Keep that ACL and change the URL returned in the radius reply. Do you see the captive portal ?
Restart all PF service once you changed the host and domain name. Thanks, Ludovic Zammit Product Support Engineer Principal Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On May 20, 2021, at 11:12 AM, Ezeh Victor <vickeyzed...@gmail.com> wrote: > > Hi Ludovic, > > Reviewing the configuration on WLC, there is an ACL in use to redirect users > that connect to the SSID of interest to PF captive portal; > <image.png> > > I cannot use the DNS name here like I did in PF but from my initial response, > the name resolves to the IP in the ACL which I believe should work. > > Could this be the problem? > > On Thu, 20 May 2021 at 15:44, Ezeh Victor <vickeyzed...@gmail.com > <mailto:vickeyzed...@gmail.com>> wrote: > Hi Ludovic, > > Kindly find my observations below; > > After certificate installation, I still receive this; > <image.png> > > Your recommendations were followed in your previous email and the config was > changed to https://self-service.dangote-group.com/Cisco::WLC > <https://urldefense.com/v3/__https://self-service.dangote-group.com/Cisco::WLC__;!!GjvTz_vk!HrDX1Mox1tt24FNmEoFficJm4MvIuCLEM0jEgCeKrctu9xpKVLUVPqeKprbLQg$> > and this time around there was not even a prompt from the browser to go to > the captive portal. > > Attempts to visit a site to trigger the captive portal only returned this; > <image.jpeg> > > This is the dns resolution; > <image.png> > > On Thu, 20 May 2021 at 14:25, Zammit, Ludovic <luza...@akamai.com > <mailto:luza...@akamai.com>> wrote: > Hello Victor, > > <PastedGraphic-8.tiff> > > Here put the dns name of the portal: > https://self-service.dangote-group.com/Cisco::WLC > <https://urldefense.com/v3/__https://self-service.dangote-group.com/Cisco::WLC__;!!GjvTz_vk!HrDX1Mox1tt24FNmEoFficJm4MvIuCLEM0jEgCeKrctu9xpKVLUVPqeKprbLQg$> > > The issue now is to make sure that dns name revolves the PF management > interface either local IP or Public IP from the guest (where the device sits) > network. > > Thanks, > > Ludovic Zammit > Product Support Engineer Principal > > Cell: +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com/> > <http://blogs.akamai.com/> > <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!HrDX1Mox1tt24FNmEoFficJm4MvIuCLEM0jEgCeKrctu9xpKVLUVPqfwdi8GTA$> > > <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!HrDX1Mox1tt24FNmEoFficJm4MvIuCLEM0jEgCeKrctu9xpKVLUVPqcdld1VvA$> > > <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!HrDX1Mox1tt24FNmEoFficJm4MvIuCLEM0jEgCeKrctu9xpKVLUVPqfapp-Prg$> > > <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!HrDX1Mox1tt24FNmEoFficJm4MvIuCLEM0jEgCeKrctu9xpKVLUVPqdXqzAMUA$> > >> On May 20, 2021, at 9:21 AM, Ezeh Victor <vickeyzed...@gmail.com >> <mailto:vickeyzed...@gmail.com>> wrote: >> >> Hi Ludovic, >> >> Let me kindly explain the scenario here....... >> >> The PF server's internal IP is 172.31.2.89 and resolves internally to >> self-service.dangote-group.com >> <https://urldefense.com/v3/__http://self-service.dangote-group.com__;!!GjvTz_vk!DpjgWo5gP1LIs1voosgx1XXcF6o5Eymyy_GJIIElLnneSnYkbBldTzwgo0Br6w$>. >> >> We needed Sponsors to be able to approve guest requests over the internet >> without the need for VPN, so a public DNS mapping was done for the same name >> to 80.88.10.20 to make that happen. >> >> The hostname of PF server is; >> >> <image.png> >> >> There is no special configuration for web authentication re-direct as the >> default setup for the captive portal is being used. >> >> This is the switch config; >> <image.png> >> >> Should I change the IP information for the registration URL to the public IP? >> >> On Thu, 20 May 2021 at 12:34, Zammit, Ludovic <luza...