Hello Ali,
can you share with me the switch module you created ?
Also do you have this function:
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Cisco/Catalyst_2960.pm#L631
and do you have that support:
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Cisco/Catalyst_2960.pm#L142
Regards
Fabrice
Le 19-12-12 à 20 h 32, Amjad Ali a écrit :
Hi Fabrice,
Yes I tried that and the service was not running, not sure why but I
finally restarted it successfuly.
root@packetfence:/usr/local/pf/lib/pf/Switch# netstat -nlp| grep 80
tcp 0 0 127.0.0.1:6380 <http://127.0.0.1:6380>
0.0.0.0:* LISTEN 19274/redis-server
tcp 0 0 127.0.0.1:80 <http://127.0.0.1:80>
0.0.0.0:* LISTEN 19433/apache2
tcp 0 0 10.10.50.187:80 <http://10.10.50.187:80>
0.0.0.0:* LISTEN 19321/haproxy
tcp 0 0 192.168.200.1:80 <http://192.168.200.1:80>
0.0.0.0:* LISTEN 19321/haproxy
tcp6 0 0 :::8888 :::* LISTEN
19180/pfhttpd
tcp6 0 0 :::8889 :::* LISTEN
19180/pfhttpd
Now i can reach the login page but something is still not right, and I
guess it has alot to do with my understanding of how web auth works in
PF, please check the attached image of my browser window. The error is
Your computer was not found in the PacketFence database. Please reboot
to solve this issue.
If you have questions about this page, contact your local support
staff for assistance. Please provide the following information:
IP 10.10.50.173
MAC 0
How web auth works on our switch (Pica8) is a bit like this.
1. When we configure a switch port for web auth, we have an internally
running DNS and DHCP listening for requests from clients connected to
that port. Clients get IP and DNS locally from the switch, we dont
allow clients to get infrastructure DHCP and DNS.
2. Next the client is redirected to the portal login page.
3. User enters credentials and get authenticated.
4. The PF server updates the client MAC as a known client or something
like put unknown clients into the guest vlan or some other vlan. AND
at the same time (with a delay of maybe around 20 seconds) send a CoA
bounce port to allow the clients release the locally assigned DHCP IP
address and get an IP from the infrastructure DHCP which would be
running in the PF assigned new VLAN.
5. Thats a total of 2 MAB authentication, once to be classified by PF
as unknown or guest clients and send in the portal redirect URL, then
a portal login with username/password and a second and final MAB after
the port bounce to get put in the guest VLAN.
Hope that explains the use case. And thank you again for the time and
effort.
Ali
On Thu, Dec 12, 2019 at 10:35 PM Fabrice Durand via PacketFence-users
<[email protected]
<mailto:[email protected]>> wrote:
Hello Ali,
can you do that:
netstats -nlp| grep 80
and see if there is a http/haproxy service listening on the port ?
Regards
Fabrice
Le 19-12-10 à 22 h 38, Amjad Ali via PacketFence-users a écrit :
Hello Ludovic,
Thanks for the response.
I am using web auth with Pica8 switch, this module doesn't
support web auth but I have incorporated the code to do web auth.
The server returns the redirect URL but the client can't access
the portal. I tried 'http://10.10.50.187/Cisco::Catalyst_2960'
just to test the portal but getting connection refused response.
I just need access to the portal login page, which i can't seem
to find at the moment. And yes, on the management interface I
have the portal and radius demons running. I only have one
interface, the management interface.
Thanks again for your help
Ali
On Tue, Dec 10, 2019 at 10:49 PM Ludovic Zammit
<[email protected] <mailto:[email protected]>> wrote:
Hello Ali,
On which equipment are you trying to use Web auth ?
Here’s an example on a wired switch:
https://packetfence.org/doc/PacketFence_Installation_Guide.html#_configure_switchport_for_web_authentication
To answer your question it should be the IP of your
Management most of the time. You need to make sure that you
have a portal daemon listening on that one.
Thanks,
Ludovic Zammit
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
On Dec 10, 2019, at 5:41 AM, Amjad Ali via PacketFence-users
<[email protected]
<mailto:[email protected]>> wrote:
Hello All,
I have a PF 9.2 setup. I want to try web authentication
feature but I dont really know what would be the address of
the login portal. I need it for the redirect URL sent by the
server in case an unregistered user is put in registration VLAN.
I access my PF with the following URL
https://10.10.50.187:1443 <https://10.10.50.187:1443/>
So what would be the portal address? I tried
https://10.10.50.187/sid but with no luck, on chrome i get
ERR_CON_REFUSED. I checked the httpd.portal service is
running, the haproxy.portal seems not running and i failed
to start it manually.
My connection profile has external portal enforcement enabled.
Any help would be greatly appreciated.
Ali
--
Amjad Ali
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Amjad Ali
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] <mailto:[email protected]> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Amjad Ali
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
