Fabrice,
PF is sending the accounting data to the billing server. The problem is the
info does not match:
PF: 10.0.255.99
Billing server (Splynx): 10.0.254.100
2022-02-10 11:39:32.968605 (12417) Accounting-Request Id 80
any:10.0.255.99:54246 -> 10.0.254.100:1813 +165.413
User-Name = "f0:2f:4b:14:67:d9” << this needs to be the
username entered in the portal and not the MAC of the device of this to work.
How can we modify this?
NAS-IP-Address = 10.7.255.2
NAS-Port = 900
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 10.9.120.192
Called-Station-Id = "c0:f6:c2:a5:c4:d0:FISPY-WiFi"
Calling-Station-Id = "f0:2f:4b:14:67:d9"
NAS-Identifier = "AirEngine9700-M1"
Proxy-State = 0x313734
NAS-Port-Type = Wireless-802.11
Acct-Status-Type = Stop
Acct-Delay-Time = 0
Acct-Input-Octets = 432779
Acct-Output-Octets = 22133343
Acct-Session-Id = "AirEngi000000000009001d099206001ed"
Acct-Authentic = RADIUS
Acct-Session-Time = 299
Acct-Input-Packets = 2643
Acct-Output-Packets = 16634
Acct-Terminate-Cause = Session-Timeout
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
Event-Timestamp = "Feb 10 2022 11:39:32 MST"
NAS-Port-Id = "slot=0;subslot=0;port=0;vlanid=900"
Huawei-Connect-ID = 393709
Huawei-IPHost-Addr = "10.9.120.192 f0:2f:4b:14:67:d9"
Huawei-Loopback-Address = "C0F6-C2A5-C4D0"
Huawei-User-Mac = "\000\000\000\003"
Attr-26.29464.32 =
0x3165623139616265663234666132396334383731346130343334323334323936
Authenticator-Field = 0xb28b0b1cdf553d1c27a431568347fc4b
> On Feb 9, 2022, at 6:12 PM, Jorge Nolla <[email protected]> wrote:
>
> Hi Fabrice,
>
> This is the output when It receives an accounting message from the controller:
>
>
> ^C[root@wifi jnolla]# radsniff -i any -f "port 1813" -x
> Logging all events
> Sniffing on (any)
> 2022-02-09 18:10:33.642001 (1) Accounting-Request Id 147 any:10.7.255.2:62395
> -> 10.0.255.99:1813 +0.000
> User-Name = "62:ca:49:92:a0:3d"
> NAS-IP-Address = 10.7.255.2
> NAS-Port = 900
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-IP-Address = 10.9.239.159
> Called-Station-Id = "C0-F6-C2-A5-C4-D0:FISPY-WiFi"
> Calling-Station-Id = "62ca-4992-a03d"
> NAS-Identifier = "AirEngine9700-M1"
> NAS-Port-Type = Wireless-802.11
> Acct-Status-Type = Interim-Update
> Acct-Delay-Time = 0
> Acct-Input-Octets = 131762920
> Acct-Output-Octets = 194531281
> Acct-Session-Id = "AirEngi0000000000090083f40606001b4"
> Acct-Authentic = RADIUS
> Acct-Session-Time = 33887
> Acct-Input-Packets = 211695
> Acct-Output-Packets = 221103
> Acct-Input-Gigawords = 0
> Acct-Output-Gigawords = 0
> Event-Timestamp = "Feb 9 2022 18:10:32 MST"
> NAS-Port-Id = "slot=0;subslot=0;port=0;vlanid=900"
> Huawei-Loopback-Address = "C0F6-C2A5-C4D0"
> Huawei-User-Mac = "\000\000\000\003"
> Authenticator-Field = 0x86cc68cf43a59904f7d3c0e36e910008
> 2022-02-09 18:10:33.661871 (2) Accounting-Response Id 147
> any:10.7.255.2:62395 <- 10.0.255.99:1813 +0.019 +0.019
> Reply-Message = "Accounting ok"
> Authenticator-Field = 0xdfccea5174f4312f6e0784825583dbdf
> 2022-02-09 18:10:38.861871 (1) Cleaning up request packet ID 147
> 2022-02-09 18:10:49.323597 (3) Accounting-Request Id 148 any:10.7.255.2:62395
> -> 10.0.255.99:1813 +15.681
> User-Name = "62:ca:49:92:a0:3d"
> NAS-IP-Address = 10.7.255.2
> NAS-Port = 900
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-IP-Address = 10.9.239.159
> Called-Station-Id = "C0-F6-C2-A5-C4-D0:FISPY-WiFi"
> Calling-Station-Id = "62ca-4992-a03d"
> NAS-Identifier = "AirEngine9700-M1"
> NAS-Port-Type = Wireless-802.11
> Acct-Status-Type = Interim-Update
> Acct-Delay-Time = 0
> Acct-Input-Octets = 131775665
> Acct-Output-Octets = 194533397
> Acct-Session-Id = "AirEngi0000000000090083f40606001b4"
> Acct-Authentic = RADIUS
> Acct-Session-Time = 33902
> Acct-Input-Packets = 211773
> Acct-Output-Packets = 221123
> Acct-Input-Gigawords = 0
> Acct-Output-Gigawords = 0
> Event-Timestamp = "Feb 9 2022 18:10:48 MST"
> NAS-Port-Id = "slot=0;subslot=0;port=0;vlanid=900"
> Huawei-Loopback-Address = "C0F6-C2A5-C4D0"
> Huawei-User-Mac = "\000\000\000\003"
> Authenticator-Field = 0x3fbec8864dcb325273ce4ba1da28e690
> 2022-02-09 18:10:49.342798 (4) Accounting-Response Id 148
> any:10.7.255.2:62395 <- 10.0.255.99:1813 +15.700 +0.019
> Reply-Message = "Accounting ok"
> Authenticator-Field = 0x15b54405e404decb5b3db3f58cc8d2cb
> 2022-02-09 18:10:54.542798 (3) Cleaning up request packet ID 148
>
>
>
>
>> On Feb 9, 2022, at 6:04 PM, Fabrice Durand <[email protected]
>> <mailto:[email protected]>> wrote:
>>
>> You have to restart pfacct and radiusd-acct.
>>
>> And check the accounting packet, not sure you have the realm in the username
>> attribute.
>>
>> raddebug -f /usr/local/pf/var/run/radiusd-acct.sock -t 300
>> or
>> radsniff -i any -f "port 1813" -x
>>
>> Regards
>> Fabrice
>>
>> Le mer. 9 févr. 2022 à 19:57, Jorge Nolla <[email protected]
>> <mailto:[email protected]>> a écrit :
>> I noticed pfacct running and made the change, still no luck.
