Re: [PacketFence-users] Packetfence 7.3.0 Captive Portal Cisco WLC 8540 software version 8.10.105.0

2019-12-03 Thread Fabrice Durand via PacketFence-users 

Ok so try that first:


https://github.com/inverse-inc/packetfence/blob/packetfence-7.3.0/lib/pf/Switch/Cisco/WLC.pm#L608


From:

return unless ($uri =~ /.*sid(.*[^\/])/);

to:

return unless ($uri =~ /.*sid(.*[^\/&])/);


then restart httpd.portal


and let me know if it's ok.

Regards

Fabrice



Le 19-12-03 à 09 h 24, Day, Adrian a écrit :

Hi Fabrice,

Thank you so much for your reply.

I can confirm that the registration url on the switch is - 
http://172.16.207.67/Cisco::WLC 


I can then confirm that the Radius Attributes are:

Cisco-AVPair = "url-redirect-acl=Pre-Auth-For-WebRedirect"
Cisco-AVPair = "url-redirect=http://172.16.207.67/Cisco::WLC/sid3b70dc;

Which are correct as it works on the older IOS version of the Cisco WLC's.

The issue occurs when the user/client then gets redirected to the 
portal login page and it adds the following on the URL (highlighted in 
red):


http://172.16.207.67/sid3b70dc=www.msftconnecttest.com/redirect 



If I change the & symbol to a ? symbol manually on the clients browser 
it successfully redirects them to the Captive Portal Login Page.


Cisco helped me identify the issue along with them stating it is due 
to the new Cisco WLC IOS version since 8.5 I believe.


They gave me a fix of the below which if possible they asked me to 
add Packetfence


fixURL( char *URLstring )

{

int i, l;

 l = strlen( URLstring );

for( i = 0; i < l; i++) {

if ( URLstring[i] == '?' ) break;

if ( URLstring[i] == '&' ) {

URLstring[i] = '?';

break;

 }

return;

}


The above means nothing to me as I am not a coder. Which is why I have 
my fingers crossed that you will be able to help.


I appreciated any assistance you can offer as currently our Wireless 
Guest System is broken.


Thanks

Adrian





*Adrian Day*

Network Architect & Team Leader / Pensaer Rhwydwaith ac Arweinydd Tîm

SRS Shared Resource Service / Gwasanaeth Rhannu Adnoddau

Phone/Ffôn: +44 (0) 1633 62 4123, 07852842009

Email/Ebost: *adrian...@srswales.com ***

Rydym yn croesawu gohebiaeth yn Gymraeg a Saesneg. Cewch ateb Cymraeg 
i bob gohebiaeth yn Gymraeg ac ni fydd yn arwain i unrhyw oedi.


GRhA Gwasanaeth Rhannu Adnoddau, Tŷ Cyd 2, Stad Ddiwydiannol Gilchrist 
Thomas, Blaenafon, NP4 9RL


We welcome correspondence in Welsh and English. Correspondence 
received in Welsh will be answered in Welsh and will not lead to any 
delay.


SRS Shared Resource Service, Ty Cyd 2, Gilchrist Thomas Ind. Est, 
Blaenavon, NP4 9RL





*From:* Fabrice Durand via PacketFence-users 


*Sent:* 03 December 2019 13:50
*To:* packetfence-users@lists.sourceforge.net 


*Cc:* Fabrice Durand 
*Subject:* Re: [PacketFence-users] Packetfence 7.3.0 Captive Portal 
Cisco WLC 8540 software version 8.10.105.0


Hello Adrian,


can you check in the radius audit log (check the radius tab in the 
audit log entry.) what is the value of the cisco-vsa url-redirect 
attribute ?



Regards

Fabrice


Le 19-12-02 à 10 h 07, Day, Adrian via PacketFence-users a écrit :

Hello,

I was wondering if somebody could help me please.

We use Packetfence 7.3.0 Captive Portal with Cisco WLC 8540 software 
version 8.10.105.0.


We were able to access the captive portal when using Cisco WLC 
software version 8.3.151 however after updating the software it does 
not work.


I raised a Cisco TAC case who informed me that it is due to the 
redirection url.


This issue now is that when the Packetfence Server recieves the URL:

http://portal_ip/sid15bcfe=www.msftconnecttest.com/redirect 
not support error 501


Cisco has said that this error is due to the "&" symbol within the 
URL. They say that this should be changed to a "?" symbol.


If I change the URL manually on the browser it does work if I change 
it to a "?" (Then provides the captive portal login page)


My programming skill are very poor and I have found no way to alter 
any code within packetfence for this to happen automatically.


Could any of you please advise how I change this within packetfence?

Also could you please advise whether this is a known bug and if fixed 
in a newer version of packetfence?


