> you might want to check /usr/local/pg/logs for the file httpd.portal.access > and look for the string rfc7710 in there?
First, thank you for the effort but I didn't see anything in the logs about rfc7710. But, I have not enabled debugging in the logs yet so there is still hope. Quick question though, currently we do not use PF for our DHCP (even for registration or isolation). With that in mind would the info you mention still show up in the logs? Jake Sallee Godfather of Bandwidth System Engineer and Security Specialist University of Mary Hardin-Baylor WWW.UMHB.EDU 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 ________________________________________ From: Diego García del Río <dgar...@mediatel.com.ar> Sent: Wednesday, July 7, 2021 5:47 PM To: packetfence-users@lists.sourceforge.net Cc: Sallee, Jake Subject: Re: [PacketFence-users] Captive Portal Issue on Mobile Devices EXTERNAL Exercise Caution you might want to check /usr/local/pg/logs for the file httpd.portal.access and look for the string rfc7710 in there... (and sorry, its RFC 7710bis, not 7720bis) Diego Garcia del Rio | CTO | Mediatel S.A. | Tel: +54 11 5218 0463 (x103) | Cel: +54 9 11 4530-4697 | www.mediatel.com.ar<http://www.mediatel.com.ar/> | Juan Carlos Cruz 2360 – 4B (1636), Vicente López, Buenos Aires, Argentina | https://goo.gl/maps/NZCFPwVkFFf14cR67 On Wed, 7 Jul 2021 at 19:45, Diego García del Río <dgar...@mediatel.com.ar<mailto:dgar...@mediatel.com.ar>> wrote: Hi.. I asume you're running your portal on https? release 10.2 had introduced dhcp-based portal discovery (RFC 7720bis support) and apple devices, most of which should be running a 2020 or newer os, should support it. if you can capture traffic on the portal interface on your cluster, you should see that the url for packetfence should be returned in a dhcp option (that finishes in "/rfc7710"). I believe the logs might show it (but only maybe in debug level) the clients then query that url. Can you check if the proper, load-balanced url is being returned? somehow maybe the device is failing to contact the /rfc7710 endpoint or something, like the client being authenticated is being returned and thus the apple device think its logged in? its a wild guess.. but it would be one option why you see this on apple devices. (newer windows releases should support it as well, but not 100% sure when /what release it would be). Android 11 also added support, but of course, there you have a much more fragmented ecosystem and i haven't seen non-google devices implementing it yet. Diego Garcia del Rio | CTO | Mediatel S.A. | Tel: +54 11 5218 0463 (x103) | Cel: +54 9 11 4530-4697 | www.mediatel.com.ar<http://www.mediatel.com.ar/> | Juan Carlos Cruz 2360 – 4B (1636), Vicente López, Buenos Aires, Argentina | https://goo.gl/maps/NZCFPwVkFFf14cR67 On Wed, 7 Jul 2021 at 18:35, Sallee, Jake via PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> wrote: Hello all! This is a strange one and I hope someone out there has faced this demon before and can help. We are running PF 10.3 (with latest maintenance patches) in a 3 node cluster. TLDR: Captive portal issues on iPhones and some mobile devices, cant find any reason in the logs as to why it would be happening. Started happening out of the blue, updated to 10.3 and applied all patches but nothing helped. Long version: The issue seems to be centered around WiFi on iPhones and some mobile computers (laptops, tables, etc) where some are Apple products and some are not. Android phones seem not to be affected. When an unregistered endpoint is assigned an IP in the registration network the device notices the captive portal and tries to open a browser window to facilitate the registration process. However this is where things begin to go wrong. Some of the time the page does not load at all, after a brief wait of perhaps 7 seconds, the mobile browser generates an error saying the page cannot be loaded. When the error is dismissed the browser automatically closes and the user is dumped to the home screen on their device. Sometimes it does load but the custom logo is not displayed (loads a broken jpg). Sometimes the page loads as plain text and no CSS. If the page does load enough for the user to accept the AUP and fill out the registration form. When the user submits the form, however the same browser error is displayed and the user id bounced out of the browser app. If the error occurs AFTER submitting the registration form, the device still shows as unregistered in PF. However, if the user rejoins the network the captive portal page will be presented but it will be the enabling access page with the progress bar (and a still broken jpg). Interestingly, the device will now show as registered in PF and will have the correct role assigned. I have been scouring the logs and can?t seem to find any entries that would point to a cause. Desktops and Laptops with full OS on them do not seem to have the issue. Any help would be greatly appreciated. Jake Sallee Godfather of Bandwidth System Engineer and Security Specialist University of Mary Hardin-Baylor WWW.UMHB.EDU<http://WWW.UMHB.EDU> 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
