Re: [PacketFence-users] Huawei AC6005 Wireless Controller doesn’t support Web Auth. #4790

[Jorge Nolla via PacketFence-users]

Hi Team,

Still can’t get accounting to proxy to the billing server. I don’t see the 
configuration on the proxy.conf so I imagine is pulling from this file.


[root@wifi raddb]# cat proxy.conf.inc
# This file is generated from a template at 
/usr/local/pf/conf/radiusd/proxy.conf.inc
# Any changes made to this file will be lost on restart

# Eduroam integration is not configured

realm default {

}
realm local {

}
realm null {

}
realm fispy.mx {

auth_pool = auth_pool_fispy.mx
acct_pool = acct_pool_fispy.mx
}
home_server_pool auth_pool_fispy.mx {
type = keyed-balance
home_server = Splynx
}

home_server_pool acct_pool_fispy.mx {
type = load-balance
home_server = Splynx
}


realm eduroam.default {

}

realm eduroam.local {

}

realm eduroam.null {

}

realm eduroam.fispy.mx {

}




home_server Splynx {
ipaddr = 10.0.254.100
port = 1812
secret = @Put@Madr3
type = auth+acct
status_check = status-server
}



# pfacct configuration

realm pfacct {
    acct_pool = pfacct_pool
    nostrip
}

home_server_pool pfacct_pool {
    home_server = pfacct_local
}

home_server pfacct_local {
    type = acct
    ipaddr = 127.0.0.1
    port = 1813
    secret = 'ZDQ3YzUzMjkxM2M1NjBhM2IyMTJjNWE0'
    src_ipaddr = 10.0.255.99
}

