Hello Lee, we have already successfully deployed external captive portal with Aruba controller. It´s really simple and the code is already ready to go.
On pf side you must: - have a registration interface without dhcpd and dns enabled. - Configure the aruba controller as a Aruba 200 Controller, deauth method RADIUS, only select 'Role mapping by switch role' and set the role you defined in the controller 'Register' and 'Guest' and also define a radius secret (the same on both sides). On the controller you must configure packetfence as radius server (mgmt interface), enabled rfc 3576, and define 2 roles. The first role 'Register' will include an acl that restrict http and https traffic to packetfence (reg ip interface): rule <IP> 255.255.255.255 match any any any permit rule any any match udp 67 68 permit rule any any match udp 53 53 permit rule any any match any any any deny The second role 'Guest' will allow any: rule any any match any any any permit Also configure the url of the captive portal but i can´t remember where (probably in Authentication -> Security). BTW you don´t have to use ESI XML, all the role change will be done by CoA (rfc 3576). Regards Fabrice Le 2014-12-23 07:36, Lee a écrit : > > Hi Everyone, > > Ive recently been asked by employer to investigate if its possible to > use PacketFence as an external capture portal for guest users along > with an Aruba wireless controller. The key reason for looking at PF > is the ability to do self-service which the Aruba cannoy do by itself. > > Ive not had any experience with PacketFence before but from what I can > tell if supports all the necessary elements. We'd be looking to deploy > in out-of-band mode which I believe is the default anyway. > > The one bit that does appear to be missing is the ability to report > back to the Aruba via its ESI XML interface which is necessary for the > Aruba to give the user access, it doesnt. > > Has anyone had any experience of this and is it possible to add > additional authentication methods to PacketFence? > > Thanks in advance > > Lee > > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming! The Go Parallel Website, > sponsored by Intel and developed in partnership with Slashdot Media, is your > hub for all things parallel software development, from weekly thought > leadership blogs to news, videos, case studies, tutorials and more. Take a > look and join the conversation now. http://goparallel.sourceforge.net > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
0xF78F957E.asc
Description: application/pgp-keys
------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