Thanks

Adrian



*Adrian Day*

Network Architect & Team Leader / Pensaer Rhwydwaith ac Arweinydd Tîm

SRS Shared Resource Service / Gwasanaeth Rhannu Adnoddau

Phone/Ffôn: +44 (0) 1633 62 4123, 07852842009

Email/Ebost: *adrian...@srswales.com ***

Rydym yn croesawu gohebiaeth yn Gymraeg a Saesneg. Cewch ateb Cymraeg 
i bob gohebiaeth yn Gymraeg ac ni fydd yn arwain i unrhyw oedi.


GRhA Gwasanaeth Rhannu Adnoddau, Tŷ Cyd 2, Stad Ddiwydiannol 
Gilchrist Thomas, Blaenafon, NP4 9RL


We welcome correspondence in Welsh and English. Correspondence 
received in Welsh will be answered in Welsh and will not lead to any 
delay.


SRS Shared

Re: [PacketFence-users] Packetfence 7.3.0 Captive Portal Cisco WLC 8540 software version 8.10.105.0

2019-12-03 Thread Day, Adrian via PacketFence-users 
Hi Fabrice,

Thank you so much for your reply.

I can confirm that the registration url on the switch is - 
http://172.16.207.67/Cisco::WLC

I can then confirm that the Radius Attributes are:

Cisco-AVPair = "url-redirect-acl=Pre-Auth-For-WebRedirect"
Cisco-AVPair = "url-redirect=http://172.16.207.67/Cisco::WLC/sid3b70dc;

Which are correct as it works on the older IOS version of the Cisco WLC's.

The issue occurs when the user/client then gets redirected to the portal login 
page and it adds the following on the URL (highlighted in red):

http://172.16.207.67/sid3b70dc=www.msftconnecttest.com/redirect

If I change the & symbol to a ? symbol manually on the clients browser it 
successfully redirects them to the Captive Portal Login Page.

Cisco helped me identify the issue along with them stating it is due to the new 
Cisco WLC IOS version since 8.5 I believe.

They gave me a fix of the below which if possible they asked me to add 
Packetfence


fixURL( char *URLstring )

{

int i, l;

 l = strlen( URLstring );

 for( i = 0; i < l; i++) {

 if ( URLstring[i] == '?' ) break;

 if ( URLstring[i] == '&' ) {

 URLstring[i] = '?';

 break;

 }

 return;

}

The above means nothing to me as I am not a coder. Which is why I have my 
fingers crossed that you will be able to help.

I appreciated any assistance you can offer as currently our Wireless Guest 
System is broken.

Thanks

Adrian



[X]
Adrian Day
Network Architect & Team Leader / Pensaer Rhwydwaith ac Arweinydd Tîm
SRS Shared Resource Service / Gwasanaeth Rhannu Adnoddau
Phone/Ffôn: +44 (0) 1633 62 4123, 07852842009
Email/Ebost: adrian...@srswales.com

Rydym yn croesawu gohebiaeth yn Gymraeg a Saesneg. Cewch ateb Cymraeg i bob 
gohebiaeth yn Gymraeg ac ni fydd yn arwain i unrhyw oedi.
GRhA Gwasanaeth Rhannu Adnoddau, Tŷ Cyd 2, Stad Ddiwydiannol Gilchrist Thomas, 
Blaenafon, NP4 9RL

We welcome correspondence in Welsh and English. Correspondence received in 
Welsh will be answered in Welsh and will not lead to any delay.
SRS Shared Resource Service, Ty Cyd 2, Gilchrist Thomas Ind. Est, Blaenavon, 
NP4 9RL



From: Fabrice Durand via PacketFence-users 

Sent: 03 December 2019 13:50
To: packetfence-users@lists.sourceforge.net 

Cc: Fabrice Durand 
Subject: Re: [PacketFence-users] Packetfence 7.3.0 Captive Portal Cisco WLC 
8540 software version 8.10.105.0


Hello Adrian,


can you check in the radius audit log (check the radius tab in the audit log 
entry.) what is the value of the cisco-vsa url-redirect attribute ?


Regards

Fabrice


Le 19-12-02 à 10 h 07, Day, Adrian via PacketFence-users a écrit :
Hello,

I was wondering if somebody could help me please.

We use Packetfence 7.3.0 Captive Portal with Cisco WLC 8540 software version 
8.10.105.0.

We were able to access the captive portal when using Cisco WLC software version 
8.3.151 however after updating the software it does not work.

I raised a Cisco TAC case who informed me that it is due to the redirection url.

This issue now is that when the Packetfence Server recieves the URL:

http://portal_ip/sid15bcfe=www.msftconnecttest.com/redirect not 
support error 501

Cisco has said that this error is due to the "&" symbol within the URL. They 
say that this should be changed to a "?" symbol.

If I change the URL manually on the browser it does work if I change it to a 
"?" (Then provides the captive portal login page)

My programming skill are very poor and I have found no way to alter any code 
within packetfence for this to happen automatically.

Could any of you please advise how I change this within packetfence?

Also could you please advise whether this is a known bug and if fixed in a 
newer version of packetfence?

