Yes, that's it. Le mar. 8 févr. 2022 à 11:23, Jorge Nolla <jno...@gmail.com> a écrit :
> Fabrice, > > The document you had provided didn’t layout the configuration steps. I > think this might be the correct document for the configuration you are > referring. If you have a chance take a look and let me know. > > https://support.huawei.com/enterprise/mx/knowledge/EKB1100055064 > > > > On Feb 8, 2022, at 9:14 AM, Fabrice Durand <oeufd...@gmail.com> wrote: > > You can try that instead: > > my $html_form = qq[ > <form name="weblogin_form" data-autosubmit="1000" method="POST" > action="http://$controller_ip:8443/login";> > <input type="hidden" name="username" value="$mac"> > <input type="hidden" name="password" value="$mac"> > </form> > <script src="/content/autosubmit.js" > type="text/javascript"></script> > ]; > > It will pass the mac address of the device in the radius request as > username and password instead of the real username and password who has > been authenticated previously on the portal. > Then you just need to configure the registration role in the switch > configuration to be -1 (packetfence side) and if the device is unreg then > the request will be rejected. > > > Le mar. 8 févr. 2022 à 11:04, Jorge Nolla <jno...@gmail.com> a écrit : > >> Hi Fabrice, >> >> Let me check what the difference is in configuration on the AC side, I’ll >> report within the hour. Any clues as to why the parameters are not being >> passed? >> >> >> On Feb 8, 2022, at 8:55 AM, Fabrice Durand <oeufd...@gmail.com> wrote: >> >> Hello Jorge, >> >> i really think that it´s not the correct way to support the web auth in >> Huawei. >> The only thing you can do with the portal is to authenticate with a >> username and password, there is no way to do anything else >> (sms/email/sponsor/....). >> >> Also when you authenticate on the portal , the portal validate your >> username and password and with the workflow you have it will authenticate >> twice (portal and radius) and it doesn´t make sense. >> >> So if you want to keep this way then you will need a simple html page >> with a username and password field that post on >> https://portal.fispy.mx:8443/login then configure packetfence to >> authenticate the username and password from radius. >> >> The other way who looks really better is to use that: ( >> https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_2 >> ) >> >> <download.png> >> >> As i said , it´s exactly how it works with the cisco wlc and it will >> support all authentication mechanisms available on the portal. >> >> Regards >> Fabrice >> >> >> >> >> Le lun. 7 févr. 2022 à 20:25, Jorge Nolla <jno...@gmail.com> a écrit : >> >>> >>> Radius request from the AC once it receives the correct values. This is >>> sent back to Radius which in this case is PF >>> >>> User-Name = “5blz” *<<< VALUE NEEDED IN URL as username* User-Password >>> = "******” *<<< VALUE NEEDED IN URL as password* NAS-IP-Address = >>> 10.7.255.2 NAS-Port = 900 Service-Type = Framed-User Framed-Protocol = PPP >>> Framed-IP-Address = 10.9.91.31 Called-Station-Id = >>> "c0:f6:c2:a5:c4:d0:FISPY-WiFi" Calling-Station-Id = "f0:2f:4b:14:67:d9" >>> NAS-Identifier = "AirEngine9700-M1" NAS-Port-Type = Wireless-802.11 >>> Acct-Session-Id = "AirEngi00000000000900d5d66c0600187" Event-Timestamp = >>> "Feb 7 2022 18:05:13 MST" NAS-Port-Id = >>> "slot=0;subslot=0;port=0;vlanid=900" Huawei-Loopback-Address = >>> "C0F6-C2A5-C4D0" Huawei-User-Mac = "\000\000\000\003" Stripped-User-Name = >>> "5blz" Realm = "null" FreeRADIUS-Client-IP-Address = 10.7.255.2 >>> Called-Station-SSID = "FISPY-WiFi" PacketFence-KeyBalanced = >>> "aa86741e358fa86079a91aaf4dc581f9" PacketFence-Radius-Ip = "10.0.255.99" >>> SQL-User-Name = "5blz" >>> >>> On Feb 7, 2022, at 3:58 PM, Jorge Nolla <jno...