> On Feb 8, 2022, at 11:51 AM, Jorge Nolla <jno...@gmail.com> wrote:
> 
> Fabrice,
> 
> For some reason I cannot get accounting forwarding to the Billing/Radius 
> Server. This server has the plans for the customers.
> 
> <Screen Shot 2022-02-08 at 11.48.23 AM.png>
> 
> 
> <Screen Shot 2022-02-08 at 11.50.20 AM.png>
> 
> 
> <Screen Shot 2022-02-08 at 11.48.01 AM.png>
> 
> 
> <Screen Shot 2022-02-08 at 11.51.33 AM.png>
> 
>> On Feb 8, 2022, at 11:39 AM, Jorge Nolla <jno...@gmail.com 
>> <mailto:jno...@gmail.com>> wrote:
>> 
>> Hi Fabrice,
>> 
>> It worked. I had to change to HTTPS and DNS for the cert on the server to 
>> work. We also changed the method to GET. Will try POST, not sure if this 
>> will make a difference.
>> 
>>  my $html_form = qq[
>>       <form name="weblogin_form" data-autosubmit="1000" method="GET" 
>> action="https://portal.fispy.mx:8443/login 
>> <https://portal.fispy.mx:8443/login>">
>>        <input type="hidden" name="username" value="$mac">
>>        <input type="hidden" name="password" value="$mac">
>>       </form>
>>       <script src="/content/autosubmit.js" type="text/javascript"></script>
>> 
>> Here is the a sample of the radius info on PF. Top entry is with new 
>> configuration MAC address as username. Bottom one is the old configuration, 
>> where we were submitting the url request manually. 
>> 
>> <Screen Shot 2022-02-08 at 11.34.52 AM.png>
>> 
>> 
>>> On Feb 8, 2022, at 9:30 AM, Fabrice Durand <oeufd...@gmail.com 
>>> <mailto:oeufd...@gmail.com>> wrote:
>>> 
>>> Yes, that's it. 
>>> 
>>> Le mar. 8 févr. 2022 à 11:23, Jorge Nolla <jno...@gmail.com 
>>> <mailto:jno...@gmail.com>> a écrit :
>>> Fabrice,
>>> 
>>> The document you had provided didn’t layout the configuration steps. I 
>>> think this might be the correct document for the configuration you are 
>>> referring. If you have a chance take a look and let me know.
>>> 
>>> https://support.huawei.com/enterprise/mx/knowledge/EKB1100055064 
>>> <https://support.huawei.com/enterprise/mx/knowledge/EKB1100055064>
>>> 
>>> 
>>> 
>>>> On Feb 8, 2022, at 9:14 AM, Fabrice Durand <oeufd...@gmail.com 
>>>> <mailto:oeufd...@gmail.com>> wrote:
>>>> 
>>>> You can try that instead:
>>>> 
>>>>         my $html_form = qq[
>>>>         <form name="weblogin_form" data-autosubmit="1000" method="POST" 
>>>> action="http://$controller_ip:8443/login 
>>>> <http://$controller_ip:8443/login>">
>>>>             <input type="hidden" name="username" value="$mac">
>>>>             <input type="hidden" name="password" value="$mac">
>>>>         </form>
>>>>         <script src="/content/autosubmit.js" 
>>>> type="text/javascript"></script>
>>>>     ];
>>>> 
>>>> It will pass the mac address of the device in the radius request as 
>>>> username and password instead of the real username and password who has 
>>>> been authenticated previously on the portal.
>>>> Then you just need to configure the registration role in the switch 
>>>> configuration to be -1 (packetfence side) and if the device is unreg then 
>>>> the request will be rejected.
>>>> 
>>>> 
>>>> Le mar. 8 févr. 2022 à 11:04, Jorge Nolla <jno...@gmail.com 
>>>> <mailto:jno...@gmail.com>> a écrit :
>>>> Hi Fabrice,
>>>> 
>>>> Let me check what the difference is in configuration on the AC side, I’ll 
>>>> report within the hour. Any clues as to why the parameters are not being 
>>>> passed?
>>>> 
>>>> 
>>>>> On Feb 8, 2022, at 8:55 AM, Fabrice Durand <oeufd...@gmail.com 
>>>>> <mailto:oeufd...@gmail.com>> wrote:
>>>>> 
>>>>> Hello Jorge,
>>>>> 
>>>>> i really think that it´s not the correct way to support the web auth in 
>>>>> Huawei.
>>>>> The only thing you can do with the portal is to authenticate with a 
>>>>> username and password, there is no way to do anything else 
>>>>> (sms/email/sponsor/....).
>>>>> 
>>>>> Also when you authenticate on the portal , the portal validate your 
>>>>> username and password and with the workflow you have it will authenticate 
>>>>> twice (portal and radius) and it doesn´t make sense.
>>>>> 
>>>>> So if you want to keep this way then you will need a simple html page 
>>>>> with a username and password field that post on 
>>>>> https://portal.fispy.mx:8443/login <https://portal.fispy.mx:8443/login> 
>>>>> then configure packetfence to authenticate the username and password from 
>>>>> radius.
>>>>> 
>>>>> The other way who looks really better is to use that: 
>>>>> (https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_2
>>>>>  
>>>>> <https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_2>)
>>>>> 
>>>>> <download.png>
>>>>>  
>>>>> As i said , it´s exactly how it works with the cisco wlc and it will 
>>>>> support all authentication mechanisms available on the portal.
>>>>> 
>>>>> Regards
>>>>> Fabrice
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> Le lun. 7 févr. 2022 à 20:25, Jorge Nolla <jno...@gmail.com 
>>>>> <mailto:jno...@gmail.com>> a écrit :
>>>>> 
>>>>> Radius request from the AC once it receives the correct values. This is 
>>>>> sent back to Radius which in this case is PF
