Re: [PacketFence-users] Packetfence 7.3.0 Captive Portal Cisco WLC 8540 software version 8.10.105.0
acketfence 7.3.0 Captive Portal Cisco WLC 8540 software version 8.10.105.0 Ok so try that first: https://github.com/inverse-inc/packetfence/blob/packetfence-7.3.0/lib/pf/Switch/Cisco/WLC.pm#L608<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Finverse-inc%2Fpacketfence%2Fblob%2Fpacketfence-7.3.0%2Flib%2Fpf%2FSwitch%2FCisco%2FWLC.pm%23L608=02%7C01%7CAdrianDay%40srswales.com%7C2195e4abb40c422306a508d77cda0977%7C2c4d0079c52c4bb3b3cad8eaf1b6b7d5%7C0%7C0%7C637115148224850171=Iuaf%2BOHe1zK%2FpVMn3Hxx8zcdY4mX7YGA9E%2FRQAp2uwc%3D=0> From: return unless ($uri =~ /.*sid(.*[^\/])/); to: return unless ($uri =~ /.*sid(.*[^\/&])/); then restart httpd.portal and let me know if it's ok. Regards Fabrice Le 19-12-03 à 09 h 24, Day, Adrian a écrit : Hi Fabrice, Thank you so much for your reply. I can confirm that the registration url on the switch is - http://172.16.207.67/Cisco::WLC<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2F172.16.207.67%2FCisco%3A%3AWLC=02%7C01%7CAdrianDay%40srswales.com%7C2195e4abb40c422306a508d77cda0977%7C2c4d0079c52c4bb3b3cad8eaf1b6b7d5%7C0%7C0%7C637115148224860164=Zbw1r4%2FEBtx5NExh0zRJrQhLys469HwiAMJN0Jan4SY%3D=0> I can then confirm that the Radius Attributes are: Cisco-AVPair = "url-redirect-acl=Pre-Auth-For-WebRedirect" Cisco-AVPair = "url-redirect=http://172.16.207.67/Cisco::WLC/sid3b70dc<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2F172.16.207.67%2FCisco%3A%3AWLC%2Fsid3b70dc=02%7C01%7CAdrianDay%40srswales.com%7C2195e4abb40c422306a508d77cda0977%7C2c4d0079c52c4bb3b3cad8eaf1b6b7d5%7C0%7C0%7C637115148224860164=sPvEn%2FltDCtQhw6%2FfkVPZD8XRKHTKmbCX1mZbpmAUyM%3D=0>" Which are correct as it works on the older IOS version of the Cisco WLC's. The issue occurs when the user/client then gets redirected to the portal login page and it adds the following on the URL (highlighted in red): http://172.16.207.67/sid3b70dc=www.msftconnecttest.com/redirect<http://portal_ip/sid15bcfe=www.msftconnecttest.com/redirect> If I change the & symbol to a ? symbol manually on the clients browser it successfully redirects them to the Captive Portal Login Page. Cisco helped me identify the issue along with them stating it is due to the new Cisco WLC IOS version since 8.5 I believe. They gave me a fix of the below which if possible they asked me to add Packetfence fixURL( char *URLstring ) { int i, l; l = strlen( URLstring ); for( i = 0; i < l; i++) { if ( URLstring[i] == '?' ) break; if ( URLstring[i] == '&' ) { URLstring[i] = '?'; break; } return; } The above means nothing to me as I am not a coder. Which is why I have my fingers crossed that you will be able to help. I appreciated any assistance you can offer as currently our Wireless Guest System is broken. Thanks Adrian [X] Adrian Day Network Architect & Team Leader / Pensaer Rhwydwaith ac Arweinydd Tîm SRS Shared Resource Service / Gwasanaeth Rhannu Adnoddau Phone/Ffôn: +44 (0) 1633 62 4123, 07852842009 Email/Ebost: adrian...@srswales.com<mailto:adrian...@srswales.com> Rydym yn croesawu gohebiaeth yn Gymraeg a Saesneg. Cewch ateb Cymraeg i bob gohebiaeth yn Gymraeg ac ni fydd yn arwain i unrhyw oedi. GRhA Gwasanaeth Rhannu Adnoddau, Tŷ Cyd 2, Stad Ddiwydiannol Gilchrist Thomas, Blaenafon, NP4 9RL We welcome correspondence in Welsh and English. Correspondence received in Welsh will be answered in Welsh and will not lead to any delay. SRS Shared Resource Service, Ty Cyd 2, Gilchrist Thomas Ind. Est, Blaenavon, NP4 9RL From: Fabrice Durand via PacketFence-users <mailto:packetfence-users@lists.sourceforge.net> Sent: 03 December 2019 13:50 To: packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> <mailto:packetfence-users@lists.sourceforge.net> Cc: Fabrice Durand <mailto:fdur...