@gmail.com> wrote: >>> >>> Hi Fabrice, >>> >>> I did hardcode as follow: >>> >>> <form name="weblogin_form" data-autosubmit="1000" method="GET" action=" >>> https://portal.fispy.mx:8443/login?username=bob&password=bob"; >>> style="display:none"> >>> >>> But the redirect which the client is getting, is only this part, not >>> sure why: >>> >>> https://portal.fispy.mx:8443/login? >>> >>> >>> Here is the flow of the External Portal Authentication as per Huawei. >>> Portal Server - Notify the STA of the login URL >>> STA - Send the username and password in HTTP GET POST. When this is >>> configured to use ISE as per the guide, the ISE server sends the redirect >>> to the STA as per the format. >>> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >>> >>> >>> <PastedGraphic-1.tiff> >>> >>> On Feb 7, 2022, at 2:51 PM, Fabrice Durand <oeufd...@gmail.com> wrote: >>> >>> Did you try to hardcode that in the code and see if it works ? >>> >>> Also i don´t understand the goal of passing the username and password , >>> is there any extra check after that ? What happen if the user register by >>> sms/email ? >>> >>> And i just found that: >>> >>> https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_1 >>> Is it something that can be configured on the Hawei ? If yes then it >>> will mimic the way the Cisco WLC works. >>> >>> Regards >>> Fabrice >>> >>> >>> Le lun. 7 févr. 2022 à 16:01, Jorge Nolla <jno...@gmail.com> a écrit : >>> >>>> Hi Fabrice, >>>> >>>> This line needs to be HTTPS for it to work >>>> <form name="weblogin_form" data-autosubmit="1000" method="GET" action=" >>>> http://$controller_ip:8443/login?username=bob&password=bob"; >>>> style="display:none”> >>>> >>>> This needs to be the username and password which is being entered by >>>> the user in the PF portal, which is the Radius username and password >>>> username=bob&password=bob >>>> >>>> >>>> On Feb 7, 2022, at 12:03 PM, Fabrice Durand <oeufd...@gmail.com> wrote: >>>> >>>> I just pushed a fix. >>>> >>>> cd /usr/local/pf >>>> curl >>>> https://github.com/inverse-inc/packetfence/commit/7628afddf46e0226667560dc33df192f9c4cf420.diff >>>> | patch -p1 >>>> and restart >>>> >>>> Le lun. 7 févr. 2022 à 13:46, Jorge Nolla <jno...@gmail.com> a écrit : >>>> >>>>> Here are the log outputs for /usr/local/pf/logs/packetfence.log >>>>> >>>>> >>>>> Feb 7 11:03:04 wifi packetfence_httpd.portal[61371]: >>>>> httpd.portal(61371) INFO: [mac:[undef]] URI '/Huawei' is detected as an >>>>> external captive portal URI (pf::web::externalportal::handle) >>>>> Feb 7 11:03:04 wifi packetfence_httpd.portal[61371]: >>>>> httpd.portal(61371) ERROR: [mac:[undef]] Cannot load perl module for >>>>> switch >>>>> type 'pf::Switch::Huawei'. Either switch type is unknown or switch type >>>>> perl module have compilation errors. See the following message for >>>>> details: >>>>> (pf::web::externalportal::handle) >>>>> Feb 7 11:03:06 wifi packetfence_httpd.portal[61370]: >>>>> httpd.portal(61370) INFO: [mac:[undef]] URI '/Huawei' is detected as an >>>>> external captive portal URI (pf::web::externalportal::handle) >>>>> Feb 7 11:03:06 wifi packetfence_httpd.portal[61370]: >>>>> httpd.portal(61370) ERROR: [mac:[undef]] Cannot load perl module for >>>>> switch >>>>> type 'pf::Switch::Huawei'. Either switch type is unknown or switch type >>>>> perl module have compilation errors. See the following message for >>>>> details: >>>>> (pf::web::externalportal::handle) >>>>> >>>>> >>>>> >>>>> On Feb 7, 2022, at 10:50 AM, Jorge Nolla <jno...@gmail.com> wrote: >>>>> >>>>> Here is the output for HAProxy >>>>> >>>>> Feb 7 10:48:54 wifi haproxy[2285]: 10.9.215.39:63814 >>>>> [07/Feb/2022:10:48:54.074] portal-https-10.0.255.99~ 10.0.255.99-backend/ >>>>> 127.0.0.1 0/0/0/13/13 501 413 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx} >>>>> "GET >>>>> /Huawei?ac-ip=10.7.255.2&userip=10.9.215.39&ssid=FISPY-WiFi&ap-mac=f02f4b1467d9 >>>>> HTTP/1.1” >>>>> >>>>> >>>>> >>>>> On Feb 7, 2022, at 10:06 AM, Jorge Nolla <jno...@gmail.com> wrote: >>>>> >>>>> Hi Fabrice, >>>>> >>>>> From the Pf portal after the patch is applied. >>>>> >>>>> type: 'Huawei' is not a valid value The chosen type (Huawei) is not >>>>> supported. >>>>> >>>>> On Feb 6, 2022, at 6:49 PM, Jorge Nolla <jno...@gmail.com> wrote: >>>>> >>>>> >>>>> This is the only option on the config. >>>>> >>>>> <Screen Shot 2022-02-06 at 6.48.16 PM.png> >>>>> >>>>> >>>>> On Feb 6, 2022, at 6:41 PM, Jorge Nolla <jno...@gmail.com> wrote: >>>>> >>>>> Hi Fabrice, >>>>> >>>>> Getting an error page from PF >>>>> >>>>> Not Implemented >>>>> GET no supported for current URL. >>>>> >>>>> How is the switch supposed to be defined in PF? >>>>> >>>>> >>>>> >>>>> On Feb 6, 2022, at 5:55 PM, Fabrice Durand <oeufd...@gmail.com> wrote: >>>>> >>>>> I am just not sure what to set for username and password, if you do >>>>> sms auth then there is no password. >>>>> >>>>> Also in the url it looks that it miss the mac address of the device , >>>>> can you try to add device-mac and see if the device mac is in the url ? >>>>> >>>>> Here the first draft: >>>>> >>>>> >>>>> https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff >>>>> >>>>> cd /usr/local/pf/ >>>>> curl >>>>> https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff >>>>> | patch -p1 >>>>> >>>>> then restart packetfence. >>>>> >>>>> On the controller: >>>>> >>>>> url-template name PacketFence >>>>> url https://wifi.fispy.mx/ <https://wifi.fispy.mx/captive-portal> >>>>> Hawei >>>>> url-parameter device-ip device-mac ac-ip user-ipaddress userip ssid >>>>> ssid user-mac ap-mac >>>>> >>>>> So when the device will be forwarded to the portal it should be able >>>>> to recognise the mac address and the ip of the device (in the bottom). >>>>> >>>>> Register on the portal and you should be forwarded to >>>>> http://$controller_ip:8443/login?username=bob&password=bob >>>>> >>>>> Let me know how it behave. >>>>> >>>>> Regards >>>>> Fabrice >>>>> >>>>> >>>>> >>>>> >>>>> Le dim. 6 févr. 2022 à 18:58, Jorge Nolla <jno...