[PacketFence-users] DNS Resolution of Captive Portal after granting Access

[g4-lisz]

Hi there,

We wrote our own captive portal, which allows the user to get verified
by social networks. For this reason we give him temporary access first
so he can reach the social network login pages.

But now we have the problem that he can not be directed back to the
captive portal as long as he as the temporary Internet access. The
reason is that DNS resolution of captive portal (i.e. PF server) does
not work anymore.

Because we are using a public DNS server, we can not add the captive
portal IP (which is a local one in the LAN) to this DNS.

Is  there a way to tell Packetfence to continue trapping and resolving
DNS requests of the captive portal's name, as long as we grant temporary
Internet access to the user?
This would solve our problem.

Or is there another way to resolve the PF name without using a local DNS?

Best regards,
Till

--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PacketFenceonDebian8.5httpd.admin(configurator) won'tstart

[Mark L. (mark332)]

Hello, I’m back with new info:

I moved the hard drive to another pc of mine and reinstalled Debian.
After I’ve completed the PacketFence installation just as always the 
configurator was up and running.

This could mean that the other (newer) PC has issues with the hardware or some 
other problem somehow related to that (e.g. firmware).
I’m tending to something with the firmware since the newer PC requires 
firmware-linux-nonfree to run without complaints during startup.

Any further thoughts about this ? 

Regards,

Mark L.

From: Mark L. (mark332)--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] sponsored access

[Morris, Andi]

Any thoughts on this guys?

Cheers,
Andi

From: Morris, Andi [mailto:amor...@cardiffmet.ac.uk]
Sent: 08 July 2016 15:19
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] sponsored access

Apologies for the barrage of emails. I think this is now something to do with 
the captive portal detection on androids, as it seems that after about 20-30 
seconds of being in the captive portal the device then decides it has no 
internet access, which timing wise coincides with roughly the amount of time 
that was taking place between sending the sponsored request and the staff 
member accepting the invite (in production this will actually be a lot longer).

Looking at httpd.portal.access log I see the following:
192.168.225.28 - - [07/Jul/2016:14:35:11 +0100] "GET /generate_204 HTTP/1.1" 
302 1147 "-" "Dalvik/2.1.0 (Linux; U; Android 6.0.1; Nexus 5 Build/MOB30M)"
192.168.225.28 - - [07/Jul/2016:14:35:19 +0100] "GET /generate_204 HTTP/1.1" 
302 1147 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5 Build/MOB30M; wv) 
AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/51.0.2704.81 Mobile 
Safari/537.36"
192.168.225.28 - - [07/Jul/2016:14:35:20 +0100] "GET /generate_204 HTTP/1.1" 
302 1147 "-" "Dalvik/2.1.0 (Linux; U; Android 6.0.1; Nexus 5 Build/MOB30M)"
192.168.225.28 - - [07/Jul/2016:14:35:20 +0100] "GET /generate_204 HTTP/1.1" 
302 1147 "-" "Dalvik/2.1.0 (Linux; U; Android 6.0.1; Nexus 5 Build/MOB30M)"
192.168.225.28 - - [07/Jul/2016:14:35:20 +0100] "GET /generate_204 HTTP/1.1" 
302 1147 "-" "Dalvik/2.1.0 (Linux; U; Android 6.0.1; Nexus 5 Build/MOB30M)"
192.168.225.28 - - [07/Jul/2016:14:35:20 +0100] "GET /generate_204 HTTP/1.1" 
302 1147 "-" "Dalvik/2.1.0 (Linux; U; Android 6.0.1; Nexus 5 Build/MOB30M)"
192.168.225.28 - - [07/Jul/2016:14:35:21 +0100] "GET /generate_204 HTTP/1.1" 
302 1147 "-" "Dalvik/2.1.0 (Linux; U; Android 6.0.1; Nexus 5 Build/MOB30M)"
192.168.225.28 - - [07/Jul/2016:14:35:23 +0100] "GET /generate_204 HTTP/1.1" 
302 1147 "-" "Dalvik/2.1.0 (Linux; U; Android 6.0.1; Nexus 5 Build/MOB30M)"

Which looks to me like one of the generate_204 gets is actually getting a 302 
response back.

I do have the Captive Portal detection mechanism bypass option ticked, so I'm 
not sure why this is still receiving a redirect.

Cheers,
Andi

From: Morris, Andi [mailto:amor...@cardiffmet.ac.uk]
Sent: 08 July 2016 14:32
To: 
packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] sponsored access

As an update, this isn't happening with a laptop, so might be something to do 
with the Android device, but something is definitely stopping it communicating 
with whatever part of the internet it requires as soon as it is pending 
approval.

Maybe a particular entry needs to be added to the captive portal detection for 
this OS version?

Cheers,
Andi

From: Morris, Andi [mailto:amor...@cardiffmet.ac.uk]
Sent: 07 July 2016 15:15
To: 
packetfence-users@lists.sourceforge.net
Subject: [PacketFence-users] sponsored access

Hi all,
I'm having trouble with my sponsored guest access where the registration isn't 
completing until the guest node leaves and then reconnects to the captive 
portal, when packetfence then sees the registered mac address and puts the node 
in the correct vlan.

This doesn't seem to be happening with my email registered guests.

Log snippet of the point until the registration process halts:
Jul 07 14:39:20 httpd.portal(22569) WARN: [mac:unknown] Unable to match MAC 
address to IP '192.168.42.42' (pf::iplog::ip2mac)
Jul 07 14:39:20 httpd.portal(22569) INFO: [mac:unknown] Instantiate profile 
default (pf::Portal::ProfileFactory::_from_profile)
Jul 07 14:39:20 httpd.portal(22569) WARN: [mac:unknown] Unable to match MAC 
address to IP '192.168.42.42' (pf::iplog::ip2mac)
Jul 07 14:39:20 httpd.portal(22569) WARN: [mac:0] Unable to match MAC address 
to IP '192.168.42.42' (pf::iplog::ip2mac)
Jul 07 14:39:20 httpd.portal(22569) INFO: [mac:0] Instantiate profile default 
(pf::Portal::ProfileFactory::_from_profile)
Jul 07 14:39:20 httpd.portal(22569) WARN: [mac:0] Unable to match MAC address 
to IP '192.168.42.42' (pf::iplog::ip2mac)
Jul 07 14:39:20 httpd.portal(22569) INFO: [mac:0] Instantiate profile default 
(pf::Portal::ProfileFactory::_from_profile)
Jul 07 14:39:20 httpd.portal(22569) INFO: [mac:0] [cc:fa:00:f4:4a:c3] 
Activation code sent to email 
amor...@cardiffmet.ac.uk from 
andi.mor...@gmail.com successfully verified.  for 
activation type: sponsor (pf::activation::validate_code)
Jul 07 14:39:20 httpd.portal(22569) INFO: [mac:0] Sponsor needs to authenticate 
in order to activate guest. Guest token: 3386be07684696d271b7f891b6a729d7 
(captiveportal::PacketFence::Controller::Activate::Email::doSponsorRegistration)
Jul 07 14:39:31 httpd.portal(22552) INFO: [mac:unknown] Memory configuration is 
not valid