Hello Jorge,
what we need is the user mac and the ap information.
I found that
https://support.huawei.com/enterprise/en/doc/EDOC1100008283/659354b1/display-url-template
Is it possible to add extra parameters like user-mac ssid ap-ip ap-mac ?
And if yes can you provide me the url generated by the controller when it
redirect ? (haproxy-portal log)
Regards
Fabrice
Le sam. 5 févr. 2022 à 20:42, Jorge Nolla <jno...@gmail.com> a écrit :
> Hi Team,
>
> Any input on this? We really would like to get this to work.
>
> Thank you!
> Jorge
>
> On Feb 2, 2022, at 7:48 PM, Jorge Nolla <jno...@gmail.com> wrote:
>
> Hi Fabrice,
>
> This is the sequence:
>
> Feb 2 14:51:32 wifi haproxy[2427]: 10.9.79.52:61132
> [02/Feb/2022:14:51:32.663] portal-http-10.0.255.99 10.0.255.99-backend/
> 127.0.0.1 0/0/0/201/201 200 7146 - - ---- 3/1/0/0/0 0/0 {wifi.fispy.mx}
> "GET /access?lang= HTTP/1.1"
> Feb 2 14:51:37 wifi haproxy[2427]: 10.9.79.52:61133
> [02/Feb/2022:14:51:37.905] portal-http-10.0.255.99 static/127.0.0.1
> 0/0/0/2/2 200 228 - - ---- 4/2/0/0/0 0/0 {10.0.255.99} "GET
> /common/network-access-detection.gif?r=1643838705224 HTTP/1.1"
> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61130
> [02/Feb/2022:14:51:43.927] portal-https-10.0.255.99~ 10.0.255.99-backend/
> 127.0.0.1 0/0/0/122/122 302 1018 - - ---- 4/1/0/0/0 0/0 {wifi.fispy.mx}
> "GET
> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
> HTTP/1.1"
> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61132
> [02/Feb/2022:14:51:44.060] portal-http-10.0.255.99 10.0.255.99-backend/
> 127.0.0.1 0/0/0/129/129 200 7146 - - ---- 4/2/0/0/0 0/0 {wifi.fispy.mx}
> "GET /access?lang= HTTP/1.1"
> Feb 2 14:51:49 wifi haproxy[2427]: 10.9.79.52:61133
> [02/Feb/2022:14:51:49.219] portal-http-10.0.255.99 static/127.0.0.1
> 0/0/0/1/1 200 228 - - ---- 4/2/0/0/0 0/0 {10.0.255.99} "GET
> /common/network-access-detection.gif?r=1643838716546 HTTP/1.1"
> Feb 2 14:51:55 wifi haproxy[2427]: 10.9.79.52:61130
> [02/Feb/2022:14:51:55.287] portal-https-10.0.255.99~ 10.0.255.99-backend/
> 127.0.0.1 0/0/0/136/136 302 1018 - - ---- 4/1/0/0/0 0/0 {wifi.fispy.mx}
> "GET
> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
> HTTP/1.1”
>
>
>
> On Feb 2, 2022, at 7:12 PM, Fabrice Durand <oeufd...@gmail.com> wrote:
>
> Hello Jorge,
>
> i will have a look closer.
> But i have a question, when the device is forwarded to the captive portal,
> (just before
> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin)
> , what is the url ?
> You should be able to see it in the haproxy-portal.log file.
>
> Regards
> Fabrice
>
> Le mer. 2 févr. 2022 à 10:18, Jorge Nolla <jno...@gmail.com> a écrit :
>
>> Hi Fabrice,
>>
>>
>> We almost have the configuration working, but are not sure how to get the
>> redirect to the client to work correctly. Attached is the documentation for
>> Cisco ISE which we used for PacketFence as well.
>>
>> Portal.fispy.mx <http://portal.fispy.mx/> is the Huawei AC.
>>
>> This is the format the client should get from PacketFence. This is the
>> only piece we are missing for this to work.
>>
>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>
>>
>> If we manually click on the link above, then the flow of traffic works
>> correctly CLIENT > AC > RADIUS (PacketFence), and authentication works. The
>> problem is that when the user logs in to the portal the redirect is broken.