@gmail.com> a écrit : >>>>> >>>>>> Hi Fabrice >>>>>> >>>>>> This is the GET the AC is expecting: >>>>>> >>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >>>>>> >>>>>> If successful it will return as per image below. If it fails the AC >>>>>> will redirect back to the Portal >>>>>> >>>>>> <WebAuthentication.png> >>>>>> >>>>>> >>>>>> Here is the configuration: >>>>>> >>>>>> url-template name PacketFence >>>>>> url https://wifi.fispy.mx/captive-portal >>>>>> url-parameter login-url destination_url >>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >>>>>> >>>>>> >>>>>> HA Proxy output >>>>>> >>>>>> Feb 6 16:44:26 wifi haproxy[2427]: 10.9.70.173:52266 >>>>>> [06/Feb/2022:16:44:26.153] portal-https-10.0.255.99~ 10.0.255.99-backend/ >>>>>> 127.0.0.1 0/0/0/202/202 200 9003 - - ---- 2/1/0/0/0 0/0 { >>>>>> wifi.fispy.mx} "GET /captive-portal?destination_url= >>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >>>>>> HTTP/1.1" >>>>>> >>>>>> Only problem is that PacketFence is not updating the dynamic values >>>>>> with username and password for it to work >>>>>> >>>>>> AC = Access Controller. This manages the APs’ as they are operating >>>>>> in Fit/Lightweight mode. >>>>>> AP = Access Points. These are the actual radios. >>>>>> >>>>>> Best Regards, >>>>>> Jorge >>>>>> >>>>>> >>>>>> On Feb 6, 2022, at 4:40 PM, Fabrice Durand <oeufd...@gmail.com> >>>>>> wrote: >>>>>> >>>>>> Hello Jorge, >>>>>> >>>>>> i have what i need at least to be able to support the web-auth. >>>>>> The only thing i am not sure is at the end of the registration >>>>>> process what we are supposed to do. >>>>>> >>>>>> I will create a branch on github in order for you to test. (it will >>>>>> be an update of the Huawei switch module). >>>>>> >>>>>> For information, what is the ac-ip ac-mac versus ap-ip ap-mac ? >>>>>> >>>>>> Regards >>>>>> Fabrice >>>>>> >>>>>> >>>>>> Le dim. 6 févr. 2022 à 18:30, Jorge Nolla <jno...@gmail.com> a >>>>>> écrit : >>>>>> >>>>>>> If I try to manually send the redirect in the browser here is what >>>>>>> HA proxy records. This is a simple copy and paste in the browser and the >>>>>>> output: >>>>>>> >>>>>>> https://wifi.fispy.mx/captive-portal?destination_url= >>>>>>> https://portal.fispy.mx:8443/login?username=539z&password=0uf3 >>>>>>> >>>>>>> 4875 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx} "GET >>>>>>> /captive-portal?destination_url= >>>>>>> https://portal.fispy.mx:8443/login?username=539z&password=0uf3 >>>>>>> HTTP/1.1" >>>>>>> >>>>>>> >>>>>>> It doesn’t let it go through as it seems that is trying to validate >>>>>>> network connectivity >>>>>>> >>>>>>> >>>>>>> On Feb 6, 2022, at 4:07 PM, Jorge Nolla <jno...@gmail.com> wrote: >>>>>>> >>>>>>> Seems weird how the format of the URL is recorded/sent >>>>>>> >>>>>>> >>>>>>> Here is a normal redirect, the url is formatted correctly, >>>>>>> >>>>>>> >>>>>>> Feb 6 16:03:41 wifi haproxy[2427]: 10.99.1.20:63577 >>>>>>> [06/Feb/2022:16:03:41.232] portal-https-10.0.255.99~ >>>>>>> 10.0.255.99-backend/ >>>>>>> 127.0.0.1 0/0/1/233/234 200 4910 - - ---- 2/1/0/0/0 0/0 { >>>>>>> wifi.fispy.mx} "GET /captive-portal?destination_url= >>>>>>> https://www.fispy.mx/ HTTP/1.1" >>>>>>> >>>>>>> I’m not sure why the value sent by the AP has all the % and weird >>>>>>> symbols >>>>>>> destination%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>>>>>> <https://wifi.fispy.mx/captive-portal?switch_url=https://portal.fispy.mx:8443/login> >>>>>>> >>>>>>> >>>>>>> On Feb 6, 2022, at 4:00 PM, Jorge Nolla <jno...