@inverse.ca> Subject: Re: [PacketFence-users] Packetfence 7.3.0 Captive Portal Cisco WLC 8540 software version 8.10.105.0 Hello Adrian, can you check in the radius audit log (check the radius tab in the audit log entry.) what is the value of the cisco-vsa url-redirect attribute ? Regards Fabrice Le 19-12-02 à 10 h 07, Day, Adrian via PacketFence-users a écrit : Hello, I was wondering if somebody could help me please. We use Packetfence 7.3.0 Captive Portal with Cisco WLC 8540 software version 8.10.105.0. We were able to access the captive portal when using Cisco WLC software version 8.3.151 however after updating the software it does not work. I raised a Cisco TAC case who informed me that it is due to the redirection url. This issue now is that when the Packetfence Server recieves the URL: http://portal_ip/sid15bcfe=www.msftconnecttest.com/redirect not support erro
Re: [PacketFence-users] Packetfence 7.3.0 Captive Portal Cisco WLC 8540 software version 8.10.105.0
e they asked me to add Packetfence fixURL( char *URLstring ) { int i, l; l = strlen( URLstring ); for( i = 0; i < l; i++) { if ( URLstring[i] == '?' ) break; if ( URLstring[i] == '&' ) { URLstring[i] = '?'; break; } return; } The above means nothing to me as I am not a coder. Which is why I have my fingers crossed that you will be able to help. I appreciated any assistance you can offer as currently our Wireless Guest System is broken. Thanks Adrian [X] Adrian Day Network Architect & Team Leader / Pensaer Rhwydwaith ac Arweinydd Tîm SRS Shared Resource Service / Gwasanaeth Rhannu Adnoddau Phone/Ffôn: +44 (0) 1633 62 4123, 07852842009 Email/Ebost: adrian...@srswales.com<mailto:adrian...@srswales.com> Rydym yn croesawu gohebiaeth yn Gymraeg a Saesneg. Cewch ateb Cymraeg i bob gohebiaeth yn Gymraeg ac ni fydd yn arwain i unrhyw oedi. GRhA Gwasanaeth Rhannu Adnoddau, Tŷ Cyd 2, Stad Ddiwydiannol Gilchrist Thomas, Blaenafon, NP4 9RL We welcome correspondence in Welsh and English. Correspondence received in Welsh will be answered in Welsh and will not lead to any delay. SRS Shared Resource Service, Ty Cyd 2, Gilchrist Thomas Ind. Est, Blaenavon, NP4 9RL From: Fabrice Durand via PacketFence-users <mailto:packetfence-users@lists.sourceforge.net> Sent: 03 December 2019 13:50 To: packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> <mailto:packetfence-users@lists.sourceforge.net> Cc: Fabrice Durand <mailto:fdur...@inverse.ca> Subject: Re: [PacketFence-users] Packetfence 7.3.0 Captive Portal Cisco WLC 8540 software version 8.10.105.0 Hello Adrian, can you check in the radius audit log (check the radius tab in the audit log entry.) what is the value of the cisco-vsa url-redirect attribute ? Regards Fabrice Le 19-12-02 à 10 h 07, Day, Adrian via PacketFence-users a écrit : Hello, I was wondering if somebody could help me please. We use Packetfence 7.3.0 Captive Portal with Cisco WLC 8540 software version 8.10.105.0. We were able to access the captive portal when using Cisco WLC software version 8.3.151 however after updating the software it does not work. I raised a Cisco TAC case who informed me that it is due to the redirection url. This issue now is that when the Packetfence Server recieves the URL: http://portal_ip/sid15bcfe=www.msftconnecttest.com/redirect not support error 501 Cisco has said that this error is due to the "&" symbol within the URL. They say that this should be changed to a "?" symbol. If I change the URL manually on the browser it does work if I change it to a "?" (Then provides the captive portal login page) My programming skill are very poor and I have found no way to alter any code within packetfence for this to happen automatically. Could any of you please advise how I change this within packetfence? Also could you please advise whether this is a known bug and if fixed in a newer version of packetfence? Thanks Adrian [X] Adrian Day Network Architect & Team Leader / Pensaer Rhwydwaith ac Arweinydd Tîm SRS Shared Resource Service / Gwasanaeth Rhannu Adnoddau Phone/Ffôn: +44 (0) 1633 62 4123, 07852842009 Email/Ebost: adrian...@srswales.com<mailto:adrian...@srswales.com> Rydym yn croesawu gohebiaeth yn Gymraeg a Saesneg. Cewch ateb Cymraeg i bob gohebiaeth yn Gymraeg ac ni fydd yn arwain i unrhyw oedi. GRhA Gwasanaeth Rhannu Adnoddau, Tŷ Cyd 2, Stad Ddiwydiannol Gilchrist Thomas, Blaenafon, NP4 9RL We welcome correspondence in Welsh and English. Correspondence received in Welsh will be answered in Welsh and will not lead to any delay. SRS Shared Resource Service, Ty Cyd 2, Gilchrist Thomas Ind. Est, Blaenavon, NP4 9RL ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users=02%7C01%7CAdrianDay%40srswales.com%7C5711b3e0db6e499ffb1008d777ff48df%7C2c4d0079c52c4bb3b3cad8eaf1b6b7d5%7C0%7C0%7C637109810644058908=6ZSBLiiXuuqPJgI79rJXFmfdJy4pZSoVNh2%2FvVFnoAc%3D=0> -- Fabrice Durand fdur...@inverse.ca<mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) :: www.inverse.ca<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.inverse.ca=02%7C01%7CAdrianDay%40srswales.com%7C5711b3e0db6e499ffb1008d777ff48df%7C2c4d0079c52c4bb3b3cad8eaf1b6b7d5%7C0%7C0%7C637109810644068865=%2BGJ8zk8JdPSpU4eVM1%2Fo%2BqgujQfGtRcPs2zVNEaSqUU%3D=0> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu<https://eur03.safelinks.prote
Re: [PacketFence-users] Packetfence 7.3.0 Captive Portal Cisco WLC 8540 software version 8.10.105.0
mber 2019 13:50 To: packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> <mailto:packetfence-users@lists.sourceforge.net> Cc: Fabrice Durand <mailto:fdur...@inverse.ca> Subject: Re: [PacketFence-users] Packetfence 7.3.0 Captive Portal Cisco WLC 8540 software version 8.10.105.0 Hello Adrian, can you check in the radius audit log (check the radius tab in the audit log entry.) what is the value of the cisco-vsa url-redirect attribute ? Regards Fabrice Le 19-12-02 à 10 h 07, Day, Adrian via PacketFence-users a écrit : Hello, I was wondering if somebody could help me please. We use Packetfence 7.3.0 Captive Portal with Cisco WLC 8540 software version 8.10.105.0. We were able to access the captive portal when using Cisco WLC software version 8.3.151 however after updating the software it does not work. I raised a Cisco TAC case who informed me that it is due to the redirection url. This issue now is that when the Packetfence Server recieves the URL: http://portal_ip/sid15bcfe=www.msftconnecttest.com/redirect not support error 501 Cisco has said that this error is due to the "&" symbol within the URL. They say that this should be changed to a "?" symbol. If I change the URL manually on the browser it does work if I change it to a "?" (Then provides the captive portal login page) My programming skill are very poor and I have found no way to alter any code within packetfence for this to happen automatically. Could any of you please advise how I change this within packetfence? Also could you please advise whether this is a known bug and if fixed in a newer version of packetfence? Thanks Adrian [X] Adrian Day Network Architect & Team Leader / Pensaer Rhwydwaith ac Arweinydd Tîm SRS Shared Resource Service / Gwasanaeth Rhannu Adnoddau Phone/Ffôn: +44 (0) 1633 62 4123, 07852842009 Email/Ebost: adrian...