>>
>> <Screen Shot 2022-02-09 at 5.56.32 PM.png>
>>
>>> On Feb 9, 2022, at 5:55 PM, Fabrice Durand <[email protected]
>>> <mailto:[email protected]>> wrote:
>>>
>>> Hello Jorge,
>>> you have to enable radius-acct service.
>>>
>>> It´s radius-acct who is able to proxy the request to another server, not
>>> pfacct (btw you can keep it enabled).
>>>
>>> Regards
>>> Fabrice
>>>
>>>
>>> Le mer. 9 févr. 2022 à 19:21, Jorge Nolla <[email protected]
>>> <mailto:[email protected]>> a écrit :
>>>
>>> Another configuration file with references to the billing server Splynx:
>>>
>>> [root@wifi raddb]# cat mods-config/perl/multi_domain_constants.pm
>>> <http://multi_domain_constants.pm/>
>>> package multi_domain_constants;
>>>
>>> our $VAR1 = {
>>> '1' => {
>>> 'ConfigRealm' => {
>>> 'local' => {
>>> 'radius_strip_username'
>>> => 'disabled',
>>> 'eap' => 'default',
>>> 'admin_strip_username'
>>> => 'disabled',
>>> 'portal_strip_username'
>>> => 'disabled'
>>> },
>>> 'default' => {
>>>
>>> 'radius_acct_proxy_type' => 'load-balance',
>>>
>>> 'radius_auth_compute_in_pf' => 'disabled',
>>>
>>> 'eduroam_radius_auth_proxy_type' => 'keyed-balance',
>>>
>>> 'radius_auth_proxy_type' => 'keyed-balance',
>>>
>>> 'portal_strip_username' => 'disabled',
>>> 'admin_strip_username'
>>> => 'disabled',
>>> 'radius_auth' => '',
>>>
>>> 'radius_strip_username' => 'disabled',
>>> 'eap' => 'default',
>>> 'eduroam_radius_acct'
>>> => '',
>>>
>>> 'eduroam_radius_acct_proxy_type' => 'load-balance',
>>>
>>> 'permit_custom_attributes' => 'disabled',
>>>
>>> 'eduroam_radius_auth_compute_in_pf' => 'enabled',
>>> 'eduroam_radius_auth'
>>> => '',
>>> 'radius_acct' => ''
>>> },
>>> 'null' => {
>>> 'eap' => 'default',
>>> 'radius_strip_username'
>>> => 'disabled',
>>> 'admin_strip_username' =>
>>> 'disabled',
>>> 'portal_strip_username'
>>> => 'disabled'
>>> },
>>> 'fispy.mx <http://fispy.mx/>' => {
>>> 'eduroam_radius_acct'
>>> => '',
>>> 'eap' => 'default',
>>>
>>> 'radius_strip_username' => 'enabled',
>>>
>>> 'admin_strip_username' => 'enabled',
>>> 'radius_auth' =>
>>> 'Splynx',
>>>
>>> 'portal_strip_username' => 'enabled',
>>>
>>> 'eduroam_radius_auth_proxy_type' => 'keyed-balance',
>>>
>>> 'radius_auth_proxy_type' => 'keyed-balance',
>>>
>>> 'radius_acct_proxy_type' => 'load-balance',
>>>
>>> 'radius_auth_compute_in_pf' => 'enabled',
>>> 'eduroam_radius_auth'
>>> => '',
>>> 'radius_acct' =>
>>> 'Splynx',
>>>
>>> 'eduroam_radius_auth_compute_in_pf' => 'enabled',
>>>
>>> 'eduroam_radius_acct_proxy_type' => 'load-balance',
>>>
>>> 'permit_custom_attributes' => 'disabled'
>>> }
>>> },
>>> 'ConfigDomain' => {},
>>> 'ConfigOrderedRealm' => [
>>> 'default',
>>> 'local',
>>> 'null',
>>> 'fispy.mx <http://fispy.mx/>'
>>> ]
>>> },
>>> '0' => {
>>> 'ConfigDomain' => {},
>>> 'ConfigRealm' => {},
>>> 'ConfigOrderedRealm' => []
>>> }
>>> };
>>> our $DATA = $VAR1;
>>> 1;
>>> [root@wifi raddb]#
>>>
>>>
>>>
>>>> On Feb 9, 2022, at 5:19 PM, Jorge Nolla <[email protected]
>>>> <mailto:[email protected]>> wrote:
>>>>
>>>> Hi Team,
>>>>
>>>> Still can’t get accounting to proxy to the billing server. I don’t see the
>>>> configuration on the proxy.conf so I imagine is pulling from this file.
>>>>
>>>>
>>>> [root@wifi raddb]# cat proxy.conf.inc
>>>> # This file is generated from a template at
>>>> /usr/local/pf/conf/radiusd/proxy.conf.inc
>>>> # Any changes made to this file will be lost on restart
>>>>
>>>> # Eduroam integration is not configured
>>>>
>>>> realm default {
>>>>
>>>> }
>>>> realm local {
>>>>
>>>> }
>>>> realm null {
>>>>
>>>> }
>>>> realm fispy.mx <http://fispy.mx/> {
>>>>
>>>> auth_pool = auth_pool_fispy.mx <http://auth_pool_fispy.mx/>
>>>> acct_pool = acct_pool_fispy.mx <http://acct_pool_fispy.mx/>
>>>> }
>>>> home_server_pool auth_pool_fispy.mx <http://auth_pool_fispy.mx/> {
>>>> type = keyed-balance
>>>> home_server = Splynx
>>>> }
>>>>
>>>> home_server_pool acct_pool_fispy.mx <http://acct_pool_fispy.mx/> {
>>>> type = load-balance
>>>> home_server = Splynx
>>>> }
>>>>
>>>>
>>>> realm eduroam.default {
>>>>
>>>> }
>>>>
>>>> realm eduroam.local {
>>>>
>>>> }
>>>>
>>>> realm eduroam.null {
>>>>
>>>> }
>>>>
>>>> realm eduroam.fispy.mx <http://eduroam.fispy.mx/> {
>>>>
>>>> }
>>>>
>>>>
>>>>
>>>>
>>>> home_server Splynx {
>>>> ipaddr = 10.0.254.100
>>>> port = 1812
>>>> secret = @Put@Madr3
>>>> type = auth+acct
>>>> status_check = status-server
>>>> }
>>>>
>>>>
>>>>
>>>> # pfacct configuration
>>>>
>>>> realm pfacct {
>>>> acct_pool = pfacct_pool
>>>> nostrip
>>>> }
>>>>
>>>> home_server_pool pfacct_pool {
>>>> home_server = pfacct_local
>>>> }
>>>>
>>>> home_server pfacct_local {
>>>> type = acct
>>>> ipaddr = 127.0.0.1
>>>> port = 1813
>>>> secret = 'ZDQ3YzUzMjkxM2M1NjBhM2IyMTJjNWE0'
>>>> src_ipaddr = 10.0.255.99
>>>> }
>>>>
>>>>> On Feb 8, 2022, at 11:51 AM, Jorge Nolla <[email protected]
>>>>> <mailto:[email protected]>> wrote:
>>>>>
>>>>> Fabrice,
>>>>>
>>>>> For some reason I cannot get accounting forwarding to the Billing/Radius
>>>>> Server. This server has the plans for the customers.
