Hi Ludovic, I can reach the PF management interface as shown below;
[image: image.png] On Fri, 21 May 2021 at 16:40, Zammit, Ludovic <luza...@akamai.com> wrote: > Ping the DNS name, can you reach the PF management interface ? > > Thanks, > > *Ludovic Zammit* > *Product Support Engineer Principal* > *Cell:* +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com> > <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> > <http://www.linkedin.com/company/akamai-technologies> > <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > > On May 21, 2021, at 9:33 AM, Ezeh Victor <vickeyzed...@gmail.com> wrote: > > Hi Ludovic, > > Thank you. You were right. > > The internal radius service was up and I had to stop it > <image.png> > > <image.png> > > I restarted the radius service on PF and it came up; > <image.png> > > <image.png> > > The challenge now is that the captive portal is still not available but > this time, the browser tries to go the URL of the captive portal when a > user connects as shown below; > <image.png> > > The Haproxy-portal and httpd-portal services are up and running as shown > below; > > <image.png> > > <image.png> > > > Is there any other dependency I should review? > > On Fri, 21 May 2021 at 13:59, Zammit, Ludovic <luza...@akamai.com> wrote: > >> It looks like you have another radius process running. >> >> bin/pfcmd service pf stop >> >> ps -edf | grep radiusd >> >> pkill -f -9 radiusd >> >> bin/pfcmd service pf start >> >> See if it fixes it, otherwise look at the radiusd log to see what’s going >> on. >> >> radiusd -d /usr/local/pf/raddb -n auth -CX >> >> Thanks, >> >> *Ludovic Zammit* >> *Product Support Engineer Principal* >> *Cell:* +1.613.670.8432 >> Akamai Technologies - Inverse >> 145 Broadway >> Cambridge, MA 02142 >> Connect with Us: <https://community.akamai.com/> >> <http://blogs.akamai.com/> >> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!GD1Y1VN7hlfRxpFUozPldn0PUiUN1_-qy4jFAuM1puSQI_BAYDYelx7rvFZ_4A$> >> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!GD1Y1VN7hlfRxpFUozPldn0PUiUN1_-qy4jFAuM1puSQI_BAYDYelx64xH5k5w$> >> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!GD1Y1VN7hlfRxpFUozPldn0PUiUN1_-qy4jFAuM1puSQI_BAYDYelx7x4pBIPA$> >> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!GD1Y1VN7hlfRxpFUozPldn0PUiUN1_-qy4jFAuM1puSQI_BAYDYelx4SdnhE_g$> >> >> On May 21, 2021, at 5:44 AM, Ezeh Victor <vickeyzed...@gmail.com> wrote: >> >> Hi Ludovic, >> >> Further checks revealed this; >> <image.png> >> >> Attempted to start the radius service failed and there is no information >> on the service using port 1812 that is hindering the service from starting. >> >> On Fri, 21 May 2021 at 10:31, Ezeh Victor <vickeyzed...@gmail.com> wrote: >> >>> Hi Ludovic, >>> >>> I have restarted all PF services, the hostname set to self-service, >>> domain set to dangote-group.com >>> <https://urldefense.com/v3/__http://dangote-group.com__;!!GjvTz_vk!G_FYqU73Hvd_S3hjH0pz2nsxM960sjT_m-Tnd-5fgLV9Lo-gA231JLR_UPUQbQ$> >>> and the result is same. >>> >>> I checked Radius Logs and this is what I observed; >>> <image.png> >>> >>> That is the reason why the service has refused to start as seen below; >>> <image.png> >>> >>> Efforts to start the service have failed. Any ideas please as this is >>> vital to the configuration as highlighted by PF >>> >>> At the moment, the SSL for Radius uses Let's Encrypt as seen below; >>> <image.png> >>> <image.png> >>> >>> And the HTTP SSL uses Godaddy; >>> <image.png> >>> >>> Will this affect the response or redirection to the portal? >>> >>> On Thu, 20 May 2021 at 16:15, Zammit, Ludovic <luza...