>
> }
> realm null {
>
> }
> realm fispy.mx <http://fispy.mx/> {
>
> auth_pool = auth_pool_fispy.mx <http://auth_pool_fispy.mx/>
> acct_pool = acct_pool_fispy.mx <http://acct_pool_fispy.mx/>
> }
> home_server_pool auth_pool_fispy.mx <http://auth_pool_fispy.mx/> {
> type = keyed-balance
> home_server = Splynx
> }
>
> home_server_pool acct_pool_fispy.mx <http://acct_pool_fispy.mx/> {
> type = load-balance
> home_server = Splynx
> }
>
>
> realm eduroam.default {
>
> }
>
> realm eduroam.local {
>
> }
>
> realm eduroam.null {
>
> }
>
> realm eduroam.fispy.mx <http://eduroam.fispy.mx/> {
>
> }
>
>
>
>
> home_server Splynx {
> ipaddr = 10.0.254.100
> port = 1812
> secret = @Put@Madr3
> type = auth+acct
> status_check = status-server
> }
>
>
>
> # pfacct configuration
>
> realm pfacct {
> acct_pool = pfacct_pool
> nostrip
> }
>
> home_server_pool pfacct_pool {
> home_server = pfacct_local
> }
>
> home_server pfacct_local {
> type = acct
> ipaddr = 127.0.0.1
> port = 1813
> secret = 'ZDQ3YzUzMjkxM2M1NjBhM2IyMTJjNWE0'
> src_ipaddr = 10.0.255.99
> }
>
>> On Feb 8, 2022, at 11:51 AM, Jorge Nolla <[email protected]
>> <mailto:[email protected]>> wrote:
>>
>> Fabrice,
>>
>> For some reason I cannot get accounting forwarding to the Billing/Radius
>> Server. This server has the plans for the customers.
>>
>> <Screen Shot 2022-02-08 at 11.48.23 AM.png>
>>
>>
>> <Screen Shot 2022-02-08 at 11.50.20 AM.png>
>>
>>
>> <Screen Shot 2022-02-08 at 11.48.01 AM.png>
>>
>>
>> <Screen Shot 2022-02-08 at 11.51.33 AM.png>
>>
>>> On Feb 8, 2022, at 11:39 AM, Jorge Nolla <[email protected]
>>> <mailto:[email protected]>> wrote:
>>>
>>> Hi Fabrice,
>>>
>>> It worked. I had to change to HTTPS and DNS for the cert on the server to
>>> work. We also changed the method to GET. Will try POST, not sure if this
>>> will make a difference.
>>>
>>> my $html_form = qq[
>>> <form name="weblogin_form" data-autosubmit="1000" method="GET"
>>> action="https://portal.fispy.mx:8443/login
>>> <https://portal.fispy.mx:8443/login>">
>>> <input type="hidden" name="username" value="$mac">
>>> <input type="hidden" name="password" value="$mac">
>>> </form>
>>> <script src="/content/autosubmit.js" type="text/javascript"></script>
>>>
>>> Here is the a sample of the radius info on PF. Top entry is with new
>>> configuration MAC address as username. Bottom one is the old configuration,
>>> where we were submitting the url request manually.
>>>
>>> <Screen Shot 2022-02-08 at 11.34.52 AM.png>
>>>
>>>
>>>> On Feb 8, 2022, at 9:30 AM, Fabrice Durand <[email protected]
>>>> <mailto:[email protected]>> wrote:
>>>>
>>>> Yes, that's it.
>>>>
>>>> Le mar. 8 févr. 2022 à 11:23, Jorge Nolla <[email protected]
>>>> <mailto:[email protected]>> a écrit :
>>>> Fabrice,
>>>>
>>>> The document you had provided didn’t layout the configuration steps. I
>>>> think this might be the correct document for the configuration you are
>>>> referring. If you have a chance take a look and let me know.
>>>>
>>>> https://support.huawei.com/enterprise/mx/knowledge/EKB1100055064
>>>> <https://support.huawei.com/enterprise/mx/knowledge/EKB1100055064>
>>>>
>>>>
>>>>
>>>>> On Feb 8, 2022, at 9:14 AM, Fabrice Durand <[email protected]
>>>>> <mailto:[email protected]>> wrote:
>>>>>
>>>>> You can try that instead:
>>>>>
>>>>> my $html_form = qq[
>>>>> <form name="weblogin_form" data-autosubmit="1000" method="POST"
>>>>> action="http://$controller_ip:8443/login
>>>>> <http://$controller_ip:8443/login>">
>>>>> <input type="hidden" name="username" value="$mac">
>>>>> <input type="hidden" name="password" value="$mac">
>>>>> </form>
>>>>> <script src="/content/autosubmit.js"
>>>>> type="text/javascript"></script>
>>>>> ];
>>>>>
>>>>> It will pass the mac address of the device in the radius request as
>>>>> username and password instead of the real username and password who has
>>>>> been authenticated previously on the portal.