>>>>>
>>>>> <Screen Shot 2022-02-08 at 11.48.23 AM.png>
>>>>>
>>>>>
>>>>> <Screen Shot 2022-02-08 at 11.50.20 AM.png>
>>>>>
>>>>>
>>>>> <Screen Shot 2022-02-08 at 11.48.01 AM.png>
>>>>>
>>>>>
>>>>> <Screen Shot 2022-02-08 at 11.51.33 AM.png>
>>>>>
>>>>>> On Feb 8, 2022, at 11:39 AM, Jorge Nolla <[email protected]
>>>>>> <mailto:[email protected]>> wrote:
>>>>>>
>>>>>> Hi Fabrice,
>>>>>>
>>>>>> It worked. I had to change to HTTPS and DNS for the cert on the server
>>>>>> to work. We also changed the method to GET. Will try POST, not sure if
>>>>>> this will make a difference.
>>>>>>
>>>>>> my $html_form = qq[
>>>>>> <form name="weblogin_form" data-autosubmit="1000" method="GET"
>>>>>> action="https://portal.fispy.mx:8443/login
>>>>>> <https://portal.fispy.mx:8443/login>">
>>>>>> <input type="hidden" name="username" value="$mac">
>>>>>> <input type="hidden" name="password" value="$mac">
>>>>>> </form>
>>>>>> <script src="/content/autosubmit.js"
>>>>>> type="text/javascript"></script>
>>>>>>
>>>>>> Here is the a sample of the radius info on PF. Top entry is with new
>>>>>> configuration MAC address as username. Bottom one is the old
>>>>>> configuration, where we were submitting the url request manually.
>>>>>>
>>>>>> <Screen Shot 2022-02-08 at 11.34.52 AM.png>
>>>>>>
>>>>>>
>>>>>>> On Feb 8, 2022, at 9:30 AM, Fabrice Durand <[email protected]
>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>
>>>>>>> Yes, that's it.
>>>>>>>
>>>>>>> Le mar. 8 févr. 2022 à 11:23, Jorge Nolla <[email protected]
>>>>>>> <mailto:[email protected]>> a écrit :
>>>>>>> Fabrice,
>>>>>>>
>>>>>>> The document you had provided didn’t layout the configuration steps. I
>>>>>>> think this might be the correct document for the configuration you are
>>>>>>> referring. If you have a chance take a look and let me know.
>>>>>>>
>>>>>>> https://support.huawei.com/enterprise/mx/knowledge/EKB1100055064
>>>>>>> <https://support.huawei.com/enterprise/mx/knowledge/EKB1100055064>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> On Feb 8, 2022, at 9:14 AM, Fabrice Durand <[email protected]
>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>
>>>>>>>> You can try that instead:
>>>>>>>>
>>>>>>>> my $html_form = qq[
>>>>>>>> <form name="weblogin_form" data-autosubmit="1000"
>>>>>>>> method="POST" action="http://$controller_ip:8443/login
>>>>>>>> <http://$controller_ip:8443/login>">
>>>>>>>> <input type="hidden" name="username" value="$mac">
>>>>>>>> <input type="hidden" name="password" value="$mac">
>>>>>>>> </form>
>>>>>>>> <script src="/content/autosubmit.js"
>>>>>>>> type="text/javascript"></script>
>>>>>>>> ];
>>>>>>>>
>>>>>>>> It will pass the mac address of the device in the radius request as
>>>>>>>> username and password instead of the real username and password who
>>>>>>>> has been authenticated previously on the portal.
>>>>>>>> Then you just need to configure the registration role in the switch
>>>>>>>> configuration to be -1 (packetfence side) and if the device is unreg
>>>>>>>> then the request will be rejected.
>>>>>>>>
>>>>>>>>
>>>>>>>> Le mar. 8 févr. 2022 à 11:04, Jorge Nolla <[email protected]
>>>>>>>> <mailto:[email protected]>> a écrit :
>>>>>>>> Hi Fabrice,
>>>>>>>>
>>>>>>>> Let me check what the difference is in configuration on the AC side,
>>>>>>>> I’ll report within the hour. Any clues as to why the parameters are
>>>>>>>> not being passed?
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Feb 8, 2022, at 8:55 AM, Fabrice Durand <[email protected]
>>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>>
>>>>>>>>> Hello Jorge,
>>>>>>>>>
>>>>>>>>> i really think that it´s not the correct way to support the web auth
>>>>>>>>> in Huawei.
>>>>>>>>> The only thing you can do with the portal is to authenticate with a
>>>>>>>>> username and password, there is no way to do anything else
>>>>>>>>> (sms/email/sponsor/....).
>>>>>>>>>
>>>>>>>>> Also when you authenticate on the portal , the portal validate your
>>>>>>>>> username and password and with the workflow you have it will
>>>>>>>>> authenticate twice (portal and radius) and it doesn´t make sense.
>>>>>>>>>
>>>>>>>>> So if you want to keep this way then you will need a simple html page
>>>>>>>>> with a username and password field that post on
>>>>>>>>> https://portal.fispy.mx:8443/login
>>>>>>>>> <https://portal.fispy.mx:8443/login> then configure packetfence to
>>>>>>>>> authenticate the username and password from radius.
>>>>>>>>>
>>>>>>>>> The other way who looks really better is to use that:
>>>>>>>>> (https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_2
>>>>>>>>>
>>>>>>>>> <https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_2>)
>>>>>>>>>
>>>>>>>>> <download.png>
>>>>>>>>>
>>>>>>>>> As i said , it´s exactly how it works with the cisco wlc and it will
>>>>>>>>> support all authentication mechanisms available on the portal.