@akamai.com> >>> wrote: >>> >>>> Keep that ACL and change the URL returned in the radius reply. >>>> >>>> Do you see the captive portal ? >>>> >>>> Restart all PF service once you changed the host and domain name. >>>> >>>> Thanks, >>>> >>>> *Ludovic Zammit* >>>> *Product Support Engineer Principal* >>>> *Cell:* +1.613.670.8432 >>>> Akamai Technologies - Inverse >>>> 145 Broadway >>>> Cambridge, MA 02142 >>>> Connect with Us: <https://community.akamai.com/> >>>> <http://blogs.akamai.com/> >>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!G_FYqU73Hvd_S3hjH0pz2nsxM960sjT_m-Tnd-5fgLV9Lo-gA231JLRJkmCAIA$> >>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!G_FYqU73Hvd_S3hjH0pz2nsxM960sjT_m-Tnd-5fgLV9Lo-gA231JLRbtvD2jg$> >>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!G_FYqU73Hvd_S3hjH0pz2nsxM960sjT_m-Tnd-5fgLV9Lo-gA231JLRCjzGrVg$> >>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!G_FYqU73Hvd_S3hjH0pz2nsxM960sjT_m-Tnd-5fgLV9Lo-gA231JLRSbpIVUw$> >>>> >>>> On May 20, 2021, at 11:12 AM, Ezeh Victor <vickeyzed...@gmail.com> >>>> wrote: >>>> >>>> Hi Ludovic, >>>> >>>> Reviewing the configuration on WLC, there is an ACL in use to redirect >>>> users that connect to the SSID of interest to PF captive portal; >>>> <image.png> >>>> >>>> I cannot use the DNS name here like I did in PF but from my initial >>>> response, the name resolves to the IP in the ACL which I believe should >>>> work. >>>> >>>> Could this be the problem? >>>> >>>> On Thu, 20 May 2021 at 15:44, Ezeh Victor <vickeyzed...@gmail.com> >>>> wrote: >>>> >>>>> Hi Ludovic, >>>>> >>>>> Kindly find my observations below; >>>>> >>>>> After certificate installation, I still receive this; >>>>> <image.png> >>>>> >>>>> Your recommendations were followed in your previous email and the >>>>> config was changed to *https://self-service.dangote-group.com/Cisco::WLC >>>>> <https://urldefense.com/v3/__https://self-service.dangote-group.com/Cisco::WLC__;!!GjvTz_vk!HrDX1Mox1tt24FNmEoFficJm4MvIuCLEM0jEgCeKrctu9xpKVLUVPqeKprbLQg$>* >>>>> and this time around there was not even a prompt from the browser to go to >>>>> the captive portal. >>>>> >>>>> Attempts to visit a site to trigger the captive portal only returned >>>>> this; >>>>> <image.jpeg> >>>>> >>>>> This is the dns resolution; >>>>> <image.png> >>>>> >>>>> On Thu, 20 May 2021 at 14:25, Zammit, Ludovic <luza...@akamai.com> >>>>> wrote: >>>>> >>>>>> Hello Victor, >>>>>> >>>>>> <PastedGraphic-8.tiff> >>>>>> >>>>>> Here put the dns name of the portal: >>>>>> https://self-service.dangote-group.com/Cisco::WLC >>>>>> <https://urldefense.com/v3/__https://self-service.dangote-group.com/Cisco::WLC__;!!GjvTz_vk!HrDX1Mox1tt24FNmEoFficJm4MvIuCLEM0jEgCeKrctu9xpKVLUVPqeKprbLQg$> >>>>>> >>>>>> The issue now is to make sure that dns name revolves the PF >>>>>> management interface either local IP or Public IP from the guest (where >>>>>> the >>>>>> device sits) network. >>>>>> >>>>>> Thanks, >>>>>> >>>>>> *Ludovic Zammit* >>>>>> *Product Support Engineer Principal* >>>>>> *Cell:* +1.613.670.8432 >>>>>> Akamai Technologies - Inverse >>>>>> 145 Broadway >>>>>> Cambridge, MA 02142 >>>>>> Connect with Us: <https://community.akamai.com/> >>>>>> <http://blogs.akamai.com/> >>>>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!HrDX1Mox1tt24FNmEoFficJm4MvIuCLEM0jEgCeKrctu9xpKVLUVPqfwdi8GTA$> >>>>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!HrDX1Mox1tt24FNmEoFficJm4MvIuCLEM0jEgCeKrctu9xpKVLUVPqcdld1VvA$> >>>>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!HrDX1Mox1tt24FNmEoFficJm4MvIuCLEM0jEgCeKrctu9xpKVLUVPqfapp-Prg$> >>>>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!HrDX1Mox1tt24FNmEoFficJm4MvIuCLEM0jEgCeKrctu9xpKVLUVPqdXqzAMUA$> >>>>>> >>>>>> On May 20, 2021, at 9:21 AM, Ezeh Victor <vickeyzed...