>>>>> Then you just need to configure the registration role in the switch
>>>>> configuration to be -1 (packetfence side) and if the device is unreg then
>>>>> the request will be rejected.
>>>>>
>>>>>
>>>>> Le mar. 8 févr. 2022 à 11:04, Jorge Nolla <[email protected]
>>>>> <mailto:[email protected]>> a écrit :
>>>>> Hi Fabrice,
>>>>>
>>>>> Let me check what the difference is in configuration on the AC side, I’ll
>>>>> report within the hour. Any clues as to why the parameters are not being
>>>>> passed?
>>>>>
>>>>>
>>>>>> On Feb 8, 2022, at 8:55 AM, Fabrice Durand <[email protected]
>>>>>> <mailto:[email protected]>> wrote:
>>>>>>
>>>>>> Hello Jorge,
>>>>>>
>>>>>> i really think that it´s not the correct way to support the web auth in
>>>>>> Huawei.
>>>>>> The only thing you can do with the portal is to authenticate with a
>>>>>> username and password, there is no way to do anything else
>>>>>> (sms/email/sponsor/....).
>>>>>>
>>>>>> Also when you authenticate on the portal , the portal validate your
>>>>>> username and password and with the workflow you have it will
>>>>>> authenticate twice (portal and radius) and it doesn´t make sense.
>>>>>>
>>>>>> So if you want to keep this way then you will need a simple html page
>>>>>> with a username and password field that post on
>>>>>> https://portal.fispy.mx:8443/login <https://portal.fispy.mx:8443/login>
>>>>>> then configure packetfence to authenticate the username and password
>>>>>> from radius.
>>>>>>
>>>>>> The other way who looks really better is to use that:
>>>>>> (https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_2
>>>>>>
>>>>>> <https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_2>)
>>>>>>
>>>>>> <download.png>
>>>>>>
>>>>>> As i said , it´s exactly how it works with the cisco wlc and it will
>>>>>> support all authentication mechanisms available on the portal.
>>>>>>
>>>>>> Regards
>>>>>> Fabrice
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Le lun. 7 févr. 2022 à 20:25, Jorge Nolla <[email protected]
>>>>>> <mailto:[email protected]>> a écrit :
>>>>>>
>>>>>> Radius request from the AC once it receives the correct values. This is
>>>>>> sent back to Radius which in this case is PF
>>>>>>
>>>>>> User-Name = “5blz” <<< VALUE NEEDED IN URL as username
>>>>>> User-Password = "******” <<< VALUE NEEDED IN URL as password
>>>>>> NAS-IP-Address = 10.7.255.2
>>>>>> NAS-Port = 900
>>>>>> Service-Type = Framed-User
>>>>>> Framed-Protocol = PPP
>>>>>> Framed-IP-Address = 10.9.91.31
>>>>>> Called-Station-Id = "c0:f6:c2:a5:c4:d0:FISPY-WiFi"
>>>>>> Calling-Station-Id = "f0:2f:4b:14:67:d9"
>>>>>> NAS-Identifier = "AirEngine9700-M1"
>>>>>> NAS-Port-Type = Wireless-802.11
>>>>>> Acct-Session-Id = "AirEngi00000000000900d5d66c0600187"
>>>>>> Event-Timestamp = "Feb 7 2022 18:05:13 MST"
>>>>>> NAS-Port-Id = "slot=0;subslot=0;port=0;vlanid=900"
>>>>>> Huawei-Loopback-Address = "C0F6-C2A5-C4D0"
>>>>>> Huawei-User-Mac = "\000\000\000\003"
>>>>>> Stripped-User-Name = "5blz"
>>>>>> Realm = "null"
>>>>>> FreeRADIUS-Client-IP-Address = 10.7.255.2
>>>>>> Called-Station-SSID = "FISPY-WiFi"
>>>>>> PacketFence-KeyBalanced = "aa86741e358fa86079a91aaf4dc581f9"
>>>>>> PacketFence-Radius-Ip = "10.0.255.99"
>>>>>> SQL-User-Name = "5blz"
>>>>>>
>>>>>>> On Feb 7, 2022, at 3:58 PM, Jorge Nolla <[email protected]
>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>
>>>>>>> Hi Fabrice,
>>>>>>>
>>>>>>> I did hardcode as follow:
>>>>>>>
>>>>>>> <form name="weblogin_form" data-autosubmit="1000" method="GET"
>>>>>>> action="https://portal.fispy.mx:8443/login?username=bob&password=bob
>>>>>>> <https://portal.fispy.mx:8443/login?username=bob&password=bob>"
>>>>>>> style="display:none">
>>>>>>>
>>>>>>> But the redirect which the client is getting, is only this part, not
>>>>>>> sure why:
>>>>>>>
>>>>>>> https://portal.fispy.mx:8443/login?