>>>>>>>>>
>>>>>>>>> Regards
>>>>>>>>> Fabrice
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Le lun. 7 févr. 2022 à 20:25, Jorge Nolla <[email protected]
>>>>>>>>> <mailto:[email protected]>> a écrit :
>>>>>>>>>
>>>>>>>>> Radius request from the AC once it receives the correct values. This
>>>>>>>>> is sent back to Radius which in this case is PF
>>>>>>>>>
>>>>>>>>> User-Name = “5blz” <<< VALUE NEEDED IN URL as username
>>>>>>>>> User-Password = "******” <<< VALUE NEEDED IN URL as password
>>>>>>>>> NAS-IP-Address = 10.7.255.2
>>>>>>>>> NAS-Port = 900
>>>>>>>>> Service-Type = Framed-User
>>>>>>>>> Framed-Protocol = PPP
>>>>>>>>> Framed-IP-Address = 10.9.91.31
>>>>>>>>> Called-Station-Id = "c0:f6:c2:a5:c4:d0:FISPY-WiFi"
>>>>>>>>> Calling-Station-Id = "f0:2f:4b:14:67:d9"
>>>>>>>>> NAS-Identifier = "AirEngine9700-M1"
>>>>>>>>> NAS-Port-Type = Wireless-802.11
>>>>>>>>> Acct-Session-Id = "AirEngi00000000000900d5d66c0600187"
>>>>>>>>> Event-Timestamp = "Feb 7 2022 18:05:13 MST"
>>>>>>>>> NAS-Port-Id = "slot=0;subslot=0;port=0;vlanid=900"
>>>>>>>>> Huawei-Loopback-Address = "C0F6-C2A5-C4D0"
>>>>>>>>> Huawei-User-Mac = "\000\000\000\003"
>>>>>>>>> Stripped-User-Name = "5blz"
>>>>>>>>> Realm = "null"
>>>>>>>>> FreeRADIUS-Client-IP-Address = 10.7.255.2
>>>>>>>>> Called-Station-SSID = "FISPY-WiFi"
>>>>>>>>> PacketFence-KeyBalanced = "aa86741e358fa86079a91aaf4dc581f9"
>>>>>>>>> PacketFence-Radius-Ip = "10.0.255.99"
>>>>>>>>> SQL-User-Name = "5blz"
>>>>>>>>>
>>>>>>>>>> On Feb 7, 2022, at 3:58 PM, Jorge Nolla <[email protected]
>>>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>>>
>>>>>>>>>> Hi Fabrice,
>>>>>>>>>>
>>>>>>>>>> I did hardcode as follow:
>>>>>>>>>>
>>>>>>>>>> <form name="weblogin_form" data-autosubmit="1000" method="GET"
>>>>>>>>>> action="https://portal.fispy.mx:8443/login?username=bob&password=bob
>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=bob&password=bob>"
>>>>>>>>>> style="display:none">
>>>>>>>>>>
>>>>>>>>>> But the redirect which the client is getting, is only this part, not
>>>>>>>>>> sure why:
>>>>>>>>>>
>>>>>>>>>> https://portal.fispy.mx:8443/login?
>>>>>>>>>> <https://portal.fispy.mx:8443/login?>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Here is the flow of the External Portal Authentication as per
>>>>>>>>>> Huawei.
>>>>>>>>>> Portal Server - Notify the STA of the login URL
>>>>>>>>>> STA - Send the username and password in HTTP GET POST. When this is
>>>>>>>>>> configured to use ISE as per the guide, the ISE server sends the
>>>>>>>>>> redirect to the STA as per the format.
>>>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>>>>
>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> <PastedGraphic-1.tiff>
>>>>>>>>>>
>>>>>>>>>>> On Feb 7, 2022, at 2:51 PM, Fabrice Durand <[email protected]
>>>>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Did you try to hardcode that in the code and see if it works ?
>>>>>>>>>>>
>>>>>>>>>>> Also i don´t understand the goal of passing the username and
>>>>>>>>>>> password , is there any extra check after that ? What happen if the
>>>>>>>>>>> user register by sms/email ?
>>>>>>>>>>>
>>>>>>>>>>> And i just found that:
>>>>>>>>>>> https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_1
>>>>>>>>>>>
>>>>>>>>>>> <https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_1>
>>>>>>>>>>> Is it something that can be configured on the Hawei ? If yes then
>>>>>>>>>>> it will mimic the way the Cisco WLC works.
>>>>>>>>>>>
>>>>>>>>>>> Regards
>>>>>>>>>>> Fabrice
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Le lun. 7 févr. 2022 à 16:01, Jorge Nolla <[email protected]
>>>>>>>>>>> <mailto:[email protected]>> a écrit :
>>>>>>>>>>> Hi Fabrice,
>>>>>>>>>>>
>>>>>>>>>>> This line needs to be HTTPS for it to work
>>>>>>>>>>> <form name="weblogin_form" data-autosubmit="1000" method="GET"
>>>>>>>>>>> action="http://$controller_ip:8443/login?username=bob&password=bob
>>>>>>>>>>> <http://$controller_ip:8443/login?username=bob&password=bob>"
>>>>>>>>>>> style="display:none”>
>>>>>>>>>>>
>>>>>>>>>>> This needs to be the username and password which is being entered
>>>>>>>>>>> by the user in the PF portal, which is the Radius username and
>>>>>>>>>>> password
>>>>>>>>>>> username=bob&password=bob
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> On Feb 7, 2022, at 12:03 PM, Fabrice Durand <[email protected]
>>>>>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> I just pushed a fix.
