Thanks Fabrice,
That's a great response.
Just so I'm certain though would this still allow us to setup our own custom
registration form? I'm guessing yes as mention about setting the URL on the
controller.
Thanks again
Lee
On Tuesday, 23 December 2014, 14:02, Fabrice DURAND <[email protected]>
wrote:
Hello Lee,
we have already successfully deployed external captive portal with Aruba
controller.
It´s really simple and the code is already ready to go.
On pf side you must:
- have a registration interface without dhcpd and dns enabled.
- Configure the aruba controller as a Aruba 200 Controller, deauth method
RADIUS, only select 'Role mapping by switch role' and set the role you defined
in the controller 'Register' and 'Guest' and also define a radius secret (the
same on both sides).
On the controller you must configure packetfence as radius server (mgmt
interface), enabled rfc 3576, and define 2 roles.
The first role 'Register' will include an acl that restrict http and https
traffic to packetfence (reg ip interface):
rule <IP> 255.255.255.255 match any any any permit
rule any any match udp 67 68 permit
rule any any match udp 53 53 permit
rule any any match any any any deny
The second role 'Guest' will allow any:
rule any any match any any any permit
Also configure the url of the captive portal but i can´t remember where
(probably in Authentication -> Security).
BTW you don´t have to use ESI XML, all the role change will be done by CoA
(rfc 3576).
Regards
Fabrice
Le 2014-12-23 07:36, Lee a écrit :
Hi Everyone, Ive recently been asked by employer to investigate if its
possible to use PacketFence as an external capture portal for guest users along
with an Aruba wireless controller. The key reason for looking at PF is the
ability to do self-service which the Aruba cannoy do by itself. Ive not had any
experience with PacketFence before but from what I can tell if supports all the
necessary elements. We'd be looking to deploy in out-of-band mode which I
believe is the default anyway. The one bit that does appear to be missing is
the ability to report back to the Aruba via its ESI XML interface which is
necessary for the Aruba to give the user access, it doesnt. Has anyone had any
experience of this and is it possible to add additional authentication methods
to PacketFence? Thanks in advance Lee
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________PacketFence-users mailing
[email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