>>>>>>> <https://portal.fispy.mx:8443/login?>
>>>>>>>
>>>>>>>
>>>>>>> Here is the flow of the External Portal Authentication as per Huawei.
>>>>>>> Portal Server - Notify the STA of the login URL
>>>>>>> STA - Send the username and password in HTTP GET POST. When this is
>>>>>>> configured to use ISE as per the guide, the ISE server sends the
>>>>>>> redirect to the STA as per the format.
>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>
>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>
>>>>>>>
>>>>>>> <PastedGraphic-1.tiff>
>>>>>>>
>>>>>>>> On Feb 7, 2022, at 2:51 PM, Fabrice Durand <[email protected]
>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>
>>>>>>>> Did you try to hardcode that in the code and see if it works ?
>>>>>>>>
>>>>>>>> Also i don´t understand the goal of passing the username and password
>>>>>>>> , is there any extra check after that ? What happen if the user
>>>>>>>> register by sms/email ?
>>>>>>>>
>>>>>>>> And i just found that:
>>>>>>>> https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_1
>>>>>>>>
>>>>>>>> <https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_1>
>>>>>>>> Is it something that can be configured on the Hawei ? If yes then it
>>>>>>>> will mimic the way the Cisco WLC works.
>>>>>>>>
>>>>>>>> Regards
>>>>>>>> Fabrice
>>>>>>>>
>>>>>>>>
>>>>>>>> Le lun. 7 févr. 2022 à 16:01, Jorge Nolla <[email protected]
>>>>>>>> <mailto:[email protected]>> a écrit :
>>>>>>>> Hi Fabrice,
>>>>>>>>
>>>>>>>> This line needs to be HTTPS for it to work
>>>>>>>> <form name="weblogin_form" data-autosubmit="1000" method="GET"
>>>>>>>> action="http://$controller_ip:8443/login?username=bob&password=bob
>>>>>>>> <http://$controller_ip:8443/login?username=bob&password=bob>"
>>>>>>>> style="display:none”>
>>>>>>>>
>>>>>>>> This needs to be the username and password which is being entered by
>>>>>>>> the user in the PF portal, which is the Radius username and password
>>>>>>>> username=bob&password=bob
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Feb 7, 2022, at 12:03 PM, Fabrice Durand <[email protected]
>>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>>
>>>>>>>>> I just pushed a fix.
>>>>>>>>>
>>>>>>>>> cd /usr/local/pf
>>>>>>>>> curl
>>>>>>>>> https://github.com/inverse-inc/packetfence/commit/7628afddf46e0226667560dc33df192f9c4cf420.diff
>>>>>>>>>
>>>>>>>>> <https://github.com/inverse-inc/packetfence/commit/7628afddf46e0226667560dc33df192f9c4cf420.diff>
>>>>>>>>> | patch -p1
>>>>>>>>> and restart
>>>>>>>>>
>>>>>>>>> Le lun. 7 févr. 2022 à 13:46, Jorge Nolla <[email protected]
>>>>>>>>> <mailto:[email protected]>> a écrit :
>>>>>>>>> Here are the log outputs for /usr/local/pf/logs/packetfence.log
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Feb 7 11:03:04 wifi packetfence_httpd.portal[61371]:
>>>>>>>>> httpd.portal(61371) INFO: [mac:[undef]] URI '/Huawei' is detected as
>>>>>>>>> an external captive portal URI (pf::web::externalportal::handle)
>>>>>>>>> Feb 7 11:03:04 wifi packetfence_httpd.portal[61371]:
>>>>>>>>> httpd.portal(61371) ERROR: [mac:[undef]] Cannot load perl module for
>>>>>>>>> switch type 'pf::Switch::Huawei'. Either switch type is unknown or
>>>>>>>>> switch type perl module have compilation errors. See the following
>>>>>>>>> message for details: (pf::web::externalportal::handle)
>>>>>>>>> Feb 7 11:03:06 wifi packetfence_httpd.portal[61370]:
>>>>>>>>> httpd.portal(61370) INFO: [mac:[undef]] URI '/Huawei' is detected as
>>>>>>>>> an external captive portal URI (pf::web::externalportal::handle)
>>>>>>>>> Feb 7 11:03:06 wifi packetfence_httpd.portal[61370]:
>>>>>>>>> httpd.portal(61370) ERROR: [mac:[undef]] Cannot load perl module for
>>>>>>>>> switch type 'pf::Switch::Huawei'. Either switch type is unknown or
>>>>>>>>> switch type perl module have compilation errors. See the following
>>>>>>>>> message for details: (pf::web::externalportal::handle)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> On Feb 7, 2022, at 10:50 AM, Jorge Nolla <[email protected]
>>>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>>>
>>>>>>>>>> Here is the output for HAProxy
>>>>>>>>>>
>>>>>>>>>> Feb 7 10:48:54 wifi haproxy[2285]: 10.9.215.39:63814
>>>>>>>>>> <http://10.9.215.39:63814/> [07/Feb/2022:10:48:54.074]
>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1
>>>>>>>>>> <http://127.0.0.1/> 0/0/0/13/13 501 413 - - ---- 2/1/0/0/0 0/0
>>>>>>>>>> {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET
>>>>>>>>>> /Huawei?ac-ip=10.7.255.2&userip=10.9.215.39&ssid=FISPY-WiFi&ap-mac=f02f4b1467d9
>>>>>>>>>> HTTP/1.1”
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> On Feb 7, 2022, at 10:06 AM, Jorge Nolla <[email protected]
