Hello Antoine, thank you for your reply.
Our client has several locations using Packetfence, and he wanted a centralized server for CP with a customizable CMS. So we are using mod_proxy directive in captive-portal-common.tt to forward requests to this centralized CP. We already tested the pass through configuration which works fine. But sadly it is not really an option for because this implies that there is always access to Facebook, Google, Twitter etc. Sadly, most of the login screens of these social networks use the www.xxx.com domain name and also refer to a lot of external resources for JS, images etc. Because of this it is not possible to disable access to Facebook for example in general, but allow access to the login screen of facebook. This only could be done with firewall rules on the protocol / HTTP level. So we decided to give the users temporary access to the Internet when they decide to get verified by social networks. I wonder if pfdns and trapping mechanism could be configured to sent the right local IP address for CP name resolution and forwards all other requests to the external DNS. Thanks, Till On 14.07.2016 15:11, Antoine Amacher wrote: > Hello Till, > > I am not sure how your authentication by social media is working but why > not use OAuth2 sources? > > You could also add any domains you want to authorize to the pass through > list, in this way people will be in the registration VLAN with access to > authorized sites. If you need sites to enable for your social media > access, you can check in the OAuth sources, each have a predefined list. > > Thanks > > On 07/14/2016 12:03 AM, [email protected] wrote: >> Hi there, >> >> We wrote our own captive portal, which allows the user to get verified >> by social networks. For this reason we give him temporary access first >> so he can reach the social network login pages. >> >> But now we have the problem that he can not be directed back to the >> captive portal as long as he as the temporary Internet access. The >> reason is that DNS resolution of captive portal (i.e. PF server) does >> not work anymore. >> >> Because we are using a public DNS server, we can not add the captive >> portal IP (which is a local one in the LAN) to this DNS. >> >> Is there a way to tell Packetfence to continue trapping and resolving >> DNS requests of the captive portal's name, as long as we grant temporary >> Internet access to the user? >> This would solve our problem. >> >> Or is there another way to resolve the PF name without using a local DNS? >> >> Best regards, >> Till >> >> ------------------------------------------------------------------------------ >> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >> patterns at an interface-level. Reveals which users, apps, and protocols are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity >> planning >> reports.http://sdm.link/zohodev2dev >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