@gmail.com> >>>>>> wrote: >>>>>> >>>>>> Hi Ludovic, >>>>>> >>>>>> Let me kindly explain the scenario here....... >>>>>> >>>>>> The PF server's internal IP is *172.31.2.89* and resolves internally >>>>>> to *self-service.dangote-group.com >>>>>> <https://urldefense.com/v3/__http://self-service.dangote-group.com__;!!GjvTz_vk!DpjgWo5gP1LIs1voosgx1XXcF6o5Eymyy_GJIIElLnneSnYkbBldTzwgo0Br6w$>* >>>>>> . >>>>>> >>>>>> We needed Sponsors to be able to approve guest requests over the >>>>>> internet without the need for VPN, so a public DNS mapping was done for >>>>>> the >>>>>> same name to *80.88.10.20* to make that happen. >>>>>> >>>>>> The hostname of PF server is; >>>>>> >>>>>> <image.png> >>>>>> >>>>>> There is no special configuration for web authentication re-direct as >>>>>> the default setup for the captive portal is being used. >>>>>> >>>>>> This is the switch config; >>>>>> <image.png> >>>>>> >>>>>> Should I change the IP information for the registration URL to the >>>>>> public IP? >>>>>> >>>>>> On Thu, 20 May 2021 at 12:34, Zammit, Ludovic <luza...@akamai.com> >>>>>> wrote: >>>>>> >>>>>>> I’m no mastermind but self-service.dangote-group.com >>>>>>> <https://urldefense.com/v3/__http://self-service.dangote-group.com__;!!GjvTz_vk!DpjgWo5gP1LIs1voosgx1XXcF6o5Eymyy_GJIIElLnneSnYkbBldTzwgo0Br6w$> >>>>>>> is >>>>>>> different from 172.31.2.89. >>>>>>> >>>>>>> Make sure that you have the correct hostname and domain under >>>>>>> Configuration > System Configuration > General configuration >>>>>>> >>>>>>> If you are using web auth redirection change your URL as well either >>>>>>> from the switch config in PF or the switch / controller itself. >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> *Ludovic Zammit* >>>>>>> *Product Support Engineer Principal* >>>>>>> *Cell:* +1.613.670.8432 >>>>>>> Akamai Technologies - Inverse >>>>>>> 145 Broadway >>>>>>> Cambridge, MA 02142 >>>>>>> Connect with Us: <https://community.akamai.com/> >>>>>>> <http://blogs.akamai.com/> >>>>>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!DpjgWo5gP1LIs1voosgx1XXcF6o5Eymyy_GJIIElLnneSnYkbBldTzyyXBe2sA$> >>>>>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!DpjgWo5gP1LIs1voosgx1XXcF6o5Eymyy_GJIIElLnneSnYkbBldTzxMMvUVXw$> >>>>>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!DpjgWo5gP1LIs1voosgx1XXcF6o5Eymyy_GJIIElLnneSnYkbBldTzw4ZKXRvA$> >>>>>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!DpjgWo5gP1LIs1voosgx1XXcF6o5Eymyy_GJIIElLnneSnYkbBldTzxdUL6X1A$> >>>>>>> >>>>>>> On May 19, 2021, at 6:26 PM, Ezeh Victor <vickeyzed...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>> Hi Ludovic, >>>>>>> >>>>>>> Thank you. >>>>>>> >>>>>>> The Let's Encrypt option was successful as seen below and the >>>>>>> haproxy-admin service was restarted >>>>>>> >>>>>>> <image.png> >>>>>>> >>>>>>> >>>>>>> When users try tried to access the captive portal, it was stuck on >>>>>>> this page. >>>>>>> >>>>>>> <image.png> >>>>>>> >>>>>>> All PF services were stopped and started again and users could no >>>>>>> longer access the page above that will enable them to access the captive >>>>>>> portal. >>>>>>> >>>>>>> kindly assist as this will affect users by resumption. >>>>>>> >>>>>>> On Wed, 19 May 2021 at 20:35, Zammit, Ludovic <luza...@akamai.com> >>>>>>> wrote: >>>>>>> >>>>>>>> The let’s encrypt integration with PF is pretty simple, it’s baed >>>>>>>> of the HTTP challenge. >>>>>>>> >>>>>>>> If you want to use let’s encrypt service, your DNS name >>>>>>>> self-service.dangote-group.con needs to resolve a public IP address >>>>>>>> that is >>>>>>>> bind to the management interface over 443 and 80. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>>> *Ludovic Zammit* >>>>>>>> *Product Support Engineer Principal* >>>>>>>> *Cell:* +1.613.670.8432 >>>>>>>> Akamai Technologies - Inverse >>>>>>>> 145 Broadway >>>>>>>> Cambridge, MA 02142 >>>>>>>> Connect with Us: <https://community.akamai.com/> >>>>>>>> <http://blogs.akamai.com/> >>>>>>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!G9vGOTkM6sqOIWJGYig9QvaqBKePkEkTKYSjwBMaDI-M06He7AhwSM7HPuJdbQ$> >>>>>>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!G9vGOTkM6sqOIWJGYig9QvaqBKePkEkTKYSjwBMaDI-M06He7AhwSM5_CpBuXg$> >>>>>>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!G9vGOTkM6sqOIWJGYig9QvaqBKePkEkTKYSjwBMaDI-M06He7AhwSM7Jgb9D1g$> >>>>>>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!G9vGOTkM6sqOIWJGYig9QvaqBKePkEkTKYSjwBMaDI-M06He7AhwSM7Q7-BCow$> >>>>>>>> >>>>>>>> On May 19, 2021, at 1:29 PM, Ezeh Victor <vickeyzed...