>>>>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi Fabrice,
>>>>>>>>>>>
>>>>>>>>>>> From the Pf portal after the patch is applied.
>>>>>>>>>>>
>>>>>>>>>>> type: 'Huawei' is not a valid value The chosen type (Huawei) is not
>>>>>>>>>>> supported.
>>>>>>>>>>>
>>>>>>>>>>>> On Feb 6, 2022, at 6:49 PM, Jorge Nolla <[email protected]
>>>>>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> This is the only option on the config.
>>>>>>>>>>>>
>>>>>>>>>>>> <Screen Shot 2022-02-06 at 6.48.16 PM.png>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> On Feb 6, 2022, at 6:41 PM, Jorge Nolla <[email protected]
>>>>>>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Fabrice,
>>>>>>>>>>>>>
>>>>>>>>>>>>> Getting an error page from PF
>>>>>>>>>>>>>
>>>>>>>>>>>>> Not Implemented
>>>>>>>>>>>>> GET no supported for current URL.
>>>>>>>>>>>>>
>>>>>>>>>>>>> How is the switch supposed to be defined in PF?
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Feb 6, 2022, at 5:55 PM, Fabrice Durand <[email protected]
>>>>>>>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I am just not sure what to set for username and password, if you
>>>>>>>>>>>>>> do sms auth then there is no password.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Also in the url it looks that it miss the mac address of the
>>>>>>>>>>>>>> device , can you try to add device-mac and see if the device
>>>>>>>>>>>>>> mac is in the url ?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Here the first draft:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> <https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> cd /usr/local/pf/
>>>>>>>>>>>>>> curl
>>>>>>>>>>>>>> https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> <https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff>
>>>>>>>>>>>>>> | patch -p1
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> then restart packetfence.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On the controller:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> url-template name PacketFence
>>>>>>>>>>>>>> url https://wifi.fispy.mx/
>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>Hawei
>>>>>>>>>>>>>> url-parameter device-ip device-mac ac-ip user-ipaddress userip
>>>>>>>>>>>>>> ssid ssid user-mac ap-mac
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> So when the device will be forwarded to the portal it should be
>>>>>>>>>>>>>> able to recognise the mac address and the ip of the device (in
>>>>>>>>>>>>>> the bottom).
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Register on the portal and you should be forwarded to
>>>>>>>>>>>>>> http://$controller_ip:8443/login?username=bob&password=bob
>>>>>>>>>>>>>> <http://$controller_ip:8443/login?username=bob&password=bob>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Let me know how it behave.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>> Fabrice
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Le dim. 6 févr. 2022 à 18:58, Jorge Nolla <[email protected]
>>>>>>>>>>>>>> <mailto:[email protected]>> a écrit :
>>>>>>>>>>>>>> Hi Fabrice
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> This is the GET the AC is expecting:
>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> If successful it will return as per image below. If it fails the
>>>>>>>>>>>>>> AC will redirect back to the Portal
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> <WebAuthentication.png>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Here is the configuration:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> url-template name PacketFence
>>>>>>>>>>>>>> url https://wifi.fispy.mx/captive-portal
>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>
>>>>>>>>>>>>>> url-parameter login-url destination_url
>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> HA Proxy output
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Feb 6 16:44:26 wifi haproxy[2427]: 10.9.70.173:52266
>>>>>>>>>>>>>> <http://10.9.70.173:52266/> [06/Feb/2022:16:44:26.153]
>>>>>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1
>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/202/202 200 9003 - - ---- 2/1/0/0/0
>>>>>>>>>>>>>> 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET
>>>>>>>>>>>>>> /captive-portal?destination_url=https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>>>>>>>> HTTP/1.1"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Only problem is that PacketFence is not updating the dynamic
>>>>>>>>>>>>>> values with username and password for it to work
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> AC = Access Controller. This manages the APs’ as they are
>>>>>>>>>>>>>> operating in Fit/Lightweight mode.