@srswales.com<mailto:adrian...@srswales.com> Rydym yn croesawu gohebiaeth yn Gymraeg a Saesneg. Cewch ateb Cymraeg i bob gohebiaeth yn Gymraeg ac ni fydd yn arwain i unrhyw oedi. GRhA Gwasanaeth Rhannu Adnoddau, Tŷ Cyd 2, Stad Ddiwydiannol Gilchrist Thomas, Blaenafon, NP4 9RL We welcome correspondence in Welsh and English. Correspondence received in Welsh will be answered in Welsh and will not lead to any delay. SRS Shared Resource Service, Ty Cyd 2, Gilchrist Thomas Ind. Est, Blaenavon, NP4 9RL ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users=02%7C01%7CAdrianDay%40srswales.com%7C5711b3e0db6e499ffb1008d777ff48df%7C2c4d0079c52c4bb3b3cad8eaf1b6b7d5%7C0%7C0%7C637109810644058908=6ZSBLiiXuuqPJgI79rJXFmfdJy4pZSoVNh2%2FvVFnoAc%3D=0> -- Fabrice Durand fdur...@inverse.ca<mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) :: www.inverse.ca<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.inverse.ca=02%7C01%7CAdrianDay%40srswales.com%7C5711b3e0db6e499ffb1008d777ff48df%7C2c4d0079c52c4bb3b3cad8eaf1b6b7d5%7C0%7C0%7C637109810644068865=%2BGJ8zk8JdPSpU4eVM1%2Fo%2BqgujQfGtRcPs2zVNEaSqUU%3D=0> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sogo.nu=02%7C01%7CAdrianDay%40srswales.com%7C5711b3e0db6e499ffb1008d777ff48df%7C2c4d0079c52c4bb3b3cad8eaf1b6b7d5%7C0%7C0%7C637109810644068865=JuAVg0%2BwYiqftVdps4ZsaHWTrNdpovmsJMqNcr5C5Dc%3D=0>) and PacketFence (http://packetfence.org<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpacketfence.org=02%7C01%7CAdrianDay%40srswales.com%7C5711b3e0db6e499ffb1008d777ff48df%7C2c4d0079c52c4bb3b3cad8eaf1b6b7d5%7C0%7C0%7C637109810644068865=QqbFdZenB%2BVfL%2Fpz%2Bxa%2B3NyyfMHB%2FGVOAn1e%2FqimFBI%3D=0>) -- Fabrice Durand fdur...@inverse.ca<mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) :: www.inverse.ca<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.inverse.ca=02%7C01%7CAdrianDay%40srswales.com%7C5711b3e0db6e499ffb1008d777ff48df%7C2c4d0079c52c4bb3b3cad8eaf1b6b7d5%7C0%7C0%7C637109810644078821=HRADwtPjKSiGct%2F9gzKosI9zPOTJRrZmf1pQzfv0BD0%3D=0> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sogo.nu=02%7C01%7CAdrianDay%40srswales.com%7C5711b3e0db6e499ffb1008d777ff48df%7C2c4d0079c52c4bb3b3cad8eaf1b6b7d5%7C0%7C0%7C637109810644078821=M5ZNeOcMjXvogQ1ksvU8nYq3acxbH5zR9rizL9uO5bs%3D=0>) and PacketFence (http://packetfence.org<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpacketfence.org=02%7C01%7CAdrianDay%40srswales.com%7C5711b3e0db6e499ffb1008d777ff48df%7C2c4d007
Re: [PacketFence-users] Packetfence 7.3.0 Captive Portal Cisco WLC 8540 software version 8.10.105.0
Hi Fabrice, Thank you so much for your reply. I can confirm that the registration url on the switch is - http://172.16.207.67/Cisco::WLC I can then confirm that the Radius Attributes are: Cisco-AVPair = "url-redirect-acl=Pre-Auth-For-WebRedirect" Cisco-AVPair = "url-redirect=http://172.16.207.67/Cisco::WLC/sid3b70dc; Which are correct as it works on the older IOS version of the Cisco WLC's. The issue occurs when the user/client then gets redirected to the portal login page and it adds the following on the URL (highlighted in red): http://172.16.207.67/sid3b70dc=www.msftconnecttest.com/redirect<http://portal_ip/sid15bcfe=www.msftconnecttest.com/redirect> If I change the & symbol to a ? symbol manually on the clients browser it successfully redirects them to the Captive Portal Login Page. Cisco helped me identify the issue along with them stating it is due to