Hi Fabrice,
Yes I tried that and the service was not running, not sure why but I
finally restarted it successfuly.
root@packetfence:/usr/local/pf/lib/pf/Switch# netstat -nlp| grep 80
tcp 0 0 127.0.0.1:6380 0.0.0.0:* LISTEN
19274/redis-server
tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN
19433/apache2
tcp 0 0 10.10.50.187:80 0.0.0.0:* LISTEN
19321/haproxy
tcp 0 0 192.168.200.1:80 0.0.0.0:* LISTEN
19321/haproxy
tcp6 0 0 :::8888 :::* LISTEN
19180/pfhttpd
tcp6 0 0 :::8889 :::* LISTEN
19180/pfhttpd
Now i can reach the login page but something is still not right, and I
guess it has alot to do with my understanding of how web auth works in PF,
please check the attached image of my browser window. The error is Your
computer was not found in the PacketFence database. Please reboot to solve
this issue.
If you have questions about this page, contact your local support staff for
assistance. Please provide the following information:
IP 10.10.50.173
MAC 0
How web auth works on our switch (Pica8) is a bit like this.
1. When we configure a switch port for web auth, we have an internally
running DNS and DHCP listening for requests from clients connected to that
port. Clients get IP and DNS locally from the switch, we dont allow clients
to get infrastructure DHCP and DNS.
2. Next the client is redirected to the portal login page.
3. User enters credentials and get authenticated.
4. The PF server updates the client MAC as a known client or something like
put unknown clients into the guest vlan or some other vlan. AND at the same
time (with a delay of maybe around 20 seconds) send a CoA bounce port to
allow the clients release the locally assigned DHCP IP address and get an
IP from the infrastructure DHCP which would be running in the PF assigned
new VLAN.
5. Thats a total of 2 MAB authentication, once to be classified by PF as
unknown or guest clients and send in the portal redirect URL, then a portal
login with username/password and a second and final MAB after the port
bounce to get put in the guest VLAN.
Hope that explains the use case. And thank you again for the time and
effort.
Ali
On Thu, Dec 12, 2019 at 10:35 PM Fabrice Durand via PacketFence-users <
[email protected]> wrote:
> Hello Ali,
>
> can you do that:
>
> netstats -nlp| grep 80
>
> and see if there is a http/haproxy service listening on the port ?
>
> Regards
>
> Fabrice
>
>
> Le 19-12-10 à 22 h 38, Amjad Ali via PacketFence-users a écrit :
>
> Hello Ludovic,
>
> Thanks for the response.
>
> I am using web auth with Pica8 switch, this module doesn't support web
> auth but I have incorporated the code to do web auth.
>
> The server returns the redirect URL but the client can't access the
> portal. I tried 'http://10.10.50.187/Cisco::Catalyst_2960' just to test
> the portal but getting connection refused response.
>
> I just need access to the portal login page, which i can't seem to find at
> the moment. And yes, on the management interface I have the portal and
> radius demons running. I only have one interface, the management interface.
>
> Thanks again for your help
> Ali
>
>
>
> On Tue, Dec 10, 2019 at 10:49 PM Ludovic Zammit <[email protected]>
> wrote:
>
>> Hello Ali,
>>
>> On which equipment are you trying to use Web auth ?
>>
>> Here’s an example on a wired switch:
>>
>>
>> https://packetfence.org/doc/PacketFence_Installation_Guide.html#_configure_switchport_for_web_authentication
>>
>> To answer your question it should be the IP of your Management most of
>> the time. You need to make sure that you have a portal daemon listening on
>> that one.
>>
>> Thanks,
>>
>> Ludovic Zammit
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>>
>>
>>
>>
>>
>> On Dec 10, 2019, at 5:41 AM, Amjad Ali via PacketFence-users <
>> [email protected]> wrote:
>>
>> Hello All,
>>
>> I have a PF 9.2 setup. I want to try web authentication feature but I
>> dont really know what would be the address of the login portal. I need it
>> for the redirect URL sent by the server in case an unregistered user is put
>> in registration VLAN.
>>
>> I access my PF with the following URL
>>
>> https://10.10.50.187:1443
>>
>> So what would be the portal address? I tried https://10.10.50.187/sid
>> but with no luck, on chrome i get ERR_CON_REFUSED. I checked the
>> httpd.portal service is running, the haproxy.portal seems not running and i
>> failed to start it manually.
>>
>> My connection profile has external portal enforcement enabled.
>>
>> Any help would be greatly appreciated.
>>
>> Ali
>> --
>> Amjad Ali
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>
> --
> Amjad Ali
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> --
> Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
--
Amjad Ali
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