>>>>>>>>>>>>>> AP = Access Points. These are the actual radios.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Best Regards,
>>>>>>>>>>>>>> Jorge
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Feb 6, 2022, at 4:40 PM, Fabrice Durand <[email protected]
>>>>>>>>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hello Jorge,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> i have what i need at least to be able to support the web-auth.
>>>>>>>>>>>>>>> The only thing i am not sure is at the end of the registration
>>>>>>>>>>>>>>> process what we are supposed to do.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I will create a branch on github in order for you to test. (it
>>>>>>>>>>>>>>> will be an update of the Huawei switch module).
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> For information, what is the ac-ip ac-mac versus ap-ip ap-mac ?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>>> Fabrice
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Le dim. 6 févr. 2022 à 18:30, Jorge Nolla <[email protected]
>>>>>>>>>>>>>>> <mailto:[email protected]>> a écrit :
>>>>>>>>>>>>>>> If I try to manually send the redirect in the browser here is
>>>>>>>>>>>>>>> what HA proxy records. This is a simple copy and paste in the
>>>>>>>>>>>>>>> browser and the output:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> https://wifi.fispy.mx/captive-portal
>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>?destination_url=https://portal.fispy.mx:8443/login?username=539z&password=0uf3
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=539z&password=0uf3>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> 4875 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx
>>>>>>>>>>>>>>> <http://wifi.fispy.mx/>} "GET
>>>>>>>>>>>>>>> /captive-portal?destination_url=https://portal.fispy.mx:8443/login?username=539z&password=0uf3
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=539z&password=0uf3>
>>>>>>>>>>>>>>> HTTP/1.1"
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> It doesn’t let it go through as it seems that is trying to
>>>>>>>>>>>>>>> validate network connectivity
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Feb 6, 2022, at 4:07 PM, Jorge Nolla <[email protected]
>>>>>>>>>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Seems weird how the format of the URL is recorded/sent
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Here is a normal redirect, the url is formatted correctly,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Feb 6 16:03:41 wifi haproxy[2427]: 10.99.1.20:63577
>>>>>>>>>>>>>>>> <http://10.99.1.20:63577/> [06/Feb/2022:16:03:41.232]
>>>>>>>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1
>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/1/233/234 200 4910 - - ---- 2/1/0/0/0
>>>>>>>>>>>>>>>> 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET
>>>>>>>>>>>>>>>> /captive-portal?destination_url=https://www.fispy.mx/
>>>>>>>>>>>>>>>> <https://www.fispy.mx/> HTTP/1.1"
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I’m not sure why the value sent by the AP has all the % and
>>>>>>>>>>>>>>>> weird symbols
>>>>>>>>>>>>>>>> destination%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal?switch_url=https://portal.fispy.mx:8443/login>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> On Feb 6, 2022, at 4:00 PM, Jorge Nolla <[email protected]
>>>>>>>>>>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hi Fabrice,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Here are the options that can be added:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> [AirEngine9700-M1-url-template-PacketFence]url-parameter ?