@gmail.com> wrote: >>>>>>> >>>>>>> Hi Fabrice, >>>>>>> >>>>>>> Here are the options that can be added: >>>>>>> >>>>>>> [AirEngine9700-M1-url-template-PacketFence]url-parameter ? >>>>>>> ap-group-name AP group name >>>>>>> ap-ip AP IP address >>>>>>> ap-location AP location >>>>>>> ap-mac AP MAC address >>>>>>> ap-name AP name >>>>>>> device-ip Device IP address >>>>>>> device-mac Device MAC address >>>>>>> login-url Device's login URL provided to the external portal >>>>>>> server >>>>>>> mac-address Mac address >>>>>>> redirect-url The url in user original http packet >>>>>>> set Set >>>>>>> ssid SSID >>>>>>> sysname Device name >>>>>>> user-ipaddress User IP address >>>>>>> user-mac User MAC address >>>>>>> >>>>>>> >>>>>>> url-template name PacketFence >>>>>>> url https://wifi.fispy.mx/captive-portal >>>>>>> url-parameter device-ip ac-ip user-ipaddress userip ssid ssid >>>>>>> user-mac ap-mac >>>>>>> >>>>>>> >>>>>>> 200 9003 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx} "GET >>>>>>> /captive-portal?ac%2Dip=10%2E7%2E255%2E2&userip=10%2E9%2E70%2E173&ssid=FISPY%2DWiFi&ap%2Dmac=f02f4b1467d9 >>>>>>> HTTP/1.1" >>>>>>> >>>>>>> >>>>>>> If we do not specify the URL on this configuration, where would >>>>>>> PacketFence get the value for the AC Web Authentication call? >>>>>>> >>>>>>> >>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >>>>>>> >>>>>>> Best Regards, >>>>>>> Jorge >>>>>>> >>>>>>> On Feb 5, 2022, at 8:23 PM, Fabrice Durand <oeufd...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>> Hello Jorge, >>>>>>> >>>>>>> what we need is the user mac and the ap information. >>>>>>> I found that >>>>>>> https://support.huawei.com/enterprise/en/doc/EDOC1100008283/659354b1/display-url-template >>>>>>> >>>>>>> Is it possible to add extra parameters like user-mac ssid ap-ip >>>>>>> ap-mac ? >>>>>>> >>>>>>> And if yes can you provide me the url generated by the controller >>>>>>> when it redirect ? (haproxy-portal log) >>>>>>> >>>>>>> Regards >>>>>>> Fabrice >>>>>>> >>>>>>> >>>>>>> >>>>>>> Le sam. 5 févr. 2022 à 20:42, Jorge Nolla <jno...@gmail.com> a >>>>>>> écrit : >>>>>>> >>>>>>>> Hi Team, >>>>>>>> >>>>>>>> Any input on this? We really would like to get this to work. >>>>>>>> >>>>>>>> Thank you! >>>>>>>> Jorge >>>>>>>> >>>>>>>> On Feb 2, 2022, at 7:48 PM, Jorge Nolla <jno...@gmail.com> wrote: >>>>>>>> >>>>>>>> Hi Fabrice, >>>>>>>> >>>>>>>> This is the sequence: >>>>>>>> >>>>>>>> Feb 2 14:51:32 wifi haproxy[2427]: 10.9.79.52:61132 >>>>>>>> [02/Feb/2022:14:51:32.663] portal-http-10.0.255.99 10.0.255.99-backend/ >>>>>>>> 127.0.0.1 0/0/0/201/201 200 7146 - - ---- 3/1/0/0/0 0/0 { >>>>>>>> wifi.fispy.mx} "GET /access?lang= HTTP/1.1" >>>>>>>> Feb 2 14:51:37 wifi haproxy[2427]: 10.9.79.52:61133 >>>>>>>> [02/Feb/2022:14:51:37.905] portal-http-10.0.255.99 static/127.0.0.1 >>>>>>>> 0/0/0/2/2 200 228 - - ---- 4/2/0/0/0 0/0 {10.0.255.99} "GET >>>>>>>> /common/network-access-detection.gif?r=1643838705224 HTTP/1.1" >>>>>>>> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61130 >>>>>>>> [02/Feb/2022:14:51:43.927] portal-https-10.0.255.99~ >>>>>>>> 10.0.255.99-backend/ >>>>>>>> 127.0.0.1 0/0/0/122/122 302 1018 - - ---- 4/1/0/0/0 0/0 { >>>>>>>> wifi.fispy.mx} "GET >>>>>>>> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>>>>>>> HTTP/1.1" >>>>>>>> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61132 >>>>>>>> [02/Feb/2022:14:51:44.060] portal-http-10.0.255.99 10.0.255.99-backend/ >>>>>>>> 127.0.0.1 0/0/0/129/129 200 7146 - - ---- 