>>>>>>>>>>>>
>>>>>>>>>>>> cd /usr/local/pf
>>>>>>>>>>>> curl
>>>>>>>>>>>> https://github.com/inverse-inc/packetfence/commit/7628afddf46e0226667560dc33df192f9c4cf420.diff
>>>>>>>>>>>>
>>>>>>>>>>>> <https://github.com/inverse-inc/packetfence/commit/7628afddf46e0226667560dc33df192f9c4cf420.diff>
>>>>>>>>>>>> | patch -p1
>>>>>>>>>>>> and restart
>>>>>>>>>>>>
>>>>>>>>>>>> Le lun. 7 févr. 2022 à 13:46, Jorge Nolla <[email protected]
>>>>>>>>>>>> <mailto:[email protected]>> a écrit :
>>>>>>>>>>>> Here are the log outputs for /usr/local/pf/logs/packetfence.log
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Feb 7 11:03:04 wifi packetfence_httpd.portal[61371]:
>>>>>>>>>>>> httpd.portal(61371) INFO: [mac:[undef]] URI '/Huawei' is detected
>>>>>>>>>>>> as an external captive portal URI (pf::web::externalportal::handle)
>>>>>>>>>>>> Feb 7 11:03:04 wifi packetfence_httpd.portal[61371]:
>>>>>>>>>>>> httpd.portal(61371) ERROR: [mac:[undef]] Cannot load perl module
>>>>>>>>>>>> for switch type 'pf::Switch::Huawei'. Either switch type is
>>>>>>>>>>>> unknown or switch type perl module have compilation errors. See
>>>>>>>>>>>> the following message for details:
>>>>>>>>>>>> (pf::web::externalportal::handle)
>>>>>>>>>>>> Feb 7 11:03:06 wifi packetfence_httpd.portal[61370]:
>>>>>>>>>>>> httpd.portal(61370) INFO: [mac:[undef]] URI '/Huawei' is detected
>>>>>>>>>>>> as an external captive portal URI (pf::web::externalportal::handle)
>>>>>>>>>>>> Feb 7 11:03:06 wifi packetfence_httpd.portal[61370]:
>>>>>>>>>>>> httpd.portal(61370) ERROR: [mac:[undef]] Cannot load perl module
>>>>>>>>>>>> for switch type 'pf::Switch::Huawei'. Either switch type is
>>>>>>>>>>>> unknown or switch type perl module have compilation errors. See
>>>>>>>>>>>> the following message for details:
>>>>>>>>>>>> (pf::web::externalportal::handle)
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> On Feb 7, 2022, at 10:50 AM, Jorge Nolla <[email protected]
>>>>>>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Here is the output for HAProxy
>>>>>>>>>>>>>
>>>>>>>>>>>>> Feb 7 10:48:54 wifi haproxy[2285]: 10.9.215.39:63814
>>>>>>>>>>>>> <http://10.9.215.39:63814/> [07/Feb/2022:10:48:54.074]
>>>>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1
>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/13/13 501 413 - - ---- 2/1/0/0/0 0/0
>>>>>>>>>>>>> {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET
>>>>>>>>>>>>> /Huawei?ac-ip=10.7.255.2&userip=10.9.215.39&ssid=FISPY-WiFi&ap-mac=f02f4b1467d9
>>>>>>>>>>>>> HTTP/1.1”
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Feb 7, 2022, at 10:06 AM, Jorge Nolla <[email protected]
>>>>>>>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hi Fabrice,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> From the Pf portal after the patch is applied.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> type: 'Huawei' is not a valid value The chosen type (Huawei) is
>>>>>>>>>>>>>> not supported.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Feb 6, 2022, at 6:49 PM, Jorge Nolla <[email protected]
>>>>>>>>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> This is the only option on the config.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> <Screen Shot 2022-02-06 at 6.48.16 PM.png>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Feb 6, 2022, at 6:41 PM, Jorge Nolla <[email protected]
>>>>>>>>>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hi Fabrice,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Getting an error page from PF
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Not Implemented
>>>>>>>>>>>>>>>> GET no supported for current URL.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> How is the switch supposed to be defined in PF?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> On Feb 6, 2022, at 5:55 PM, Fabrice Durand
>>>>>>>>>>>>>>>>> <[email protected] <mailto:[email protected]>> wrote:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> I am just not sure what to set for username and password, if
>>>>>>>>>>>>>>>>> you do sms auth then there is no password.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Also in the url it looks that it miss the mac address of the
>>>>>>>>>>>>>>>>> device , can you try to add device-mac and see if the device
>>>>>>>>>>>>>>>>> mac is in the url ?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Here the first draft:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> <https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> cd /usr/local/pf/
>>>>>>>>>>>>>>>>> curl
>>>>>>>>>>>>>>>>> https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> <https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff>
>>>>>>>>>>>>>>>>> | patch -p1
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> then restart packetfence.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> On the controller:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> url-template name PacketFence
>>>>>>>>>>>>>>>>> url https://wifi.fispy.mx/
>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>Hawei
>>>>>>>>>>>>>>>>> url-parameter device-ip device-mac ac-ip user-ipaddress
>>>>>>>>>>>>>>>>> userip ssid ssid user-mac ap-mac
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> So when the device will be forwarded to the portal it should
>>>>>>>>>>>>>>>>> be able to recognise the mac address and the ip of the device
>>>>>>>>>>>>>>>>> (in the bottom).
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Register on the portal and you should be forwarded to
>>>>>>>>>>>>>>>>> http://$controller_ip:8443/login?username=bob&password=bob
>>>>>>>>>>>>>>>>> <http://$controller_ip:8443/login?username=bob&password=bob>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Let me know how it behave.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>>>>> Fabrice
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Le dim. 6 févr. 2022 à 18:58, Jorge Nolla <[email protected]
>>>>>>>>>>>>>>>>> <mailto:[email protected]>> a écrit :
>>>>>>>>>>>>>>>>> Hi Fabrice
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> This is the GET the AC is expecting:
>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> If successful it will return as per image below. If it fails
>>>>>>>>>>>>>>>>> the AC will redirect back to the Portal
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> <WebAuthentication.png>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Here is the configuration:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> url-template name PacketFence
>>>>>>>>>>>>>>>>> url https://wifi.fispy.mx/captive-portal
>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>
>>>>>>>>>>>>>>>>> url-parameter login-url destination_url
>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> HA Proxy output
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Feb 6 16:44:26 wifi haproxy[2427]: 10.9.70.173:52266
>>>>>>>>>>>>>>>>> <http://10.9.70.173:52266/> [06/Feb/2022:16:44:26.153]
>>>>>>>>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1
>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/202/202 200 9003 - - ---- 2/1/0/0/0
>>>>>>>>>>>>>>>>> 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET
>>>>>>>>>>>>>>>>> /captive-portal?destination_url=https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>>>>>>>>>>> HTTP/1.1"
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Only problem is that PacketFence is not updating the dynamic
>>>>>>>>>>>>>>>>> values with username and password for it to work
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> AC = Access Controller. This manages the APs’ as they are
>>>>>>>>>>>>>>>>> operating in Fit/Lightweight mode.
>>>>>>>>>>>>>>>>> AP = Access Points. These are the actual radios.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Best Regards,
>>>>>>>>>>>>>>>>> Jorge
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> On Feb 6, 2022, at 4:40 PM, Fabrice Durand
>>>>>>>>>>>>>>>>>> <[email protected] <mailto:[email protected]>> wrote:
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Hello Jorge,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> i have what i need at least to be able to support the
>>>>>>>>>>>>>>>>>> web-auth.