>>>>>>>>>>>>>>>>> ap-group-name AP group name
>>>>>>>>>>>>>>>>> ap-ip AP IP address
>>>>>>>>>>>>>>>>> ap-location AP location
>>>>>>>>>>>>>>>>> ap-mac AP MAC address
>>>>>>>>>>>>>>>>> ap-name AP name
>>>>>>>>>>>>>>>>> device-ip Device IP address
>>>>>>>>>>>>>>>>> device-mac Device MAC address
>>>>>>>>>>>>>>>>> login-url Device's login URL provided to the external
>>>>>>>>>>>>>>>>> portal server
>>>>>>>>>>>>>>>>> mac-address Mac address
>>>>>>>>>>>>>>>>> redirect-url The url in user original http packet
>>>>>>>>>>>>>>>>> set Set
>>>>>>>>>>>>>>>>> ssid SSID
>>>>>>>>>>>>>>>>> sysname Device name
>>>>>>>>>>>>>>>>> user-ipaddress User IP address
>>>>>>>>>>>>>>>>> user-mac User MAC address
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> url-template name PacketFence
>>>>>>>>>>>>>>>>> url https://wifi.fispy.mx/captive-portal
>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>
>>>>>>>>>>>>>>>>> url-parameter device-ip ac-ip user-ipaddress userip ssid
>>>>>>>>>>>>>>>>> ssid user-mac ap-mac
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> 200 9003 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx
>>>>>>>>>>>>>>>>> <http://wifi.fispy.mx/>} "GET
>>>>>>>>>>>>>>>>> /captive-portal?ac%2Dip=10%2E7%2E255%2E2&userip=10%2E9%2E70%2E173&ssid=FISPY%2DWiFi&ap%2Dmac=f02f4b1467d9
>>>>>>>>>>>>>>>>> HTTP/1.1"
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> If we do not specify the URL on this configuration, where
>>>>>>>>>>>>>>>>> would PacketFence get the value for the AC Web Authentication
>>>>>>>>>>>>>>>>> call?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Best Regards,
>>>>>>>>>>>>>>>>> Jorge
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> On Feb 5, 2022, at 8:23 PM, Fabrice Durand
>>>>>>>>>>>>>>>>>> <[email protected] <mailto:[email protected]>> wrote:
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Hello Jorge,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> what we need is the user mac and the ap information.
>>>>>>>>>>>>>>>>>> I found that
>>>>>>>>>>>>>>>>>> https://support.huawei.com/enterprise/en/doc/EDOC1100008283/659354b1/display-url-template
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> <https://support.huawei.com/enterprise/en/doc/EDOC1100008283/659354b1/display-url-template>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Is it possible to add extra parameters like user-mac ssid
>>>>>>>>>>>>>>>>>> ap-ip ap-mac ?
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> And if yes can you provide me the url generated by the
>>>>>>>>>>>>>>>>>> controller when it redirect ? (haproxy-portal log)
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>>>>>> Fabrice
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Le sam. 5 févr. 2022 à 20:42, Jorge Nolla <[email protected]
>>>>>>>>>>>>>>>>>> <mailto:[email protected]>> a écrit :
>>>>>>>>>>>>>>>>>> Hi Team,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Any input on this? We really would like to get this to work.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Thank you!
>>>>>>>>>>>>>>>>>> Jorge
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> On Feb 2, 2022, at 7:48 PM, Jorge Nolla <[email protected]
>>>>>>>>>>>>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Hi Fabrice,
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> This is the sequence:
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Feb 2 14:51:32 wifi haproxy[2427]: 10.9.79.52:61132
>>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61132/> [02/Feb/2022:14:51:32.663]
>>>>>>>>>>>>>>>>>>> portal-http-10.0.255.99 10.0.255.99-backend/127.0.0.1
>>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/201/201 200 7146 - - ----
>>>>>>>>>>>>>>>>>>> 3/1/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET
>>>>>>>>>>>>>>>>>>> /access?lang= HTTP/1.1"
>>>>>>>>>>>>>>>>>>> Feb 2 14:51:37 wifi haproxy[2427]: 10.9.79.52:61133
>>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61133/> [02/Feb/2022:14:51:37.905]
>>>>>>>>>>>>>>>>>>> portal-http-10.0.255.99 static/127.0.0.1
>>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/2/2 200 228 - - ---- 4/2/0/0/0
>>>>>>>>>>>>>>>>>>> 0/0 {10.0.255.99} "GET
>>>>>>>>>>>>>>>>>>> /common/network-access-detection.gif?r=1643838705224
>>>>>>>>>>>>>>>>>>> HTTP/1.1"
>>>>>>>>>>>>>>>>>>> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61130
>>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61130/> [02/Feb/2022:14:51:43.927]
>>>>>>>>>>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1
>>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/122/122 302 1018 - - ----
>>>>>>>>>>>>>>>>>>> 4/1/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET
>>>>>>>>>>>>>>>>>>> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>>>>>>>>>>>>>>>>> HTTP/1.1"
>>>>>>>>>>>>>>>>>>> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61132
>>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61132/> [02/Feb/2022:14:51:44.060]
>>>>>>>>>>>>>>>>>>> portal-http-10.0.255.99 10.0.255.99-backend/127.0.0.1
>>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/129/129 200 7146 - - ----
>>>>>>>>>>>>>>>>>>> 4/2/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET
>>>>>>>>>>>>>>>>>>> /access?lang= HTTP/1.1"
>>>>>>>>>>>>>>>>>>> Feb 2 14:51:49 wifi haproxy[2427]: 10.9.79.52:61133
>>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61133/> [02/Feb/2022:14:51:49.219]
>>>>>>>>>>>>>>>>>>> portal-http-10.0.255.99 static/127.0.0.1
>>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/1/1 200 228 - - ---- 4/2/0/0/0
>>>>>>>>>>>>>>>>>>> 0/0 {10.0.255.99} "GET
>>>>>>>>>>>>>>>>>>> /common/network-access-detection.gif?r=1643838716546
>>>>>>>>>>>>>>>>>>> HTTP/1.1"
>>>>>>>>>>>>>>>>>>> Feb 2 14:51:55 wifi haproxy[2427]: 10.9.79.52:61130
>>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61130/> [02/Feb/2022:14:51:55.287]
>>>>>>>>>>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1
>>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/136/136 302 1018 - - ----
>>>>>>>>>>>>>>>>>>> 4/1/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET
>>>>>>>>>>>>>>>>>>> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>>>>>>>>>>>>>>>>> HTTP/1.1”
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> On Feb 2, 2022, at 7:12 PM, Fabrice Durand
>>>>>>>>>>>>>>>>>>>> <[email protected] <mailto:[email protected]>> wrote:
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Hello Jorge,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> i will have a look closer.