Thanks

Adrian


[X]

Adrian Day

Network Architect & Team Leader / Pensaer Rhwydwaith ac Arweinydd Tîm

SRS Shared Resource Service / Gwasanaeth Rhannu Adnoddau

Phone/Ffôn: +44 (0) 1633 62 4123, 07852842009

Email/Ebost: adrian...@srswales.com


Rydym yn croesawu gohebiaeth yn Gymraeg a Saesneg. Cewch ateb Cymraeg i bob 
gohebiaeth yn Gymraeg ac ni fydd yn arwain i unrhyw oedi.

GRhA Gwasanaeth Rhannu Adnoddau, Tŷ Cyd 2, Stad Ddiwydiannol Gilchrist Thomas, 
Blaenafon, NP4 9RL



We welcome correspondence in Welsh and English. Correspondence received in 
Welsh will be answered in Welsh and will not lead to any delay.

SRS Shared Resource Service, Ty Cyd 2, Gilchrist Thomas Ind. Est, Blaenavon, 
NP4 9RL





___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net

Re: [PacketFence-users] PF in Hot-StandBy mode

2019-12-03 Thread Pasquale Lo Bello via PacketFence-users 
Hello Nicolas,

thanks for your feedback. I've had a look to the guide, but it seems that
Clustering works well for vlan enforcement.

Does clustering fit well also for inline enforcement?

Thanks
Pasquale


Il giorno lun 2 dic 2019 alle ore 12:03 Nicolas Quiniou-Briand via
PacketFence-users  ha scritto:

> Hello,
>
> On 29/11/2019 12:39, Pasquale Lo Bello via PacketFence-users wrote:
> > Is there a guide for implementing PF in Inline Hot-Standby mode? I mean
> > 2 PF machines that share the same inline interface but where one is the
> > hot one and another is standby until the first fails someway.
>
> You could take a look at your Clustering Guide [1]. Clustering in
> PacketFence works as an active/active cluster, not active/passive. You
> need at least 3 nodes.
>
> [1] https://packetfence.org/doc/PacketFence_Clustering_Guide.html
> --
> Nicolas Quiniou-Briand
> n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
> Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
> (https://packetfence.org) and Fingerbank (http://fingerbank.org)
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Packetfence 7.3.0 Captive Portal Cisco WLC 8540 software version 8.10.105.0

2019-12-03 Thread Fabrice Durand via PacketFence-users 

Hello Adrian,


can you check in the radius audit log (check the radius tab in the audit 
log entry.) what is the value of the cisco-vsa url-redirect attribute ?



Regards

Fabrice


Le 19-12-02 à 10 h 07, Day, Adrian via PacketFence-users a écrit :

Hello,

I was wondering if somebody could help me please.

We use Packetfence 7.3.0 Captive Portal with Cisco WLC 8540 software 
version 8.10.105.0.


We were able to access the captive portal when using Cisco WLC 
software version 8.3.151 however after updating the software it does 
not work.


I raised a Cisco TAC case who informed me that it is due to the 
redirection url.


This issue now is that when the Packetfence Server recieves the URL:

http://portal_ip/sid15bcfe=www.msftconnecttest.com/redirect 
not support error 501


Cisco has said that this error is due to the "&" symbol within the 
URL. They say that this should be changed to a "?" symbol.


If I change the URL manually on the browser it does work if I change 
it to a "?" (Then provides the captive portal login page)


My programming skill are very poor and I have found no way to alter 
any code within packetfence for this to happen automatically.


Could any of you please advise how I change this within packetfence?

Also could you please advise whether this is a known bug and if fixed 
in a newer version of packetfence?


Thanks

Adrian



*Adrian Day*

Network Architect & Team Leader / Pensaer Rhwydwaith ac Arweinydd Tîm

SRS Shared Resource Service / Gwasanaeth Rhannu Adnoddau

Phone/Ffôn: +44 (0) 1633 62 4123, 07852842009

Email/Ebost: *adrian...@srswales.com ***

Rydym yn croesawu gohebiaeth yn Gymraeg a Saesneg. Cewch ateb Cymraeg 
i bob gohebiaeth yn Gymraeg ac ni fydd yn arwain i unrhyw oedi.


GRhA Gwasanaeth Rhannu Adnoddau, Tŷ Cyd 2, Stad Ddiwydiannol Gilchrist 
Thomas, Blaenafon, NP4 9RL


We welcome correspondence in Welsh and English. Correspondence 
received in Welsh will be answered in Welsh and will not lead to any 
delay.


SRS Shared Resource Service, Ty Cyd 2, Gilchrist Thomas Ind. Est, 
Blaenavon, NP4 9RL





___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PF in Hot-StandBy mode

2019-12-03 Thread Nicolas Quiniou-Briand via PacketFence-users 

Hello Pasquale,

On 03/12/2019 14:47, Pasquale Lo Bello wrote:

Does clustering fit well also for inline enforcement?


Yes !
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users