@akamai.com >> <mailto:luza...@akamai.com>> wrote: >> I’m no mastermind but self-service.dangote-group.com >> <https://urldefense.com/v3/__http://self-service.dangote-group.com__;!!GjvTz_vk!DpjgWo5gP1LIs1voosgx1XXcF6o5Eymyy_GJIIElLnneSnYkbBldTzwgo0Br6w$> >> is different from 172.31.2.89. >> >> Make sure that you have the correct hostname and domain under Configuration >> > System Configuration > General configuration >> >> If you are using web auth redirection change your URL as well either from >> the switch config in PF or the switch / controller itself. >> >> Thanks, >> >> Ludovic Zammit >> Product Support Engineer Principal >> >> Cell: +1.613.670.8432 >> Akamai Technologies - Inverse >> 145 Broadway >> Cambridge, MA 02142 >> Connect with Us: <https://community.akamai.com/> >> <http://blogs.akamai.com/> >> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!DpjgWo5gP1LIs1voosgx1XXcF6o5Eymyy_GJIIElLnneSnYkbBldTzyyXBe2sA$> >> >> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!DpjgWo5gP1LIs1voosgx1XXcF6o5Eymyy_GJIIElLnneSnYkbBldTzxMMvUVXw$> >> >> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!DpjgWo5gP1LIs1voosgx1XXcF6o5Eymyy_GJIIElLnneSnYkbBldTzw4ZKXRvA$> >> >> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!DpjgWo5gP1LIs1voosgx1XXcF6o5Eymyy_GJIIElLnneSnYkbBldTzxdUL6X1A$> >> >>> On May 19, 2021, at 6:26 PM, Ezeh Victor <vickeyzed...@gmail.com >>> <mailto:vickeyzed...@gmail.com>> wrote: >>> >>> Hi Ludovic, >>> >>> Thank you. >>> >>> The Let's Encrypt option was successful as seen below and the haproxy-admin >>> service was restarted >>> >>> <image.png> >>> >>> >>> When users try tried to access the captive portal, it was stuck on this >>> page. >>> >>> <image.png> >>> >>> All PF services were stopped and started again and users could no longer >>> access the page above that will enable them to access the captive portal. >>> >>> kindly assist as this will affect users by resumption. >>> >>> On Wed, 19 May 2021 at 20:35, Zammit, Ludovic <luza...@akamai.com >>> <mailto:luza...@akamai.com>> wrote: >>> The let’s encrypt integration with PF is pretty simple, it’s baed of the >>> HTTP challenge. >>> >>> If you want to use let’s encrypt service, your DNS name >>> self-service.dangote-group.con needs to resolve a public IP address that is >>> bind to the management interface over 443 and 80. >>> >>> Thanks, >>> >>> Ludovic Zammit >>> Product Support Engineer Principal >>> >>> Cell: +1.613.670.8432 >>> Akamai Technologies - Inverse >>> 145 Broadway >>> Cambridge, MA 02142 >>> Connect with Us: <https://community.akamai.com/> >>> <http://blogs.akamai.com/> >>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!G9vGOTkM6sqOIWJGYig9QvaqBKePkEkTKYSjwBMaDI-M06He7AhwSM7HPuJdbQ$> >>> >>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!G9vGOTkM6sqOIWJGYig9QvaqBKePkEkTKYSjwBMaDI-M06He7AhwSM5_CpBuXg$> >>> >>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!G9vGOTkM6sqOIWJGYig9QvaqBKePkEkTKYSjwBMaDI-M06He7AhwSM7Jgb9D1g$> >>> >>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!G9vGOTkM6sqOIWJGYig9QvaqBKePkEkTKYSjwBMaDI-M06He7AhwSM7Q7-BCow$> >>> >>>> On May 19, 2021, at 1:29 PM, Ezeh Victor <vickeyzed...