>>>>> 
>>>>> User-Name = “5blz”  <<< VALUE NEEDED IN URL as username
>>>>> User-Password = "******”   <<< VALUE NEEDED IN URL as password
>>>>> NAS-IP-Address = 10.7.255.2
>>>>> NAS-Port = 900
>>>>> Service-Type = Framed-User
>>>>> Framed-Protocol = PPP
>>>>> Framed-IP-Address = 10.9.91.31
>>>>> Called-Station-Id = "c0:f6:c2:a5:c4:d0:FISPY-WiFi"
>>>>> Calling-Station-Id = "f0:2f:4b:14:67:d9"
>>>>> NAS-Identifier = "AirEngine9700-M1"
>>>>> NAS-Port-Type = Wireless-802.11
>>>>> Acct-Session-Id = "AirEngi00000000000900d5d66c0600187"
>>>>> Event-Timestamp = "Feb  7 2022 18:05:13 MST"
>>>>> NAS-Port-Id = "slot=0;subslot=0;port=0;vlanid=900"
>>>>> Huawei-Loopback-Address = "C0F6-C2A5-C4D0"
>>>>> Huawei-User-Mac = "\000\000\000\003"
>>>>> Stripped-User-Name = "5blz"
>>>>> Realm = "null"
>>>>> FreeRADIUS-Client-IP-Address = 10.7.255.2
>>>>> Called-Station-SSID = "FISPY-WiFi"
>>>>> PacketFence-KeyBalanced = "aa86741e358fa86079a91aaf4dc581f9"
>>>>> PacketFence-Radius-Ip = "10.0.255.99"
>>>>> SQL-User-Name = "5blz"
>>>>> 
>>>>>> On Feb 7, 2022, at 3:58 PM, Jorge Nolla <jno...@gmail.com 
>>>>>> <mailto:jno...@gmail.com>> wrote:
>>>>>> 
>>>>>> Hi Fabrice,
>>>>>> 
>>>>>> I did hardcode as follow:
>>>>>> 
>>>>>> <form name="weblogin_form" data-autosubmit="1000" method="GET" 
>>>>>> action="https://portal.fispy.mx:8443/login?username=bob&password=bob 
>>>>>> <https://portal.fispy.mx:8443/login?username=bob&password=bob>" 
>>>>>> style="display:none">
>>>>>> 
>>>>>> But the redirect which the client is getting, is only this part, not 
>>>>>> sure why:
>>>>>> 
>>>>>> https://portal.fispy.mx:8443/login? <https://portal.fispy.mx:8443/login?>
>>>>>> 
>>>>>> 
>>>>>> Here is the flow of the External Portal Authentication as per Huawei. 
>>>>>> Portal Server - Notify the STA of the login URL
>>>>>> STA - Send the username and password in HTTP GET POST. When this is 
>>>>>> configured to use ISE as per the guide, the ISE server sends the 
>>>>>> redirect to the STA as per the format. 
>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>  
>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>> 
>>>>>> 
>>>>>> <PastedGraphic-1.tiff>
>>>>>> 
>>>>>>> On Feb 7, 2022, at 2:51 PM, Fabrice Durand <oeufd...@gmail.com 
>>>>>>> <mailto:oeufd...@gmail.com>> wrote:
>>>>>>> 
>>>>>>> Did you try to hardcode that in the code and see if it works ?
>>>>>>> 
>>>>>>> Also i don´t understand the goal of passing the username and password , 
>>>>>>> is there any extra check after that ? What happen if the user register 
>>>>>>> by sms/email ?
>>>>>>> 
>>>>>>> And i just found that:
>>>>>>> https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_1
>>>>>>>  
>>>>>>> <https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_1>
>>>>>>> Is it something that can be configured on the Hawei ? If yes then it 
>>>>>>> will mimic the way the Cisco WLC works.
>>>>>>> 
>>>>>>> Regards
>>>>>>> Fabrice
>>>>>>> 
>>>>>>> 
>>>>>>> Le lun. 7 févr. 2022 à 16:01, Jorge Nolla <jno...@gmail.com 
>>>>>>> <mailto:jno...@gmail.com>> a écrit :
>>>>>>> Hi Fabrice,
>>>>>>> 
>>>>>>> This line needs to be HTTPS for it to work
>>>>>>> <form name="weblogin_form" data-autosubmit="1000" method="GET" 
>>>>>>> action="http://$controller_ip:8443/login?username=bob&password=bob 
>>>>>>> <http://$controller_ip:8443/login?username=bob&password=bob>" 
>>>>>>> style="display:none”>
>>>>>>> 
>>>>>>> This needs to be the username and password which is being entered by 
>>>>>>> the user in the PF portal, which is the Radius username and password
>>>>>>> username=bob&password=bob
>>>>>>> 
>>>>>>> 
>>>>>>>> On Feb 7, 2022, at 12:03 PM, Fabrice Durand <oeufd...@gmail.com 
>>>>>>>> <mailto:oeufd...@gmail.com>> wrote:
>>>>>>>> 
>>>>>>>> I just pushed a fix.
>>>>>>>> 
>>>>>>>> cd /usr/local/pf
>>>>>>>> curl 
>>>>>>>> https://github.com/inverse-inc/packetfence/commit/7628afddf46e0226667560dc33df192f9c4cf420.diff
>>>>>>>>  
>>>>>>>> <https://github.com/inverse-inc/packetfence/commit/7628afddf46e0226667560dc33df192f9c4cf420.diff>
>>>>>>>>  | patch -p1
>>>>>>>> and restart
>>>>>>>> 
>>>>>>>> Le lun. 7 févr. 2022 à 13:46, Jorge Nolla <jno...@gmail.com 
>>>>>>>> <mailto:jno...@gmail.com>> a écrit :
>>>>>>>> Here are the log outputs for /usr/local/pf/logs/packetfence.log
>>>>>>>> 
>>>>>>>> 
>>>>>>>> Feb  7 11:03:04 wifi packetfence_httpd.portal[61371]: 
>>>>>>>> httpd.portal(61371) INFO: [mac:[undef]] URI '/Huawei' is detected as 
>>>>>>>> an external captive portal URI (pf::web::externalportal::handle)
>>>>>>>> Feb  7 11:03:04 wifi packetfence_httpd.portal[61371]: 
>>>>>>>> httpd.portal(61371) ERROR: [mac:[undef]] Cannot load perl module for 
>>>>>>>> switch type 'pf::Switch::Huawei'. Either switch type is unknown or 
>>>>>>>> switch type perl module have compilation errors. See the following 
>>>>>>>> message for details:  (pf::web::externalportal::handle)
>>>>>>>> Feb  7 11:03:06 wifi packetfence_httpd.portal[61370]: 
>>>>>>>> httpd.portal(61370) INFO: [mac:[undef]] URI '/Huawei' is detected as 
>>>>>>>> an external captive portal URI (pf::web::externalportal::handle)