@gmail.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>> HIi, >>>>>>>> >>>>>>>> My packetfence version is v10.2.0. >>>>>>>> >>>>>>>> I tried using the GUI to upload the required files. >>>>>>>> >>>>>>>> 1. the private key generated when generating a .csr file was >>>>>>>> used in conjunction with the .crt file and this was the error >>>>>>>> message >>>>>>>> >>>>>>>> >>>>>>>> <image.png> >>>>>>>> >>>>>>>> Generating the .csr from the GUI does not generate a private key to >>>>>>>> be used in filling the data requirements. >>>>>>>> >>>>>>>> How can I tackle this? >>>>>>>> >>>>>>>> Also, trying out the let's encrypt option gives this error when >>>>>>>> testing public access >>>>>>>> >>>>>>>> <image.png> >>>>>>>> >>>>>>>> What is the procedure to use either? >>>>>>>> >>>>>>>> On Wed, 19 May 2021 at 13:00, Zammit, Ludovic <luza...@akamai.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hello, >>>>>>>>> >>>>>>>>> Which PacketFence version are you using ? If it’s a version > v10 >>>>>>>>> use the GUI for it, otherwise, the server.pem is a bundle of : >>>>>>>>> server.key >>>>>>>>> server.crt and intermediates if any. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> >>>>>>>>> *Ludovic Zammit* >>>>>>>>> *Product Support Engineer Principal* >>>>>>>>> *Cell:* +1.613.670.8432 >>>>>>>>> Akamai Technologies - Inverse >>>>>>>>> 145 Broadway >>>>>>>>> Cambridge, MA 02142 >>>>>>>>> Connect with Us: <https://community.akamai.com/> >>>>>>>>> <http://blogs.akamai.com/> >>>>>>>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!EcqHJUqV-wetV_DNm6yHnvvryi_qAFOdRAAcDbLbwCFp561F3FVPuGjCi8Wzbg$> >>>>>>>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!EcqHJUqV-wetV_DNm6yHnvvryi_qAFOdRAAcDbLbwCFp561F3FVPuGi5eEi6EA$> >>>>>>>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!EcqHJUqV-wetV_DNm6yHnvvryi_qAFOdRAAcDbLbwCFp561F3FVPuGjd3VOgFg$> >>>>>>>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!EcqHJUqV-wetV_DNm6yHnvvryi_qAFOdRAAcDbLbwCFp561F3FVPuGg54xdavA$> >>>>>>>>> >>>>>>>>> On May 19, 2021, at 4:23 AM, Ezeh Victor via PacketFence-users < >>>>>>>>> packetfence-users@lists.sourceforge.net> wrote: >>>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> I have been having an issue using a third-party SSL certificate on >>>>>>>>> PF for the captive portal. >>>>>>>>> >>>>>>>>> Based on the documentation, the directive was to change the >>>>>>>>> server.crt and server.key files in the /usr/local/pf/conf/ssl/ >>>>>>>>> folder. >>>>>>>>> >>>>>>>>> I generated the server.csr file using *openssl req -new -newkey >>>>>>>>> rsa:2048 -nodes -keyout server.key -out server.csr*. command >>>>>>>>> >>>>>>>>> I renamed the corresponding files to server.crt and server.pem and >>>>>>>>> copied them to the /usr/local/pf/conf/ssl/ folder and included the >>>>>>>>> server.key file generated during the server.csr generation. >>>>>>>>> >>>>>>>>> After doing this, I restarted the haproxy portal for the change to >>>>>>>>> take effect and it failed until I replace the server.pem file with >>>>>>>>> the >>>>>>>>> original one. >>>>>>>>> >>>>>>>>> Please I need assistance with this. >>>>>>>>> >>>>>>>>> What am I missing? >>>>>>>>> _______________________________________________ >>>>>>>>> PacketFence-users mailing list >>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>> >>>>>>>>> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!C54N4JbJxSylz8oux_xKUlZBH1GUAKLr-30v-tBM_yic5PBVVZ9_bOER9HTRj4iI$ >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>> >> >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