4/2/0/0/0 0/0 { >>>>>>>> wifi.fispy.mx} "GET /access?lang= HTTP/1.1" >>>>>>>> Feb 2 14:51:49 wifi haproxy[2427]: 10.9.79.52:61133 >>>>>>>> [02/Feb/2022:14:51:49.219] portal-http-10.0.255.99 static/127.0.0.1 >>>>>>>> 0/0/0/1/1 200 228 - - ---- 4/2/0/0/0 0/0 {10.0.255.99} "GET >>>>>>>> /common/network-access-detection.gif?r=1643838716546 HTTP/1.1" >>>>>>>> Feb 2 14:51:55 wifi haproxy[2427]: 10.9.79.52:61130 >>>>>>>> [02/Feb/2022:14:51:55.287] portal-https-10.0.255.99~ >>>>>>>> 10.0.255.99-backend/ >>>>>>>> 127.0.0.1 0/0/0/136/136 302 1018 - - ---- 4/1/0/0/0 0/0 { >>>>>>>> wifi.fispy.mx} "GET >>>>>>>> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>>>>>>> HTTP/1.1” >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Feb 2, 2022, at 7:12 PM, Fabrice Durand <oeufd...@gmail.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>> Hello Jorge, >>>>>>>> >>>>>>>> i will have a look closer. >>>>>>>> But i have a question, when the device is forwarded to the captive >>>>>>>> portal, (just before >>>>>>>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>>>>>>> <https://wifi.fispy.mx/captive-portal?switch_url=https://portal.fispy.mx:8443/login>) >>>>>>>> , what is the url ? >>>>>>>> You should be able to see it in the haproxy-portal.log file. >>>>>>>> >>>>>>>> Regards >>>>>>>> Fabrice >>>>>>>> >>>>>>>> Le mer. 2 févr. 2022 à 10:18, Jorge Nolla <jno...@gmail.com> a >>>>>>>> écrit : >>>>>>>> >>>>>>>>> Hi Fabrice, >>>>>>>>> >>>>>>>>> >>>>>>>>> We almost have the configuration working, but are not sure how to >>>>>>>>> get the redirect to the client to work correctly. Attached is the >>>>>>>>> documentation for Cisco ISE which we used for PacketFence as well. >>>>>>>>> >>>>>>>>> Portal.fispy.mx <http://portal.fispy.mx/> is the Huawei AC. >>>>>>>>> >>>>>>>>> This is the format the client should get from PacketFence. This is >>>>>>>>> the only piece we are missing for this to work. >>>>>>>>> >>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >>>>>>>>> >>>>>>>>> >>>>>>>>> If we manually click on the link above, then the flow of traffic >>>>>>>>> works correctly CLIENT > AC > RADIUS (PacketFence), and authentication >>>>>>>>> works. The problem is that when the user logs in to the portal the >>>>>>>>> redirect >>>>>>>>> is broken. The parameter for the redirect that PacketFence is serving, >>>>>>>>> comes from a configuration parameter within the AC. This configuration >>>>>>>>> works fine for Cisco ISE, but the URL format is not working for >>>>>>>>> PacketFence. >>>>>>>>> >>>>>>>>> >>>>>>>>> When we configure the redirect this is what the client is getting >>>>>>>>> from PacketFence >>>>>>>>> >>>>>>>>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>>>>>>>> >>>>>>>>> >>>>>>>>> url-template name PacketFence >>>>>>>>> url https://wifi.fispy.mx/captive-portal >>>>>>>>> url-parameter login-url switch_url >>>>>>>>> https://portal.fispy.mx:8443/login <<< THIS IS THE PARAMETER FOR >>>>>>>>> THE REDIRECT TO PACKETFENCE >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> AC CONFIG >>>>>>>>> >>>>>>>>> authentication-profile name PacketFence >>>>>>>>> portal-access-profile PacketFence >>>>>>>>> free-rule-template default_free_rule >>>>>>>>> authentication-scheme PacketFence >>>>>>>>> accounting-scheme PacketFence >>>>>>>>> radius-server PacketFence >>>>>>>>> force-push url https://www.fispy.mx >>>>>>>>> >>>>>>>>> radius-server