Oh ok i understand now.
So it's not so simple, the issue is that the wlc intercept the
http/https traffic and forward it to packetfence.
When the captive portal redirect you to google (for oauth login) then
the domains used by google for oauth needs to be whitelisted by the wlc.
But you can't manage the ip list in your redirect acl (it can changed
day by day).
The only thing you can do is to use the fqdn acl, i never did it working
(i tried it but the feature wasn't really ready and right now i don't
have any wlc to test with).
https://www.cisco.com/c/en/us/td/docs/wireless/controller/5700/software/release/3e/security/configuration-guide/b_sec_3e_5700_cg/b_sec_3e_5700_cg_chapter_01100.pdf
Let me know if you are able to make it work, i am interested to have the
config.
Regards
Fabrice
Le 19-04-01 à 21 h 56, Lierman, Andrew a écrit :
Yes that is correct portal is enabled on management interface.
I am doing web auth with a Cisco 5508 controller
Need any other details ?
On Mon, Apr 1, 2019 at 8:52 PM Durand fabrice <fdur...@inverse.ca
<mailto:fdur...@inverse.ca>> wrote:
Hello Andrew,
sorry but i don't understand your setup.
So you have only one management interface and you probably enable
the portal on this interface.
based on you describe, i suppose that you are doing web auth but
with which equipment ?
More details are appreciated.
Regards
Fabrice
Le 19-03-31 à 21 h 54, Lierman, Andrew a écrit :
Yes, it does hit the portal no problem and I can register with
email and or radius. I have packetfence setup to use my guest
vlan as registration even though there is no interface.
What happens when I try to Authenticate with Google is the client
just disconnects and reconnects and goes right back to the portal
again.
Not sure where else to look to make it work. Any log file that
would tell me anything ?
Or do I need a registration interface to make this work?
On Sun, Mar 31, 2019 at 8:36 PM Durand fabrice via
PacketFence-users <packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
But what i don't understand is when a device connect on your
ssid, does it hit the portal ?
Because there is no registration interface and the client is
dropped directly on the guest vlan.
Regards
Fabrice
Le 19-03-31 à 18 h 46, Lierman, Andrew a écrit :
Hello!
Yes, I do have a captive portal. The Google Auth works when
I do a preview of the portal, it just doesn’t work when a
wireless client tries to authenticate. Not sure if it has
something to do with the ACL on the wireless controller or
not during registration. Just not sure on how to get it
functioning.
On Sun, Mar 31, 2019 at 5:43 PM Durand fabrice via
PacketFence-users <packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello Andrew,
do you have a captive portal ?
It's mandatory if you want to authenticate with google auth.
Regards
Fabrice
Le 19-03-26 à 09 h 27, Lierman, Andrew via
PacketFence-users a écrit :
I have Google Auth setup and working, but when I try to
use it for Guests to register on my Wifi, it never
works. I have the authorized domains configured as well
as the passthrough domains configured.
What am I missing? Currently the only interface I am
using is the management interface of which has Internet
access. All clients get dropped into my guest vlan
right away (not using a registration interface managed
by packetfence) and then AAA override takes over if any
users match any rules.
Do I need another interface to be able to get out to
the Internet or need to add a routed network or is
there a log file that will tell me what is going on? I
checked out packetfence.log but did not find much help
there.
Thanks for any help anyone can provide.
*Confidentiality Notice:*This e-mail message, including
any attachments, is for the sole use of the intended
recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are
not the intended recipient, please contact the sender
by reply e-mail and destroy all copies of the original
message. The views expressed in this transmission are
not necessarily the views of the School District of
Altoona.
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Andrew Lierman
Network Specialist
School District of Altoona
1903 Bartlett Ave, Altoona WI 54720
<https://maps.google.com/?q=1903+Bartlett+Ave,+Altoona+WI+54720&entry=gmail&source=g>
tel:715-838-7087
*Confidentiality Notice:*This e-mail message, including any
attachments, is for the sole use of the intended
recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and
destroy all copies of the original message. The views
expressed in this transmission are not necessarily the views
of the School District of Altoona.
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Andrew Lierman
Network Specialist
School District of Altoona
1903 Bartlett Ave, Altoona WI 54720
<https://maps.google.com/?q=1903+Bartlett+Ave,+Altoona+WI+54720&entry=gmail&source=g>
tel:715-838-7087
*Confidentiality Notice:*This e-mail message, including any
attachments, is for the sole use of the intended recipient(s) and
may contain confidential and privileged information. Any
unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the
original message. The views expressed in this transmission are
not necessarily the views of the School District of Altoona.
--
Andrew Lierman
Network Specialist
School District of Altoona
1903 Bartlett Ave, Altoona WI 54720
tel:715-838-7087
*Confidentiality Notice:*This e-mail message, including any
attachments, is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. Any unauthorized
review, use, disclosure or distribution is prohibited. If you are not
the intended recipient, please contact the sender by reply e-mail and
destroy all copies of the original message. The views expressed in
this transmission are not necessarily the views of the School District
of Altoona.
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