>>>>>>>>>>>>>>>>>> The only thing i am not sure is at the end of the
>>>>>>>>>>>>>>>>>> registration process what we are supposed to do.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> I will create a branch on github in order for you to test.
>>>>>>>>>>>>>>>>>> (it will be an update of the Huawei switch module).
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> For information, what is the ac-ip ac-mac versus ap-ip
>>>>>>>>>>>>>>>>>> ap-mac ?
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>>>>>> Fabrice
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Le dim. 6 févr. 2022 à 18:30, Jorge Nolla <[email protected]
>>>>>>>>>>>>>>>>>> <mailto:[email protected]>> a écrit :
>>>>>>>>>>>>>>>>>> If I try to manually send the redirect in the browser here
>>>>>>>>>>>>>>>>>> is what HA proxy records. This is a simple copy and paste in
>>>>>>>>>>>>>>>>>> the browser and the output:
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> https://wifi.fispy.mx/captive-portal
>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>?destination_url=https://portal.fispy.mx:8443/login?username=539z&password=0uf3
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=539z&password=0uf3>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> 4875 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx
>>>>>>>>>>>>>>>>>> <http://wifi.fispy.mx/>} "GET
>>>>>>>>>>>>>>>>>> /captive-portal?destination_url=https://portal.fispy.mx:8443/login?username=539z&password=0uf3
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=539z&password=0uf3>
>>>>>>>>>>>>>>>>>> HTTP/1.1"
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> It doesn’t let it go through as it seems that is trying to
>>>>>>>>>>>>>>>>>> validate network connectivity
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> On Feb 6, 2022, at 4:07 PM, Jorge Nolla <[email protected]
>>>>>>>>>>>>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Seems weird how the format of the URL is recorded/sent
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Here is a normal redirect, the url is formatted correctly,
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Feb 6 16:03:41 wifi haproxy[2427]: 10.99.1.20:63577
>>>>>>>>>>>>>>>>>>> <http://10.99.1.20:63577/> [06/Feb/2022:16:03:41.232]
>>>>>>>>>>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1
>>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/1/233/234 200 4910 - - ----
>>>>>>>>>>>>>>>>>>> 2/1/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET
>>>>>>>>>>>>>>>>>>> /captive-portal?destination_url=https://www.fispy.mx/
>>>>>>>>>>>>>>>>>>> <https://www.fispy.mx/> HTTP/1.1"
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> I’m not sure why the value sent by the AP has all the %
>>>>>>>>>>>>>>>>>>> and weird symbols
>>>>>>>>>>>>>>>>>>> destination%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal?switch_url=https://portal.fispy.mx:8443/login>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> On Feb 6, 2022, at 4:00 PM, Jorge Nolla <[email protected]
>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]>> wrote:
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Hi Fabrice,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Here are the options that can be added:
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> [AirEngine9700-M1-url-template-PacketFence]url-parameter ?
>>>>>>>>>>>>>>>>>>>> ap-group-name AP group name
>>>>>>>>>>>>>>>>>>>> ap-ip AP IP address
>>>>>>>>>>>>>>>>>>>> ap-location AP location
>>>>>>>>>>>>>>>>>>>> ap-mac AP MAC address
>>>>>>>>>>>>>>>>>>>> ap-name AP name
>>>>>>>>>>>>>>>>>>>> device-ip Device IP address
>>>>>>>>>>>>>>>>>>>> device-mac Device MAC address
>>>>>>>>>>>>>>>>>>>> login-url Device's login URL provided to the
>>>>>>>>>>>>>>>>>>>> external portal server
>>>>>>>>>>>>>>>>>>>> mac-address Mac address
>>>>>>>>>>>>>>>>>>>> redirect-url The url in user original http packet
>>>>>>>>>>>>>>>>>>>> set Set
>>>>>>>>>>>>>>>>>>>> ssid SSID
>>>>>>>>>>>>>>>>>>>> sysname Device name
>>>>>>>>>>>>>>>>>>>> user-ipaddress User IP address
>>>>>>>>>>>>>>>>>>>> user-mac User MAC address
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> url-template name PacketFence
>>>>>>>>>>>>>>>>>>>> url https://wifi.fispy.mx/captive-portal
>>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>
>>>>>>>>>>>>>>>>>>>> url-parameter device-ip ac-ip user-ipaddress userip ssid
>>>>>>>>>>>>>>>>>>>> ssid user-mac ap-mac
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> 200 9003 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx
>>>>>>>>>>>>>>>>>>>> <http://wifi.fispy.mx/>} "GET
>>>>>>>>>>>>>>>>>>>> /captive-portal?ac%2Dip=10%2E7%2E255%2E2&userip=10%2E9%2E70%2E173&ssid=FISPY%2DWiFi&ap%2Dmac=f02f4b1467d9
>>>>>>>>>>>>>>>>>>>> HTTP/1.1"
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> If we do not specify the URL on this configuration, where
>>>>>>>>>>>>>>>>>>>> would PacketFence get the value for the AC Web
>>>>>>>>>>>>>>>>>>>> Authentication call?
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Best Regards,
>>>>>>>>>>>>>>>>>>>> Jorge
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> On Feb 5, 2022, at 8:23 PM, Fabrice Durand
>>>>>>>>>>>>>>>>>>>>> <[email protected] <mailto:[email protected]>> wrote:
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Hello Jorge,
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> what we need is the user mac and the ap information.
>>>>>>>>>>>>>>>>>>>>> I found that
>>>>>>>>>>>>>>>>>>>>> https://support.huawei.com/enterprise/en/doc/EDOC1100008283/659354b1/display-url-template
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> <https://support.huawei.com/enterprise/en/doc/EDOC1100008283/659354b1/display-url-template>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Is it possible to add extra parameters like user-mac ssid
>>>>>>>>>>>>>>>>>>>>> ap-ip ap-mac ?
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> And if yes can you provide me the url generated by the
>>>>>>>>>>>>>>>>>>>>> controller when it redirect ? (haproxy-portal log)
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>>>>>>>>> Fabrice
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Le sam. 5 févr. 2022 à 20:42, Jorge Nolla
>>>>>>>>>>>>>>>>>>>>> <[email protected] <mailto:[email protected]>> a écrit :
>>>>>>>>>>>>>>>>>>>>> Hi Team,
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Any input on this? We really would like to get this to
>>>>>>>>>>>>>>>>>>>>> work.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Thank you!