template PacketFence >>>>>>>>> radius-server shared-key cipher %^%#*)l=:1.X-Yd$\<~orEF@ >>>>>>>>> ]<}NMejv3)E^\6;7:NUY%^%# >>>>>>>>> radius-server authentication 10.0.255.99 1812 source ip-address >>>>>>>>> 10.7.255.2 weight 90 >>>>>>>>> radius-server accounting 10.0.255.99 1813 source ip-address >>>>>>>>> 10.7.255.2 weight 80 >>>>>>>>> undo radius-server user-name domain-included >>>>>>>>> calling-station-id mac-format unformatted >>>>>>>>> called-station-id wlan-user-format ac-mac >>>>>>>>> radius-server attribute translate >>>>>>>>> radius-attribute disable HW-NAS-Startup-Time-Stamp send >>>>>>>>> radius-attribute disable HW-IP-Host-Address send >>>>>>>>> radius-attribute disable HW-Connect-ID send >>>>>>>>> radius-attribute disable HW-Version send >>>>>>>>> radius-attribute disable HW-Product-ID send >>>>>>>>> radius-attribute disable HW-Domain-Name send >>>>>>>>> radius-attribute disable HW-User-Extend-Info send >>>>>>>>> >>>>>>>>> url-template name PacketFence >>>>>>>>> url https://wifi.fispy.mx/captive-portal >>>>>>>>> url-parameter login-url switch_url >>>>>>>>> https://portal.fispy.mx:8443/login <<< THIS IS THE PARAMETER FOR >>>>>>>>> THE REDIRECT TO PACKETFENCE >>>>>>>>> >>>>>>>>> web-auth-server PacketFence >>>>>>>>> server-ip 10.0.255.99 >>>>>>>>> port 443 >>>>>>>>> url-template PacketFence >>>>>>>>> protocol http >>>>>>>>> http get-method enable >>>>>>>>> >>>>>>>>> portal-access-profile name PacketFence >>>>>>>>> web-auth-server PacketFence direct >>>>>>>>> >>>>>>>>> >>>>>>>>> authentication-scheme PacketFence >>>>>>>>> authentication-mode radius >>>>>>>>> >>>>>>>>> wlan >>>>>>>>> security-profile name FISPY-WiFi >>>>>>>>> >>>>>>>>> vap-profile name FISPY-WiFi >>>>>>>>> service-vlan vlan-id 900 >>>>>>>>> permit-vlan vlan-id 900 >>>>>>>>> ssid-profile FISPY-WiFi >>>>>>>>> security-profile FISPY-WiFi >>>>>>>>> authentication-profile PacketFence >>>>>>>>> sta-network-detect disable >>>>>>>>> service-experience-analysis enable >>>>>>>>> mdns-snooping enable >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ###CISCO ISE CONFIG TO COMPARE### >>>>>>>>> >>>>>>>>> url-template name CISCO-ISE >>>>>>>>> url >>>>>>>>> https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02 >>>>>>>>> parameter start-mark # >>>>>>>>> url-parameter login-url switch_url >>>>>>>>> https://portal.fispy.mx:8443/login >>>>>>>>> >>>>>>>>> #################################### >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Feb 2, 2022, at 6:17 AM, Fabrice Durand <oeufd...@gmail.com> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>> Hello Jorge, >>>>>>>>> >>>>>>>>> do you have any Huawei documentation to implement that ? >>>>>>>>> >>>>>>>>> Regards >>>>>>>>> Fabrice >>>>>>>>> >>>>>>>>> >>>>>>>>> Le mer. 26 janv. 2022 à 15:59, Jorge Nolla via PacketFence-users < >>>>>>>>> packetfence-users@lists.sourceforge.net> a écrit : >>>>>>>>> >>>>>>>>>> Hi Team, >>>>>>>>>> >>>>>>>>>> We were wondering if anyone has had any success in configuring >>>>>>>>>> Web Auth for the Huawei AC? It’s somewhat critical for us to get >>>>>>>>>> this going. >>>>>>>>>> >>>>>>>>>> Thank you! >>>>>>>>>> Jorge >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> PacketFence-users mailing list >>>>>>>>> >>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>> >>> >> >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