>>>>>>>> Feb  7 11:03:06 wifi packetfence_httpd.portal[61370]: 
>>>>>>>> httpd.portal(61370) ERROR: [mac:[undef]] Cannot load perl module for 
>>>>>>>> switch type 'pf::Switch::Huawei'. Either switch type is unknown or 
>>>>>>>> switch type perl module have compilation errors. See the following 
>>>>>>>> message for details:  (pf::web::externalportal::handle)
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>>> On Feb 7, 2022, at 10:50 AM, Jorge Nolla <jno...@gmail.com 
>>>>>>>>> <mailto:jno...@gmail.com>> wrote:
>>>>>>>>> 
>>>>>>>>> Here is the output for HAProxy
>>>>>>>>> 
>>>>>>>>> Feb 7 10:48:54 wifi haproxy[2285]: 10.9.215.39:63814 
>>>>>>>>> <http://10.9.215.39:63814/> [07/Feb/2022:10:48:54.074] 
>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1 
>>>>>>>>> <http://127.0.0.1/> 0/0/0/13/13 501 413 - - ---- 2/1/0/0/0 0/0 
>>>>>>>>> {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET 
>>>>>>>>> /Huawei?ac-ip=10.7.255.2&userip=10.9.215.39&ssid=FISPY-WiFi&ap-mac=f02f4b1467d9
>>>>>>>>>  HTTP/1.1”
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>>> On Feb 7, 2022, at 10:06 AM, Jorge Nolla <jno...@gmail.com 
>>>>>>>>>> <mailto:jno...@gmail.com>> wrote:
>>>>>>>>>> 
>>>>>>>>>> Hi Fabrice,
>>>>>>>>>> 
>>>>>>>>>> From the Pf portal after the patch is applied.
>>>>>>>>>> 
>>>>>>>>>> type: 'Huawei' is not a valid value The chosen type (Huawei) is not 
>>>>>>>>>> supported.
>>>>>>>>>> 
>>>>>>>>>>> On Feb 6, 2022, at 6:49 PM, Jorge Nolla <jno...@gmail.com 
>>>>>>>>>>> <mailto:jno...@gmail.com>> wrote:
>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>>> This is the only option on the config.
>>>>>>>>>>> 
>>>>>>>>>>> <Screen Shot 2022-02-06 at 6.48.16 PM.png>
>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>>>> On Feb 6, 2022, at 6:41 PM, Jorge Nolla <jno...@gmail.com 
>>>>>>>>>>>> <mailto:jno...@gmail.com>> wrote:
>>>>>>>>>>>> 
>>>>>>>>>>>> Hi Fabrice,
>>>>>>>>>>>> 
>>>>>>>>>>>> Getting an error page from PF
>>>>>>>>>>>> 
>>>>>>>>>>>> Not Implemented
>>>>>>>>>>>> GET no supported for current URL.
>>>>>>>>>>>> 
>>>>>>>>>>>> How is the switch supposed to be defined in PF?
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>>> On Feb 6, 2022, at 5:55 PM, Fabrice Durand <oeufd...@gmail.com 
>>>>>>>>>>>>> <mailto:oeufd...@gmail.com>> wrote:
>>>>>>>>>>>>> 
>>>>>>>>>>>>> I am just not sure what to set for username and password, if you 
>>>>>>>>>>>>> do sms auth then there is no password.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Also in the url it looks that it miss the mac address of the 
>>>>>>>>>>>>> device , can you try to add  device-mac and see if the device mac 
>>>>>>>>>>>>> is in the url ?
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Here the first draft:
>>>>>>>>>>>>> 
>>>>>>>>>>>>> https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff
>>>>>>>>>>>>>  
>>>>>>>>>>>>> <https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff>
>>>>>>>>>>>>> 
>>>>>>>>>>>>> cd /usr/local/pf/
>>>>>>>>>>>>> curl 
>>>>>>>>>>>>> https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff
>>>>>>>>>>>>>  
>>>>>>>>>>>>> <https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff>
>>>>>>>>>>>>>  | patch -p1
>>>>>>>>>>>>> 
>>>>>>>>>>>>> then restart packetfence.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> On the controller:
>>>>>>>>>>>>> 
>>>>>>>>>>>>> url-template name PacketFence
>>>>>>>>>>>>>  url https://wifi.fispy.mx/ 
>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>Hawei
>>>>>>>>>>>>>  url-parameter device-ip device-mac ac-ip user-ipaddress userip 
>>>>>>>>>>>>> ssid ssid user-mac ap-mac
>>>>>>>>>>>>> 
>>>>>>>>>>>>> So when the device will be forwarded to the portal it should be 
>>>>>>>>>>>>> able to recognise the mac address and the ip of the device (in 
>>>>>>>>>>>>> the bottom).
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Register on the portal and you should be forwarded to 
>>>>>>>>>>>>> http://$controller_ip:8443/login?username=bob&password=bob 
>>>>>>>>>>>>> <http://$controller_ip:8443/login?username=bob&password=bob>
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Let me know how it behave.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Regards
>>>>>>>>>>>>> Fabrice
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>>  
>>>>>>>>>>>>> Le dim. 6 févr. 2022 à 18:58, Jorge Nolla <jno...@gmail.com 
>>>>>>>>>>>>> <mailto:jno...@gmail.com>> a écrit :
>>>>>>>>>>>>> Hi Fabrice
>>>>>>>>>>>>> 
>>>>>>>>>>>>> This is the GET the AC is expecting:
>>>>>>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>>>>>>>  
>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>>>>>>> 
>>>>>>>>>>>>> If successful it will return as per image below. If it fails the 
>>>>>>>>>>>>> AC will redirect back to the Portal
>>>>>>>>>>>>> 
>>>>>>>>>>>>> <WebAuthentication.png>
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Here is the configuration:
>>>>>>>>>>>>> 
>>>>>>>>>>>>> url-template name PacketFence
>>>>>>>>>>>>>  url https://wifi.fispy.mx/captive-portal 
