Hi Fabrice, Thanks for the pointers, currently the module doesn't support it, i'll will try to add that, please check the attached module and please share your thoughts,
Ali On Fri, Dec 13, 2019 at 9:54 AM Durand fabrice <[email protected]> wrote: > Hello Ali, > > can you share with me the switch module you created ? > > Also do you have this function: > > > https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Cisco/Catalyst_2960.pm#L631 > > and do you have that support: > > > https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Cisco/Catalyst_2960.pm#L142 > > Regards > > Fabrice > > > Le 19-12-12 à 20 h 32, Amjad Ali a écrit : > > > Hi Fabrice, > > Yes I tried that and the service was not running, not sure why but I > finally restarted it successfuly. > > root@packetfence:/usr/local/pf/lib/pf/Switch# netstat -nlp| grep 80 > tcp 0 0 127.0.0.1:6380 0.0.0.0:* > LISTEN 19274/redis-server > tcp 0 0 127.0.0.1:80 0.0.0.0:* > LISTEN 19433/apache2 > tcp 0 0 10.10.50.187:80 0.0.0.0:* > LISTEN 19321/haproxy > tcp 0 0 192.168.200.1:80 0.0.0.0:* > LISTEN 19321/haproxy > tcp6 0 0 :::8888 :::* LISTEN > 19180/pfhttpd > tcp6 0 0 :::8889 :::* LISTEN > 19180/pfhttpd > > Now i can reach the login page but something is still not right, and I > guess it has alot to do with my understanding of how web auth works in PF, > please check the attached image of my browser window. The error is Your > computer was not found in the PacketFence database. Please reboot to solve > this issue. > > If you have questions about this page, contact your local support staff > for assistance. Please provide the following information: > > IP 10.10.50.173 > > MAC 0 > How web auth works on our switch (Pica8) is a bit like this. > 1. When we configure a switch port for web auth, we have an internally > running DNS and DHCP listening for requests from clients connected to that > port. Clients get IP and DNS locally from the switch, we dont allow clients > to get infrastructure DHCP and DNS. > 2. Next the client is redirected to the portal login page. > 3. User enters credentials and get authenticated. > 4. The PF server updates the client MAC as a known client or something > like put unknown clients into the guest vlan or some other vlan. AND at the > same time (with a delay of maybe around 20 seconds) send a CoA bounce port > to allow the clients release the locally assigned DHCP IP address and get > an IP from the infrastructure DHCP which would be running in the PF > assigned new VLAN. > 5. Thats a total of 2 MAB authentication, once to be classified by PF as > unknown or guest clients and send in the portal redirect URL, then a portal > login with username/password and a second and final MAB after the port > bounce to get put in the guest VLAN. > > Hope that explains the use case. And thank you again for the time and > effort. > > Ali > > On Thu, Dec 12, 2019 at 10:35 PM Fabrice Durand via PacketFence-users < > [email protected]> wrote: > >> Hello Ali, >> >> can you do that: >> >> netstats -nlp| grep 80 >> >> and see if there is a http/haproxy service listening on the port ? >> >> Regards >> >> Fabrice >> >> >> Le 19-12-10 à 22 h 38, Amjad Ali via PacketFence-users a écrit : >> >> Hello Ludovic, >> >> Thanks for the response. >> >> I am using web auth with Pica8 switch, this module doesn't support web >> auth but I have incorporated the code to do web auth. >> >> The server returns the redirect URL but the client can't access the >> portal. I tried 'http://10.10.50.187/Cisco::Catalyst_2960' just to test >> the portal but getting connection refused response. >> >> I just need access to the portal login page, which i can't seem to find >> at the moment. And yes, on the management interface I have the portal and >> radius demons running. I only have one interface, the management interface. >> >> Thanks again for your help >> Ali >> >> >> >> On Tue, Dec 10, 2019 at 10:49 PM Ludovic Zammit <[email protected]> >> wrote: >> >>> Hello Ali, >>> >>> On which equipment are you trying to use Web auth ? >>> >>> Here’s an example on a wired switch: >>> >>> >>> https://packetfence.org/doc/PacketFence_Installation_Guide.html#_configure_switchport_for_web_authentication >>> >>> To answer your question it should be the IP of your Management most of >>> the time. You need to make sure that you have a portal daemon listening on >>> that one. >>> >>> Thanks, >>> >>> Ludovic Zammit >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >>> >>> >>> >>> >>> On Dec 10, 2019, at 5:41 AM, Amjad Ali via PacketFence-users < >>> [email protected]> wrote: >>> >>> Hello All, >>> >>> I have a PF 9.2 setup. I want to try web authentication feature but I >>> dont really know what would be the address of the login portal. I need it >>> for the redirect URL sent by the server in case an unregistered user is put >>> in registration VLAN. >>> >>> I access my PF with the following URL >>> >>> https://10.10.50.187:1443 >>> >>> So what would be the portal address? I tried https://10.10.50.187/sid >>> but with no luck, on chrome i get ERR_CON_REFUSED. I checked the >>> httpd.portal service is running, the haproxy.portal seems not running and i >>> failed to start it manually. >>> >>> My connection profile has external portal enforcement enabled. >>> >>> Any help would be greatly appreciated. >>> >>> Ali >>> -- >>> Amjad Ali >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> >>> >> >> -- >> Amjad Ali >> >> >> _______________________________________________ >> PacketFence-users mailing >> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> -- >> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >> www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > > > -- > Amjad Ali > > -- Amjad Ali
Pica8.pm
Description: Binary data
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