>>>>>>>>>>>>>>>>>>>>> Jorge
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> On Feb 2, 2022, at 7:48 PM, Jorge Nolla
>>>>>>>>>>>>>>>>>>>>>> <[email protected] <mailto:[email protected]>> wrote:
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> Hi Fabrice,
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> This is the sequence:
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> Feb 2 14:51:32 wifi haproxy[2427]: 10.9.79.52:61132
>>>>>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61132/> [02/Feb/2022:14:51:32.663]
>>>>>>>>>>>>>>>>>>>>>> portal-http-10.0.255.99 10.0.255.99-backend/127.0.0.1
>>>>>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/201/201 200 7146 - - ----
>>>>>>>>>>>>>>>>>>>>>> 3/1/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>}
>>>>>>>>>>>>>>>>>>>>>> "GET /access?lang= HTTP/1.1"
>>>>>>>>>>>>>>>>>>>>>> Feb 2 14:51:37 wifi haproxy[2427]: 10.9.79.52:61133
>>>>>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61133/> [02/Feb/2022:14:51:37.905]
>>>>>>>>>>>>>>>>>>>>>> portal-http-10.0.255.99 static/127.0.0.1
>>>>>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/2/2 200 228 - - ---- 4/2/0/0/0
>>>>>>>>>>>>>>>>>>>>>> 0/0 {10.0.255.99} "GET
>>>>>>>>>>>>>>>>>>>>>> /common/network-access-detection.gif?r=1643838705224
>>>>>>>>>>>>>>>>>>>>>> HTTP/1.1"
>>>>>>>>>>>>>>>>>>>>>> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61130
>>>>>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61130/> [02/Feb/2022:14:51:43.927]
>>>>>>>>>>>>>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1
>>>>>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/122/122 302 1018 - - ----
>>>>>>>>>>>>>>>>>>>>>> 4/1/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>}
>>>>>>>>>>>>>>>>>>>>>> "GET
>>>>>>>>>>>>>>>>>>>>>> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>>>>>>>>>>>>>>>>>>>> HTTP/1.1"
>>>>>>>>>>>>>>>>>>>>>> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61132
>>>>>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61132/> [02/Feb/2022:14:51:44.060]
>>>>>>>>>>>>>>>>>>>>>> portal-http-10.0.255.99 10.0.255.99-backend/127.0.0.1
>>>>>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/129/129 200 7146 - - ----
>>>>>>>>>>>>>>>>>>>>>> 4/2/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>}
>>>>>>>>>>>>>>>>>>>>>> "GET /access?lang= HTTP/1.1"
>>>>>>>>>>>>>>>>>>>>>> Feb 2 14:51:49 wifi haproxy[2427]: 10.9.79.52:61133
>>>>>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61133/> [02/Feb/2022:14:51:49.219]
>>>>>>>>>>>>>>>>>>>>>> portal-http-10.0.255.99 static/127.0.0.1
>>>>>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/1/1 200 228 - - ---- 4/2/0/0/0
>>>>>>>>>>>>>>>>>>>>>> 0/0 {10.0.255.99} "GET
>>>>>>>>>>>>>>>>>>>>>> /common/network-access-detection.gif?r=1643838716546
>>>>>>>>>>>>>>>>>>>>>> HTTP/1.1"
>>>>>>>>>>>>>>>>>>>>>> Feb 2 14:51:55 wifi haproxy[2427]: 10.9.79.52:61130
>>>>>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61130/> [02/Feb/2022:14:51:55.287]
>>>>>>>>>>>>>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1
>>>>>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/136/136 302 1018 - - ----
>>>>>>>>>>>>>>>>>>>>>> 4/1/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>}
>>>>>>>>>>>>>>>>>>>>>> "GET
>>>>>>>>>>>>>>>>>>>>>> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>>>>>>>>>>>>>>>>>>>> HTTP/1.1”
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> On Feb 2, 2022, at 7:12 PM, Fabrice Durand
>>>>>>>>>>>>>>>>>>>>>>> <[email protected] <mailto:[email protected]>> wrote:
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> Hello Jorge,
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> i will have a look closer.
>>>>>>>>>>>>>>>>>>>>>>> But i have a question, when the device is forwarded to
>>>>>>>>>>>>>>>>>>>>>>> the captive portal, (just before
>>>>>>>>>>>>>>>>>>>>>>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal?switch_url=https://portal.fispy.mx:8443/login>)
>>>>>>>>>>>>>>>>>>>>>>> , what is the url ?
>>>>>>>>>>>>>>>>>>>>>>> You should be able to see it in the haproxy-portal.log
>>>>>>>>>>>>>>>>>>>>>>> file.
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>>>>>>>>>>> Fabrice
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> Le mer. 2 févr. 2022 à 10:18, Jorge Nolla
>>>>>>>>>>>>>>>>>>>>>>> <[email protected] <mailto:[email protected]>> a écrit :
>>>>>>>>>>>>>>>>>>>>>>> Hi Fabrice,
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> We almost have the configuration working, but are not
>>>>>>>>>>>>>>>>>>>>>>> sure how to get the redirect to the client to work
>>>>>>>>>>>>>>>>>>>>>>> correctly. Attached is the documentation for Cisco ISE
>>>>>>>>>>>>>>>>>>>>>>> which we used for PacketFence as well.
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> Portal.fispy.mx <http://portal.fispy.mx/> is the Huawei
>>>>>>>>>>>>>>>>>>>>>>> AC.
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> This is the format the client should get from
>>>>>>>>>>>>>>>>>>>>>>> PacketFence. This is the only piece we are missing for
>>>>>>>>>>>>>>>>>>>>>>> this to work.
>>>>>>>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> If we manually click on the link above, then the flow
>>>>>>>>>>>>>>>>>>>>>>> of traffic works correctly CLIENT > AC > RADIUS
>>>>>>>>>>>>>>>>>>>>>>> (PacketFence), and authentication works. The problem is
>>>>>>>>>>>>>>>>>>>>>>> that when the user logs in to the portal the redirect
>>>>>>>>>>>>>>>>>>>>>>> is broken. The parameter for the redirect that
>>>>>>>>>>>>>>>>>>>>>>> PacketFence is serving, comes from a configuration
>>>>>>>>>>>>>>>>>>>>>>> parameter within the AC. This configuration works fine
>>>>>>>>>>>>>>>>>>>>>>> for Cisco ISE, but the URL format is not working for
>>>>>>>>>>>>>>>>>>>>>>> PacketFence.