>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>
>>>>>>>>>>>>>  url-parameter login-url destination_url 
>>>>>>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>>>>>>>  
>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> HA Proxy output
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Feb 6 16:44:26 wifi haproxy[2427]: 10.9.70.173:52266 
>>>>>>>>>>>>> <http://10.9.70.173:52266/> [06/Feb/2022:16:44:26.153] 
>>>>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1 
>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/202/202 200 9003 - - ---- 2/1/0/0/0 0/0 
>>>>>>>>>>>>> {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET 
>>>>>>>>>>>>> /captive-portal?destination_url=https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>>>>>>>  
>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>>>>>>>  HTTP/1.1"
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Only problem is that PacketFence is not updating the dynamic 
>>>>>>>>>>>>> values with username and password for it to work
>>>>>>>>>>>>> 
>>>>>>>>>>>>> AC = Access Controller. This manages the APs’ as they are 
>>>>>>>>>>>>> operating in Fit/Lightweight mode.
>>>>>>>>>>>>> AP = Access Points. These are the actual radios.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Best Regards,
>>>>>>>>>>>>> Jorge
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>>> On Feb 6, 2022, at 4:40 PM, Fabrice Durand <oeufd...@gmail.com 
>>>>>>>>>>>>>> <mailto:oeufd...@gmail.com>> wrote:
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> Hello Jorge,
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> i have what i need at least to be able to support the web-auth.
>>>>>>>>>>>>>> The only thing i am not sure is at the end of the registration 
>>>>>>>>>>>>>> process what we are supposed to do.
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> I will create a branch on github in order for you to test. (it 
>>>>>>>>>>>>>> will be an update of the Huawei switch module).
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> For information, what is the ac-ip ac-mac versus ap-ip ap-mac ?
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>> Fabrice
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> Le dim. 6 févr. 2022 à 18:30, Jorge Nolla <jno...@gmail.com 
>>>>>>>>>>>>>> <mailto:jno...@gmail.com>> a écrit :
>>>>>>>>>>>>>> If I try to manually send the redirect in the browser here is 
>>>>>>>>>>>>>> what HA proxy records. This is a simple copy and paste in the 
>>>>>>>>>>>>>> browser and the output:
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> https://wifi.fispy.mx/captive-portal 
>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>?destination_url=https://portal.fispy.mx:8443/login?username=539z&password=0uf3
>>>>>>>>>>>>>>  <https://portal.fispy.mx:8443/login?username=539z&password=0uf3>
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> 4875 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx 
>>>>>>>>>>>>>> <http://wifi.fispy.mx/>} "GET 
>>>>>>>>>>>>>> /captive-portal?destination_url=https://portal.fispy.mx:8443/login?username=539z&password=0uf3
>>>>>>>>>>>>>>  
>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=539z&password=0uf3> 
>>>>>>>>>>>>>> HTTP/1.1"
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> It doesn’t let it go through as it seems that is trying to 
>>>>>>>>>>>>>> validate network connectivity 
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> On Feb 6, 2022, at 4:07 PM, Jorge Nolla <jno...@gmail.com 
>>>>>>>>>>>>>>> <mailto:jno...@gmail.com>> wrote:
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> Seems weird how the format of the URL is recorded/sent 
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> Here is a normal redirect, the url is formatted correctly,
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> Feb 6 16:03:41 wifi haproxy[2427]: 10.99.1.20:63577 
>>>>>>>>>>>>>>> <http://10.99.1.20:63577/> [06/Feb/2022:16:03:41.232] 
>>>>>>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1 
>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/1/233/234 200 4910 - - ---- 2/1/0/0/0 
>>>>>>>>>>>>>>> 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET 
>>>>>>>>>>>>>>> /captive-portal?destination_url=https://www.fispy.mx/ 
>>>>>>>>>>>>>>> <https://www.fispy.mx/> HTTP/1.1"
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>  I’m not sure why the value sent by the AP has all the % and 
>>>>>>>>>>>>>>> weird symbols 
>>>>>>>>>>>>>>> destination%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>>>>>>>>>>>>>  
>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal?switch_url=https://portal.fispy.mx:8443/login>
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> On Feb 6, 2022, at 4:00 PM, Jorge Nolla <jno...@gmail.com 
>>>>>>>>>>>>>>>> <mailto:jno...@gmail.com>> wrote:
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> Hi Fabrice,
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> Here are the options that can be added:
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> [AirEngine9700-M1-url-template-PacketFence]url-parameter ?