>> The parameter for the redirect that PacketFence is serving, comes from a
>> configuration parameter within the AC. This configuration works fine for
>> Cisco ISE, but the URL format is not working for PacketFence.
>>
>>
>> When we configure the redirect this is what the client is getting from
>> PacketFence
>>
>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>
>>
>> url-template name PacketFence
>> url https://wifi.fispy.mx/captive-portal
>> url-parameter login-url switch_url https://portal.fispy.mx:8443/login
>> <<< THIS IS THE PARAMETER FOR THE REDIRECT TO PACKETFENCE
>>
>>
>>
>> AC CONFIG
>>
>> authentication-profile name PacketFence
>> portal-access-profile PacketFence
>> free-rule-template default_free_rule
>> authentication-scheme PacketFence
>> accounting-scheme PacketFence
>> radius-server PacketFence
>> force-push url https://www.fispy.mx
>>
>> radius-server template PacketFence
>> radius-server shared-key cipher %^%#*)l=:1.X-Yd$\<~orEF@
>> ]<}NMejv3)E^\6;7:NUY%^%#
>> radius-server authentication 10.0.255.99 1812 source ip-address
>> 10.7.255.2 weight 90
>> radius-server accounting 10.0.255.99 1813 source ip-address 10.7.255.2
>> weight 80
>> undo radius-server user-name domain-included
>> calling-station-id mac-format unformatted
>> called-station-id wlan-user-format ac-mac
>> radius-server attribute translate
>> radius-attribute disable HW-NAS-Startup-Time-Stamp send
>> radius-attribute disable HW-IP-Host-Address send
>> radius-attribute disable HW-Connect-ID send
>> radius-attribute disable HW-Version send
>> radius-attribute disable HW-Product-ID send
>> radius-attribute disable HW-Domain-Name send
>> radius-attribute disable HW-User-Extend-Info send
>>
>> url-template name PacketFence
>> url https://wifi.fispy.mx/captive-portal
>> url-parameter login-url switch_url https://portal.fispy.mx:8443/login
>> <<< THIS IS THE PARAMETER FOR THE REDIRECT TO PACKETFENCE
>>
>> web-auth-server PacketFence
>> server-ip 10.0.255.99
>> port 443
>> url-template PacketFence
>> protocol http
>> http get-method enable
>>
>> portal-access-profile name PacketFence
>> web-auth-server PacketFence direct
>>
>>
>> authentication-scheme PacketFence
>> authentication-mode radius
>>
>> wlan
>> security-profile name FISPY-WiFi
>>
>> vap-profile name FISPY-WiFi
>> service-vlan vlan-id 900
>> permit-vlan vlan-id 900
>> ssid-profile FISPY-WiFi
>> security-profile FISPY-WiFi
>> authentication-profile PacketFence
>> sta-network-detect disable
>> service-experience-analysis enable
>> mdns-snooping enable
>>
>>
>>
>>
>> ###CISCO ISE CONFIG TO COMPARE###
>>
>> url-template name CISCO-ISE
>> url
>> https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02
>> parameter start-mark #
>> url-parameter login-url switch_url https://portal.fispy.mx:8443/login
>>
>> ####################################
>>
>>
>>
>>
>>
>>
>> On Feb 2, 2022, at 6:17 AM, Fabrice Durand <oeufd...@gmail.com> wrote:
>>
>> Hello Jorge,
>>
>> do you have any Huawei documentation to implement that ?
>>
>> Regards
>> Fabrice
>>
>>
>> Le mer. 26 janv. 2022 à 15:59, Jorge Nolla via PacketFence-users <
>> packetfence-users@lists.sourceforge.net> a écrit :
>>
>>> Hi Team,
>>>
>>> We were wondering if anyone has had any success in configuring Web Auth
>>> for the Huawei AC? It’s somewhat critical for us to get this going.
>>>
>>> Thank you!
>>> Jorge
>>>
>>> _______________________________________________
>>> PacketFence-users mailing list
>>
>> PacketFence-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>
>>
>>
>>
>
>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