>>>>>>>>>>>>>>>>>>>> But i have a question, when the device is forwarded to the
>>>>>>>>>>>>>>>>>>>> captive portal, (just before
>>>>>>>>>>>>>>>>>>>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal?switch_url=https://portal.fispy.mx:8443/login>)
>>>>>>>>>>>>>>>>>>>> , what is the url ?
>>>>>>>>>>>>>>>>>>>> You should be able to see it in the haproxy-portal.log
>>>>>>>>>>>>>>>>>>>> file.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>>>>>>>> Fabrice
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Le mer. 2 févr. 2022 à 10:18, Jorge Nolla
>>>>>>>>>>>>>>>>>>>> <[email protected] <mailto:[email protected]>> a écrit :
>>>>>>>>>>>>>>>>>>>> Hi Fabrice,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> We almost have the configuration working, but are not sure
>>>>>>>>>>>>>>>>>>>> how to get the redirect to the client to work correctly.
>>>>>>>>>>>>>>>>>>>> Attached is the documentation for Cisco ISE which we used
>>>>>>>>>>>>>>>>>>>> for PacketFence as well.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Portal.fispy.mx <http://portal.fispy.mx/> is the Huawei AC.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> This is the format the client should get from PacketFence.
>>>>>>>>>>>>>>>>>>>> This is the only piece we are missing for this to work.
>>>>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> If we manually click on the link above, then the flow of
>>>>>>>>>>>>>>>>>>>> traffic works correctly CLIENT > AC > RADIUS
>>>>>>>>>>>>>>>>>>>> (PacketFence), and authentication works. The problem is
>>>>>>>>>>>>>>>>>>>> that when the user logs in to the portal the redirect is
>>>>>>>>>>>>>>>>>>>> broken. The parameter for the redirect that PacketFence is
>>>>>>>>>>>>>>>>>>>> serving, comes from a configuration parameter within the
>>>>>>>>>>>>>>>>>>>> AC. This configuration works fine for Cisco ISE, but the
>>>>>>>>>>>>>>>>>>>> URL format is not working for PacketFence.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> When we configure the redirect this is what the client is
>>>>>>>>>>>>>>>>>>>> getting from PacketFence
>>>>>>>>>>>>>>>>>>>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> url-template name PacketFence
>>>>>>>>>>>>>>>>>>>> url https://wifi.fispy.mx/captive-portal
>>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>
>>>>>>>>>>>>>>>>>>>> url-parameter login-url switch_url
>>>>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login
>>>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login> <<< THIS IS THE
>>>>>>>>>>>>>>>>>>>> PARAMETER FOR THE REDIRECT TO PACKETFENCE
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> AC CONFIG
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> authentication-profile name PacketFence
>>>>>>>>>>>>>>>>>>>> portal-access-profile PacketFence
>>>>>>>>>>>>>>>>>>>> free-rule-template default_free_rule
>>>>>>>>>>>>>>>>>>>> authentication-scheme PacketFence
>>>>>>>>>>>>>>>>>>>> accounting-scheme PacketFence
>>>>>>>>>>>>>>>>>>>> radius-server PacketFence
>>>>>>>>>>>>>>>>>>>> force-push url https://www.fispy.mx
>>>>>>>>>>>>>>>>>>>> <https://www.fispy.mx/>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> radius-server template PacketFence
>>>>>>>>>>>>>>>>>>>> radius-server shared-key cipher
>>>>>>>>>>>>>>>>>>>> %^%#*)l=:1.X-Yd$\<~orEF@]<}NMejv3)E^\6;7:NUY%^%#
>>>>>>>>>>>>>>>>>>>> radius-server authentication 10.0.255.99 1812 source
>>>>>>>>>>>>>>>>>>>> ip-address 10.7.255.2 weight 90
>>>>>>>>>>>>>>>>>>>> radius-server accounting 10.0.255.99 1813 source
>>>>>>>>>>>>>>>>>>>> ip-address 10.7.255.2 weight 80
>>>>>>>>>>>>>>>>>>>> undo radius-server user-name domain-included
>>>>>>>>>>>>>>>>>>>> calling-station-id mac-format unformatted
>>>>>>>>>>>>>>>>>>>> called-station-id wlan-user-format ac-mac
>>>>>>>>>>>>>>>>>>>> radius-server attribute translate
>>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-NAS-Startup-Time-Stamp send