>>>>>>>>>>>>>>>>   ap-group-name   AP group name
>>>>>>>>>>>>>>>>   ap-ip           AP IP address
>>>>>>>>>>>>>>>>   ap-location     AP location
>>>>>>>>>>>>>>>>   ap-mac          AP MAC address
>>>>>>>>>>>>>>>>   ap-name         AP name
>>>>>>>>>>>>>>>>   device-ip       Device IP address
>>>>>>>>>>>>>>>>   device-mac      Device MAC address
>>>>>>>>>>>>>>>>   login-url       Device's login URL provided to the external 
>>>>>>>>>>>>>>>> portal server
>>>>>>>>>>>>>>>>   mac-address     Mac address
>>>>>>>>>>>>>>>>   redirect-url    The url in user original http packet
>>>>>>>>>>>>>>>>   set             Set
>>>>>>>>>>>>>>>>   ssid            SSID
>>>>>>>>>>>>>>>>   sysname         Device name
>>>>>>>>>>>>>>>>   user-ipaddress  User IP address
>>>>>>>>>>>>>>>>   user-mac        User MAC address
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> url-template name PacketFence
>>>>>>>>>>>>>>>>  url https://wifi.fispy.mx/captive-portal 
>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>
>>>>>>>>>>>>>>>>  url-parameter device-ip ac-ip user-ipaddress userip ssid ssid 
>>>>>>>>>>>>>>>> user-mac ap-mac
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> 200 9003 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx 
>>>>>>>>>>>>>>>> <http://wifi.fispy.mx/>} "GET 
>>>>>>>>>>>>>>>> /captive-portal?ac%2Dip=10%2E7%2E255%2E2&userip=10%2E9%2E70%2E173&ssid=FISPY%2DWiFi&ap%2Dmac=f02f4b1467d9
>>>>>>>>>>>>>>>>  HTTP/1.1"
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> If we do not specify the URL on this configuration, where 
>>>>>>>>>>>>>>>> would PacketFence get the value for the AC Web Authentication 
>>>>>>>>>>>>>>>> call?
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>>>>>>>>>>  
>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> Best Regards,
>>>>>>>>>>>>>>>> Jorge
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>> On Feb 5, 2022, at 8:23 PM, Fabrice Durand 
>>>>>>>>>>>>>>>>> <oeufd...@gmail.com <mailto:oeufd...@gmail.com>> wrote:
>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>> Hello Jorge,
>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>> what we need is the user mac and the ap information.
>>>>>>>>>>>>>>>>> I found that 
>>>>>>>>>>>>>>>>> https://support.huawei.com/enterprise/en/doc/EDOC1100008283/659354b1/display-url-template
>>>>>>>>>>>>>>>>>  
>>>>>>>>>>>>>>>>> <https://support.huawei.com/enterprise/en/doc/EDOC1100008283/659354b1/display-url-template>
>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>> Is it possible to add extra parameters like user-mac ssid 
>>>>>>>>>>>>>>>>> ap-ip ap-mac ?
>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>> And if yes can you provide me the url generated by the 
>>>>>>>>>>>>>>>>> controller when it redirect ?  (haproxy-portal log)
>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>>>>> Fabrice
>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>> Le sam. 5 févr. 2022 à 20:42, Jorge Nolla <jno...@gmail.com 
>>>>>>>>>>>>>>>>> <mailto:jno...@gmail.com>> a écrit :
>>>>>>>>>>>>>>>>> Hi Team,
>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>> Any input on this? We really would like to get this to work.
>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>> Thank you!
>>>>>>>>>>>>>>>>> Jorge
>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> On Feb 2, 2022, at 7:48 PM, Jorge Nolla <jno...@gmail.com 
>>>>>>>>>>>>>>>>>> <mailto:jno...@gmail.com>> wrote:
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> Hi Fabrice,
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> This is the sequence:
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> Feb  2 14:51:32 wifi haproxy[2427]: 10.9.79.52:61132 
>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61132/> [02/Feb/2022:14:51:32.663] 
>>>>>>>>>>>>>>>>>> portal-http-10.0.255.99 10.0.255.99-backend/127.0.0.1 
>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/201/201 200 7146 - - ---- 
>>>>>>>>>>>>>>>>>> 3/1/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET 
>>>>>>>>>>>>>>>>>> /access?lang= HTTP/1.1"
>>>>>>>>>>>>>>>>>> Feb  2 14:51:37 wifi haproxy[2427]: 10.9.79.52:61133 
>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61133/> [02/Feb/2022:14:51:37.905] 
>>>>>>>>>>>>>>>>>> portal-http-10.0.255.99 static/127.0.0.1 <http://127.0.0.1/> 
>>>>>>>>>>>>>>>>>> 0/0/0/2/2 200 228 - - ---- 4/2/0/0/0 0/0 {10.0.255.99} "GET 
>>>>>>>>>>>>>>>>>> /common/network-access-detection.gif?r=1643838705224 
>>>>>>>>>>>>>>>>>> HTTP/1.1"
>>>>>>>>>>>>>>>>>> Feb  2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61130 
>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61130/> [02/Feb/2022:14:51:43.927] 
>>>>>>>>>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1 
>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/122/122 302 1018 - - ---- 
>>>>>>>>>>>>>>>>>> 4/1/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET 
>>>>>>>>>>>>>>>>>> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>>>>>>>>>>>>>>>>  HTTP/1.1"
>>>>>>>>>>>>>>>>>> Feb  2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61132 