the new Cisco WLC IOS version since 8.5 I believe. They gave me a fix of the below which if possible they asked me to add Packetfence fixURL( char *URLstring ) { int i, l; l = strlen( URLstring ); for( i = 0; i < l; i++) { if ( URLstring[i] == '?' ) break; if ( URLstring[i] == '&' ) { URLstring[i] = '?'; break; } return; } The above means nothing to me as I am not a coder. Which is why I have my fingers crossed that you will be able to help. I appreciated any assistance you can offer as currently our Wireless Guest System is broken. Thanks Adrian [X] Adrian Day Network Architect & Team Leader / Pensaer Rhwydwaith ac Arweinydd Tîm SRS Shared Resource Service / Gwasanaeth Rhannu Adnoddau Phone/Ffôn: +44 (0) 1633 62 4123, 07852842009 Email/Ebost: adrian...@srswales.com<mailto:adrian...@srswales.com> Rydym yn croesawu gohebiaeth yn Gymraeg a Saesneg. Cewch ateb Cymraeg i bob gohebiaeth yn Gymraeg ac ni fydd yn arwain i unrhyw oedi. GRhA Gwasanaeth Rhannu Adnoddau, Tŷ Cyd 2, Stad Ddiwydiannol Gilchrist Thomas, Blaenafon, NP4 9RL We welcome correspondence in Welsh and English. Correspondence received in Welsh will be answered in Welsh and will not lead to any delay. SRS Shared Resource Service, Ty Cyd 2, Gilchrist Thomas Ind. Est, Blaenavon, NP4 9RL From: Fabrice Durand via PacketFence-users Sent: 03 December 2019 13:50 To: packetfence-users@lists.sourceforge.net Cc: Fabrice Durand Subject: Re: [PacketFence-users] Packetfence 7.3.0 Captive Portal Cisco WLC 8540 software version 8.10.105.0 Hello Adrian, can you check in the radius audit log (check the radius tab in the audit log entry.) what is the value of the cisco-vsa url-redirect attribute ? Regards Fabrice Le 19-12-02 à 10 h 07, Day, Adrian via PacketFence-users a écrit : Hello, I was wondering if somebody could help me please. We use Packetfence 7.3.0 Captive Portal with Cisco WLC 8540 software version 8.10.105.0. We were able to access the captive portal when using Cisco WLC software version 8.3.151 however after updating the software it does not work. I raised a Cisco TAC case who informed me that it is due to the redirection url. This issue now is that when the Packetfence Server recieves the URL: http://portal_ip/sid15bcfe=www.msftconnecttest.com/redirect not support error 501 Cisco has said that this error is due to the "&" symbol within the URL. They say that this should be changed to a "?" symbol. If I change the URL manually on the browser it does work if I change it to a "?" (Then provides the captive portal login page) My programming skill are very poor and I have found no way to alter any code within packetfence for this to happen automatically. Could any of you please advise how I change this within packetfence? Also could you please advise whether this is a known bug and if fixed in a newer version of packetfence? Thanks Adrian [X] Adrian Day Network Architect & Team Leader / Pensaer Rhwydwaith ac Arweinydd Tîm SRS Shared Resource Service / Gwasanaeth Rhannu Adnoddau Phone/Ffôn: +44 (0) 1633 62 4123, 07852842009 Email/Ebost: adrian...@srswales.com<mailto:adrian...@srswales.com> Rydym yn croesawu gohebiaeth yn Gymraeg a Saesneg. Cewch ateb Cymraeg i bob gohebiaeth yn Gymraeg ac ni fydd yn arwain i unrhyw oedi. GRhA Gwasanaeth Rhannu Adnoddau, Tŷ Cyd 2, Stad Ddiwydiannol Gilchrist Thomas, Blaenafon, NP4 9RL We welcome correspondence in Welsh and English. Correspondence received in Welsh will be answered in Welsh and will not lead to any delay. SRS Shared Resource Service, Ty Cyd 2, Gilchrist Thomas Ind. Est, Blaenavon, NP4 9RL ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-u