>>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-IP-Host-Address send
>>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-Connect-ID send
>>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-Version send
>>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-Product-ID send
>>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-Domain-Name send
>>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-User-Extend-Info send
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> url-template name PacketFence
>>>>>>>>>>>>>>>>>>>> url https://wifi.fispy.mx/captive-portal
>>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>
>>>>>>>>>>>>>>>>>>>> url-parameter login-url switch_url
>>>>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login
>>>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login> <<< THIS IS THE
>>>>>>>>>>>>>>>>>>>> PARAMETER FOR THE REDIRECT TO PACKETFENCE
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> web-auth-server PacketFence
>>>>>>>>>>>>>>>>>>>> server-ip 10.0.255.99
>>>>>>>>>>>>>>>>>>>> port 443
>>>>>>>>>>>>>>>>>>>> url-template PacketFence
>>>>>>>>>>>>>>>>>>>> protocol http
>>>>>>>>>>>>>>>>>>>> http get-method enable
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> portal-access-profile name PacketFence
>>>>>>>>>>>>>>>>>>>> web-auth-server PacketFence direct
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> authentication-scheme PacketFence
>>>>>>>>>>>>>>>>>>>> authentication-mode radius
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> wlan
>>>>>>>>>>>>>>>>>>>> security-profile name FISPY-WiFi
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> vap-profile name FISPY-WiFi
>>>>>>>>>>>>>>>>>>>> service-vlan vlan-id 900
>>>>>>>>>>>>>>>>>>>> permit-vlan vlan-id 900
>>>>>>>>>>>>>>>>>>>> ssid-profile FISPY-WiFi
>>>>>>>>>>>>>>>>>>>> security-profile FISPY-WiFi
>>>>>>>>>>>>>>>>>>>> authentication-profile PacketFence
>>>>>>>>>>>>>>>>>>>> sta-network-detect disable
>>>>>>>>>>>>>>>>>>>> service-experience-analysis enable
>>>>>>>>>>>>>>>>>>>> mdns-snooping enable
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> ###CISCO ISE CONFIG TO COMPARE###
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> url-template name CISCO-ISE
>>>>>>>>>>>>>>>>>>>> url
>>>>>>>>>>>>>>>>>>>> https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> <https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02>
>>>>>>>>>>>>>>>>>>>> parameter start-mark #
>>>>>>>>>>>>>>>>>>>> url-parameter login-url switch_url
>>>>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login
>>>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> ####################################
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> On Feb 2, 2022, at 6:17 AM, Fabrice Durand
>>>>>>>>>>>>>>>>>>>>> <[email protected] <mailto:[email protected]>> wrote:
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Hello Jorge,
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> do you have any Huawei documentation to implement that ?
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>>>>>>>>> Fabrice
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Le mer. 26 janv. 2022 à 15:59, Jorge Nolla via
>>>>>>>>>>>>>>>>>>>>> PacketFence-users
>>>>>>>>>>>>>>>>>>>>> <[email protected]
>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]>> a écrit
>>>>>>>>>>>>>>>>>>>>> :
>>>>>>>>>>>>>>>>>>>>> Hi Team,
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> We were wondering if anyone has had any success in
>>>>>>>>>>>>>>>>>>>>> configuring Web Auth for the Huawei AC? It’s somewhat
>>>>>>>>>>>>>>>>>>>>> critical for us to get this going.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Thank you!
>>>>>>>>>>>>>>>>>>>>> Jorge
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>>>>>>>> PacketFence-users mailing list
>>>>>>>>>>>>>>>>>>>>> [email protected]
>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]>
>>>>>>>>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
