you might want to check /usr/local/pg/logs for the file httpd.portal.access and look for the string rfc7710 in there...
(and sorry, its RFC 7710bis, not 7720bis) *Diego Garcia del Rio* | CTO | Mediatel S.A. | Tel: +54 11 5218 0463 (x103) | Cel: +54 9 11 4530-4697 | www.mediatel.com.ar | Juan Carlos Cruz 2360 – 4B (1636), Vicente López, Buenos Aires, Argentina | https://goo.gl/maps/NZCFPwVkFFf14cR67 On Wed, 7 Jul 2021 at 19:45, Diego García del Río <dgar...@mediatel.com.ar> wrote: > Hi.. I asume you're running your portal on https? release 10.2 had > introduced dhcp-based portal discovery (RFC 7720bis support) and apple > devices, most of which should be running a 2020 or newer os, should support > it. if you can capture traffic on the portal interface on your cluster, you > should see that the url for packetfence should be returned in a dhcp > option (that finishes in "/rfc7710"). I believe the logs might show it (but > only maybe in debug level) > > the clients then query that url. Can you check if the proper, > load-balanced url is being returned? > > somehow maybe the device is failing to contact the /rfc7710 endpoint or > something, like the client being authenticated is being returned and thus > the apple device think its logged in? > > its a wild guess.. but it would be one option why you see this on apple > devices. > > (newer windows releases should support it as well, but not 100% sure when > /what release it would be). Android 11 also added support, but of course, > there you have a much more fragmented ecosystem and i haven't seen > non-google devices implementing it yet. > > > > > *Diego Garcia del Rio* | CTO | Mediatel S.A. | Tel: +54 11 5218 0463 > (x103) | Cel: +54 9 11 4530-4697 | www.mediatel.com.ar | Juan Carlos Cruz > 2360 – 4B (1636), Vicente López, Buenos Aires, Argentina | > https://goo.gl/maps/NZCFPwVkFFf14cR67 > > > On Wed, 7 Jul 2021 at 18:35, Sallee, Jake via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > >> Hello all! >> >> This is a strange one and I hope someone out there has faced this demon >> before and can help. >> >> We are running PF 10.3 (with latest maintenance patches) in a 3 node >> cluster. >> >> TLDR: Captive portal issues on iPhones and some mobile devices, cant >> find any reason in the logs as to why it would be happening. Started >> happening out of the blue, updated to 10.3 and applied all patches but >> nothing helped. >> >> Long version: >> >> The issue seems to be centered around WiFi on iPhones and some mobile >> computers (laptops, tables, etc) where some are Apple products and some are >> not. Android phones seem not to be affected. >> >> When an unregistered endpoint is assigned an IP in the registration >> network the device notices the captive portal and tries to open a browser >> window to facilitate the registration process. >> >> However this is where things begin to go wrong. >> >> Some of the time the page does not load at all, after a brief wait of >> perhaps 7 seconds, the mobile browser generates an error saying the page >> cannot be loaded. When the error is dismissed the browser automatically >> closes and the user is dumped to the home screen on their device. >> >> Sometimes it does load but the custom logo is not displayed (loads a >> broken jpg). Sometimes the page loads as plain text and no CSS. >> >> If the page does load enough for the user to accept the AUP and fill out >> the registration form. When the user submits the form, however the same >> browser error is displayed and the user id bounced out of the browser app. >> >> If the error occurs AFTER submitting the registration form, the device >> still shows as unregistered in PF. However, if the user rejoins the >> network the captive portal page will be presented but it will be the >> enabling access page with the progress bar (and a still broken jpg). >> Interestingly, the device will now show as registered in PF and will have >> the correct role assigned. >> >> I have been scouring the logs and can?t seem to find any entries that >> would point to a cause. Desktops and Laptops with full OS on them do not >> seem to have the issue. >> >> Any help would be greatly appreciated. >> >> Jake Sallee >> Godfather of Bandwidth >> System Engineer and Security Specialist >> University of Mary Hardin-Baylor >> WWW.UMHB.EDU >> >> 900 College St. >> Belton, Texas >> 76513 >> >> Fone: 254-295-4658 >> Phax: 254-295-4221 >> >> >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users