@gmail.com >>>> <mailto:vickeyzed...@gmail.com>> wrote: >>>> >>>> HIi, >>>> >>>> My packetfence version is v10.2.0. >>>> >>>> I tried using the GUI to upload the required files. >>>> the private key generated when generating a .csr file was used in >>>> conjunction with the .crt file and this was the error message >>>> >>>> <image.png> >>>> >>>> Generating the .csr from the GUI does not generate a private key to be >>>> used in filling the data requirements. >>>> >>>> How can I tackle this? >>>> >>>> Also, trying out the let's encrypt option gives this error when testing >>>> public access >>>> >>>> <image.png> >>>> >>>> What is the procedure to use either? >>>> >>>> On Wed, 19 May 2021 at 13:00, Zammit, Ludovic <luza...@akamai.com >>>> <mailto:luza...@akamai.com>> wrote: >>>> Hello, >>>> >>>> Which PacketFence version are you using ? If it’s a version > v10 use the >>>> GUI for it, otherwise, the server.pem is a bundle of : server.key >>>> server.crt and intermediates if any. >>>> >>>> Thanks, >>>> >>>> Ludovic Zammit >>>> Product Support Engineer Principal >>>> >>>> Cell: +1.613.670.8432 >>>> Akamai Technologies - Inverse >>>> 145 Broadway >>>> Cambridge, MA 02142 >>>> Connect with Us: <https://community.akamai.com/> >>>> <http://blogs.akamai.com/> >>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!EcqHJUqV-wetV_DNm6yHnvvryi_qAFOdRAAcDbLbwCFp561F3FVPuGjCi8Wzbg$> >>>> >>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!EcqHJUqV-wetV_DNm6yHnvvryi_qAFOdRAAcDbLbwCFp561F3FVPuGi5eEi6EA$> >>>> >>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!EcqHJUqV-wetV_DNm6yHnvvryi_qAFOdRAAcDbLbwCFp561F3FVPuGjd3VOgFg$> >>>> >>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!EcqHJUqV-wetV_DNm6yHnvvryi_qAFOdRAAcDbLbwCFp561F3FVPuGg54xdavA$> >>>> >>>>> On May 19, 2021, at 4:23 AM, Ezeh Victor via PacketFence-users >>>>> <packetfence-users@lists.sourceforge.net >>>>> <mailto:packetfence-users@lists.sourceforge.net>> wrote: >>>>> >>>>> Hi, >>>>> >>>>> I have been having an issue using a third-party SSL certificate on PF for >>>>> the captive portal. >>>>> >>>>> Based on the documentation, the directive was to change the server.crt >>>>> and server.key files in the /usr/local/pf/conf/ssl/ folder. >>>>> >>>>> I generated the server.csr file using openssl req -new -newkey rsa:2048 >>>>> -nodes -keyout server.key -out server.csr. command >>>>> >>>>> I renamed the corresponding files to server.crt and server.pem and copied >>>>> them to the /usr/local/pf/conf/ssl/ folder and included the server.key >>>>> file generated during the server.csr generation. >>>>> >>>>> After doing this, I restarted the haproxy portal for the change to take >>>>> effect and it failed until I replace the server.pem file with the >>>>> original one. >>>>> >>>>> Please I need assistance with this. >>>>> >>>>> What am I missing? >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> PacketFence-users@lists.sourceforge.net >>>>> <mailto:PacketFence-users@lists.sourceforge.net> >>>>> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!C54N4JbJxSylz8oux_xKUlZBH1GUAKLr-30v-tBM_yic5PBVVZ9_bOER9HTRj4iI$ >>>>> >>>>> <https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!C54N4JbJxSylz8oux_xKUlZBH1GUAKLr-30v-tBM_yic5PBVVZ9_bOER9HTRj4iI$> >>>>> >>>> >>> >> >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