>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61132/> [02/Feb/2022:14:51:44.060] 
>>>>>>>>>>>>>>>>>> portal-http-10.0.255.99 10.0.255.99-backend/127.0.0.1 
>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/129/129 200 7146 - - ---- 
>>>>>>>>>>>>>>>>>> 4/2/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET 
>>>>>>>>>>>>>>>>>> /access?lang= HTTP/1.1"
>>>>>>>>>>>>>>>>>> Feb  2 14:51:49 wifi haproxy[2427]: 10.9.79.52:61133 
>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61133/> [02/Feb/2022:14:51:49.219] 
>>>>>>>>>>>>>>>>>> portal-http-10.0.255.99 static/127.0.0.1 <http://127.0.0.1/> 
>>>>>>>>>>>>>>>>>> 0/0/0/1/1 200 228 - - ---- 4/2/0/0/0 0/0 {10.0.255.99} "GET 
>>>>>>>>>>>>>>>>>> /common/network-access-detection.gif?r=1643838716546 
>>>>>>>>>>>>>>>>>> HTTP/1.1"
>>>>>>>>>>>>>>>>>> Feb  2 14:51:55 wifi haproxy[2427]: 10.9.79.52:61130 
>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61130/> [02/Feb/2022:14:51:55.287] 
>>>>>>>>>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1 
>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/136/136 302 1018 - - ---- 
>>>>>>>>>>>>>>>>>> 4/1/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET 
>>>>>>>>>>>>>>>>>> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>>>>>>>>>>>>>>>>  HTTP/1.1”
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> On Feb 2, 2022, at 7:12 PM, Fabrice Durand 
>>>>>>>>>>>>>>>>>>> <oeufd...@gmail.com <mailto:oeufd...@gmail.com>> wrote:
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> Hello Jorge,
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> i will have a look closer.
>>>>>>>>>>>>>>>>>>> But i have a question, when the device is forwarded to the 
>>>>>>>>>>>>>>>>>>> captive portal, (just before 
>>>>>>>>>>>>>>>>>>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>>>>>>>>>>>>>>>>>  
>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal?switch_url=https://portal.fispy.mx:8443/login>)
>>>>>>>>>>>>>>>>>>>  , what is the url ?
>>>>>>>>>>>>>>>>>>> You should be able to see it in the haproxy-portal.log file.
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>>>>>>> Fabrice
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> Le mer. 2 févr. 2022 à 10:18, Jorge Nolla <jno...@gmail.com 
>>>>>>>>>>>>>>>>>>> <mailto:jno...@gmail.com>> a écrit :
>>>>>>>>>>>>>>>>>>> Hi Fabrice,
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> We almost have the configuration working, but are not sure 
>>>>>>>>>>>>>>>>>>> how to get the redirect to the client to work correctly. 
>>>>>>>>>>>>>>>>>>> Attached is the documentation for Cisco ISE which we used 
>>>>>>>>>>>>>>>>>>> for PacketFence as well.
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> Portal.fispy.mx <http://portal.fispy.mx/> is the Huawei AC.
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> This is the format the client should get from PacketFence. 
>>>>>>>>>>>>>>>>>>> This is the only piece we are missing for this to work.
>>>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>>>>>>>>>>>>>  
>>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> If we manually click on the link above, then the flow of 
>>>>>>>>>>>>>>>>>>> traffic works correctly CLIENT > AC > RADIUS (PacketFence), 
>>>>>>>>>>>>>>>>>>> and authentication works. The problem is that when the user 
>>>>>>>>>>>>>>>>>>> logs in to the portal the redirect is broken. The parameter 
>>>>>>>>>>>>>>>>>>> for the redirect that PacketFence is serving, comes from a 
>>>>>>>>>>>>>>>>>>> configuration parameter within the AC. This configuration 
>>>>>>>>>>>>>>>>>>> works fine for Cisco ISE, but the URL format is not working 
>>>>>>>>>>>>>>>>>>> for PacketFence.
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> When we configure the redirect this is what the client is 
>>>>>>>>>>>>>>>>>>> getting from PacketFence
>>>>>>>>>>>>>>>>>>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>>>>>>>>>>>>>>>>>  
>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin>
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> url-template name PacketFence
>>>>>>>>>>>>>>>>>>>  url https://wifi.fispy.mx/captive-portal 
>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>
>>>>>>>>>>>>>>>>>>>  url-parameter login-url switch_url 
>>>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login 
>>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login>  <<< THIS IS THE 
>>>>>>>>>>>>>>>>>>> PARAMETER FOR THE REDIRECT TO PACKETFENCE
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> AC CONFIG
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> authentication-profile name PacketFence
>>>>>>>>>>>>>>>>>>>  portal-access-profile PacketFence
>>>>>>>>>>>>>>>>>>>  free-rule-template default_free_rule
>>>>>>>>>>>>>>>>>>>  authentication-scheme PacketFence
>>>>>>>>>>>>>>>>>>>  accounting-scheme PacketFence
>>>>>>>>>>>>>>>>>>>  radius-server PacketFence
>>>>>>>>>>>>>>>>>>>  force-push url https://www.fispy.mx <https://www.fispy.mx/>
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> radius-server template PacketFence