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> When we configure the redirect this is what the client
>>>>>>>>>>>>>>>>>>>>>>> is getting from PacketFence
>>>>>>>>>>>>>>>>>>>>>>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> url-template name PacketFence
>>>>>>>>>>>>>>>>>>>>>>> url https://wifi.fispy.mx/captive-portal
>>>>>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>
>>>>>>>>>>>>>>>>>>>>>>> url-parameter login-url switch_url
>>>>>>>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login
>>>>>>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login> <<< THIS IS THE
>>>>>>>>>>>>>>>>>>>>>>> PARAMETER FOR THE REDIRECT TO PACKETFENCE
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> AC CONFIG
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> authentication-profile name PacketFence
>>>>>>>>>>>>>>>>>>>>>>> portal-access-profile PacketFence
>>>>>>>>>>>>>>>>>>>>>>> free-rule-template default_free_rule
>>>>>>>>>>>>>>>>>>>>>>> authentication-scheme PacketFence
>>>>>>>>>>>>>>>>>>>>>>> accounting-scheme PacketFence
>>>>>>>>>>>>>>>>>>>>>>> radius-server PacketFence
>>>>>>>>>>>>>>>>>>>>>>> force-push url https://www.fispy.mx
>>>>>>>>>>>>>>>>>>>>>>> <https://www.fispy.mx/>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> radius-server template PacketFence
>>>>>>>>>>>>>>>>>>>>>>> radius-server shared-key cipher
>>>>>>>>>>>>>>>>>>>>>>> %^%#*)l=:1.X-Yd$\<~orEF@]<}NMejv3)E^\6;7:NUY%^%#
>>>>>>>>>>>>>>>>>>>>>>> radius-server authentication 10.0.255.99 1812 source
>>>>>>>>>>>>>>>>>>>>>>> ip-address 10.7.255.2 weight 90
>>>>>>>>>>>>>>>>>>>>>>> radius-server accounting 10.0.255.99 1813 source
>>>>>>>>>>>>>>>>>>>>>>> ip-address 10.7.255.2 weight 80
>>>>>>>>>>>>>>>>>>>>>>> undo radius-server user-name domain-included
>>>>>>>>>>>>>>>>>>>>>>> calling-station-id mac-format unformatted
>>>>>>>>>>>>>>>>>>>>>>> called-station-id wlan-user-format ac-mac
>>>>>>>>>>>>>>>>>>>>>>> radius-server attribute translate
>>>>>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-NAS-Startup-Time-Stamp send
>>>>>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-IP-Host-Address send
>>>>>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-Connect-ID send
>>>>>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-Version send
>>>>>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-Product-ID send
>>>>>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-Domain-Name send
>>>>>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-User-Extend-Info send
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> url-template name PacketFence
>>>>>>>>>>>>>>>>>>>>>>> url https://wifi.fispy.mx/captive-portal
>>>>>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>
>>>>>>>>>>>>>>>>>>>>>>> url-parameter login-url switch_url
>>>>>>>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login
>>>>>>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login> <<< THIS IS THE
>>>>>>>>>>>>>>>>>>>>>>> PARAMETER FOR THE REDIRECT TO PACKETFENCE
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> web-auth-server PacketFence
>>>>>>>>>>>>>>>>>>>>>>> server-ip 10.0.255.99
>>>>>>>>>>>>>>>>>>>>>>> port 443
>>>>>>>>>>>>>>>>>>>>>>> url-template PacketFence
>>>>>>>>>>>>>>>>>>>>>>> protocol http
>>>>>>>>>>>>>>>>>>>>>>> http get-method enable
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> portal-access-profile name PacketFence
>>>>>>>>>>>>>>>>>>>>>>> web-auth-server PacketFence direct
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> authentication-scheme PacketFence
>>>>>>>>>>>>>>>>>>>>>>> authentication-mode radius
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> wlan
>>>>>>>>>>>>>>>>>>>>>>> security-profile name FISPY-WiFi
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> vap-profile name FISPY-WiFi
>>>>>>>>>>>>>>>>>>>>>>> service-vlan vlan-id 900
>>>>>>>>>>>>>>>>>>>>>>> permit-vlan vlan-id 900
>>>>>>>>>>>>>>>>>>>>>>> ssid-profile FISPY-WiFi
>>>>>>>>>>>>>>>>>>>>>>> security-profile FISPY-WiFi
>>>>>>>>>>>>>>>>>>>>>>> authentication-profile PacketFence
>>>>>>>>>>>>>>>>>>>>>>> sta-network-detect disable
>>>>>>>>>>>>>>>>>>>>>>> service-experience-analysis enable
>>>>>>>>>>>>>>>>>>>>>>> mdns-snooping enable
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> ###CISCO ISE CONFIG TO COMPARE###
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> url-template name CISCO-ISE
>>>>>>>>>>>>>>>>>>>>>>> url
>>>>>>>>>>>>>>>>>>>>>>> https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> <https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02>
>>>>>>>>>>>>>>>>>>>>>>> parameter start-mark #
>>>>>>>>>>>>>>>>>>>>>>> url-parameter login-url switch_url
>>>>>>>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login
>>>>>>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> ####################################
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>> On Feb 2, 2022, at 6:17 AM, Fabrice Durand
>>>>>>>>>>>>>>>>>>>>>>>> <[email protected] <mailto:[email protected]>> wrote:
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>> Hello Jorge,
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>> do you have any Huawei documentation to implement that
>>>>>>>>>>>>>>>>>>>>>>>> ?
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>>>>>>>>>>>> Fabrice
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>> Le mer. 26 janv. 2022 à 15:59, Jorge Nolla via
>>>>>>>>>>>>>>>>>>>>>>>> PacketFence-users
>>>>>>>>>>>>>>>>>>>>>>>> <[email protected]
>>>>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]>> a
>>>>>>>>>>>>>>>>>>>>>>>> écrit :
>>>>>>>>>>>>>>>>>>>>>>>> Hi Team,
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>> We were wondering if anyone has had any success in
>>>>>>>>>>>>>>>>>>>>>>>> configuring Web Auth for the Huawei AC? It’s somewhat
>>>>>>>>>>>>>>>>>>>>>>>> critical for us to get this going.
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>> Thank you!
>>>>>>>>>>>>>>>>>>>>>>>> Jorge
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>>>>>>>>>>> PacketFence-users mailing list
>>>>>>>>>>>>>>>>>>>>>>>> [email protected]
>>>>>>>>>>>>>>>>>>>>>>>> <mailto:[email protected]>
>>>>>>>>>>>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