>>>>>>>>>>>>>>>>>>>  radius-server shared-key cipher 
>>>>>>>>>>>>>>>>>>> %^%#*)l=:1.X-Yd$\<~orEF@]<}NMejv3)E^\6;7:NUY%^%#
>>>>>>>>>>>>>>>>>>>  radius-server authentication 10.0.255.99 1812 source 
>>>>>>>>>>>>>>>>>>> ip-address 10.7.255.2 weight 90
>>>>>>>>>>>>>>>>>>>  radius-server accounting 10.0.255.99 1813 source 
>>>>>>>>>>>>>>>>>>> ip-address 10.7.255.2 weight 80
>>>>>>>>>>>>>>>>>>>  undo radius-server user-name domain-included
>>>>>>>>>>>>>>>>>>>  calling-station-id mac-format unformatted
>>>>>>>>>>>>>>>>>>>  called-station-id wlan-user-format ac-mac
>>>>>>>>>>>>>>>>>>>  radius-server attribute translate
>>>>>>>>>>>>>>>>>>>  radius-attribute disable HW-NAS-Startup-Time-Stamp send
>>>>>>>>>>>>>>>>>>>  radius-attribute disable HW-IP-Host-Address send
>>>>>>>>>>>>>>>>>>>  radius-attribute disable HW-Connect-ID send
>>>>>>>>>>>>>>>>>>>  radius-attribute disable HW-Version send
>>>>>>>>>>>>>>>>>>>  radius-attribute disable HW-Product-ID send
>>>>>>>>>>>>>>>>>>>  radius-attribute disable HW-Domain-Name send
>>>>>>>>>>>>>>>>>>>  radius-attribute disable HW-User-Extend-Info send
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> url-template name PacketFence
>>>>>>>>>>>>>>>>>>>  url https://wifi.fispy.mx/captive-portal 
>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>
>>>>>>>>>>>>>>>>>>>  url-parameter login-url switch_url 
>>>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login 
>>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login>  <<< THIS IS THE 
>>>>>>>>>>>>>>>>>>> PARAMETER FOR THE REDIRECT TO PACKETFENCE
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> web-auth-server PacketFence
>>>>>>>>>>>>>>>>>>>  server-ip 10.0.255.99
>>>>>>>>>>>>>>>>>>>  port 443
>>>>>>>>>>>>>>>>>>>  url-template PacketFence
>>>>>>>>>>>>>>>>>>>  protocol http
>>>>>>>>>>>>>>>>>>>  http get-method enable
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> portal-access-profile name PacketFence
>>>>>>>>>>>>>>>>>>>  web-auth-server PacketFence direct
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> authentication-scheme PacketFence
>>>>>>>>>>>>>>>>>>>   authentication-mode radius
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> wlan
>>>>>>>>>>>>>>>>>>>  security-profile name FISPY-WiFi
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>>  vap-profile name FISPY-WiFi
>>>>>>>>>>>>>>>>>>>   service-vlan vlan-id 900
>>>>>>>>>>>>>>>>>>>   permit-vlan vlan-id 900
>>>>>>>>>>>>>>>>>>>   ssid-profile FISPY-WiFi
>>>>>>>>>>>>>>>>>>>   security-profile FISPY-WiFi
>>>>>>>>>>>>>>>>>>>   authentication-profile PacketFence
>>>>>>>>>>>>>>>>>>>   sta-network-detect disable
>>>>>>>>>>>>>>>>>>>   service-experience-analysis enable
>>>>>>>>>>>>>>>>>>>   mdns-snooping enable
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> ###CISCO ISE CONFIG TO COMPARE###
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> url-template name CISCO-ISE
>>>>>>>>>>>>>>>>>>>  url 
>>>>>>>>>>>>>>>>>>> https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02
>>>>>>>>>>>>>>>>>>>  
>>>>>>>>>>>>>>>>>>> <https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02>
>>>>>>>>>>>>>>>>>>>  parameter start-mark #
>>>>>>>>>>>>>>>>>>>  url-parameter login-url switch_url 
>>>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login 
>>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login>
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> ####################################
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>>> On Feb 2, 2022, at 6:17 AM, Fabrice Durand 
>>>>>>>>>>>>>>>>>>>> <oeufd...@gmail.com <mailto:oeufd...@gmail.com>> wrote:
>>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>>> Hello Jorge,
>>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>>> do you have any Huawei documentation to implement that ?
>>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>>>>>>>> Fabrice
>>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>>> Le mer. 26 janv. 2022 à 15:59, Jorge Nolla via 
>>>>>>>>>>>>>>>>>>>> PacketFence-users <packetfence-users@lists.sourceforge.net 
>>>>>>>>>>>>>>>>>>>> <mailto:packetfence-users@lists.sourceforge.net>> a écrit :
>>>>>>>>>>>>>>>>>>>> Hi Team,
>>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>>> We were wondering if anyone has had any success in 
>>>>>>>>>>>>>>>>>>>> configuring Web Auth for the Huawei AC? It’s somewhat 
>>>>>>>>>>>>>>>>>>>> critical for us to get this going.
>>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>>> Thank you!
>>>>>>>>>>>>>>>>>>>> Jorge
>>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>>>>>>> PacketFence-users mailing list  
>>>>>>>>>>>>>>>>>>>> PacketFence-users@lists.sourceforge.net 
>>>>>>>>>>>>>>>>>>>> <mailto:PacketFence-users@lists.sourceforge.net>
>>>>>>>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>>>>>>>>>>>>>>>  
>>>>>>>>>>>>>>>>>>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>>  
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>> 
>>>>>>>> 
>>>>>>> 
>>>>>> 
>>>>> 
>>>> 
>>> 
>> 
> 



_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users