Thank you very much for your reply Fernando! I am very much looking forward to your tutorial. There are several resources to translate that along with pictures would be quite helpful. I also did it with /captive-portal. I do have roles in both. I effectively just use registration and guest currently. I will retry with COA on. I assume I have my roles setup correctly in Aruba, these are actually access lists or ACLs right?
Kind Regards, Jeremy Yoke Info Tech Manager TREALITY® Simulation Visual Systems From: Fernando Pimenta via PacketFence-users <[email protected]> Sent: Wednesday, August 11, 2021 9:07 AM To: [email protected] Cc: Fernando Pimenta <[email protected]> Subject: Re: [PacketFence-users] Aruba IAP Hi Jeremy, I managed to get Aruba IAP working with packetfence CP. I'm preparing a small tutorial (in Portuguese, but with many images showing the configs). I had to create roles in PF and roles in IAP, and mapping these roles. I've used role-based authentication and CoA. But the URL I use is not the same as yours. I've put /captive-portal in the field. Best regards, Fernando Pimenta On Wed, Aug 11, 2021 at 5:12 AM Jeremy Yoke via PacketFence-users <[email protected]<mailto:[email protected]>> wrote: Hello All, I have searched through the archives and see I have a similar problem, but none of the answers seem to help or they end in seemingly no conclusion. I have a new install of Packetfence 10.2 on Debian 9.13 (Stretch). I am struggling with getting the captive portal working in a solid manner with my IAPs (Aruba IAP-225) v6.5.4 (has a Virtual Controller) The captive portal works when I use URL http://my.ip.add/Aruba<https://us-east-2.protection.sophos.com?d=my.ip.add&u=aHR0cDovL215LmlwLmFkZC9BcnViYQ==&i=NjBhNGUxYjg5YzEyNDkwZTllOGRmYTI2&t=SlJHUXJidDNhRUZIU3hyVkpTVWhiTTZDbEljVlVjbG5CaHk3am5GOWJUOD0=&h=be552bdf7b724fce9b1bc74ab56ebd25> , but it shows Not Implemented when I use http://my.ip.add/Aruba::Instant_Access<https://us-east-2.protection.sophos.com?d=my.ip.add&u=aHR0cDovL215LmlwLmFkZC9BcnViYTo6SW5zdGFudF9BY2Nlc3M=&i=NjBhNGUxYjg5YzEyNDkwZTllOGRmYTI2&t=bnU3SjFLQ2lvNUMyVTFYZmZZeXd2RlJISEpTazM2aE1MZmVpWDhrcm5aWT0=&h=be552bdf7b724fce9b1bc74ab56ebd25> With the /Aruba URL I am able to register and login, it unfortunately does not assign my role. In the auditing it says it gets no response - Reply-Message = Error - Timeout If I disconnect and reconnect I am fully connected and the internet works as it should. I believe however that having to disconnect and re-connect is not an efficient method. I have tried with COA, without COA, With a controller IP and without. Deauthentication method as Blank and as RADIUS as well as several of these combinations. I maybe missing the right ones. Anyone have a full write up on the configuration or fields that need to be filled on PF? Unfortunately the guide does not cover captive portal with Instant Access. Also a config for the IAP? Switches.conf [10.1.145.100] group=Aruba_IAP description=Aruba VC [10.1.145.105] group=Aruba_IAP description=Operations [group Aruba_IAP] type=Aruba::Instant_Access radiusSecret=mysecret description=Aruba Wireless AP VoIPDHCPDetect=N defaultRole=Test registrationRole=registration RoleMap=Y registrationUrl=http://10.1.145.113/Aruba::Instant_Access guestRole=guest ExternalPortalEnforcement=Y guestAccessList=guest AccessListMap=Y registrationAccessList=registration defaultAccessList=Test VlanMap=N UrlMap=Y useCoA=N On IAP this is what I have: wlan access-rule registration Some settings/rules wlan access-rule guest Some Settings/rules wlan auth-server packetfencer ip 10.1.145.113 port 1812 acctport 1813 retry-count 5 key ***************** rfc3576 cppm-rfc3576-port 5999 wlan ssid-profile Test enable index 3 type guest essid Some-Guest opmode opensystem max-authentication-failures 0 vlan 159 auth-server packetfencer set-role-pre-auth registration rf-band all captive-portal external profile packetfencep mac-authentication dtim-period 1 broadcast-filter arp radius-accounting dmo-channel-utilization-threshold 90 local-probe-req-thresh 0 max-clients-threshold 64 wlan external-captive-portal packetfencep server 10.1.145.113 port 80 url "/Aruba" auth-text "" redirect-url https://www.myinternetpage.com/<https://us-east-2.protection.sophos.com?d=myinternetpage.com&u=aHR0cHM6Ly93d3cubXlpbnRlcm5ldHBhZ2UuY29tLw==&i=NjBhNGUxYjg5YzEyNDkwZTllOGRmYTI2&t=WVAwdmxzbldpQk55c1VLUnZxLzlEYWR5L2ZDWDVtN2JGRHlCTlp1RHVhWT0=&h=be552bdf7b724fce9b1bc74ab56ebd25> auto-whitelist-disable server-offload Jeremy Yoke Info Tech Manager TREALITY® Simulation Visual Systems 600 Bellbrook Ave. Xenia, Ohio 45385 Direct Tel: +1 (937) 736 2215 Cell: +1 (937) 901 5684 [email protected]<mailto:[email protected]> www.TREALITYSVS.com<http://www.trealitysvs.com/> Follow us on [cid:[email protected]] <https://us-east-2.protection.sophos.com/?d=linkedin.com&u=aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2NvbXBhbnkvZXN0ZXJsaW5lLXN2cw==&i=NjBhNGUxYjg5YzEyNDkwZTllOGRmYTI2&t=dFNXVE9hd0lVNElXWUpvcTd5em9IWGlWYUcxaW5FejN0Tk01Nlc0eXlnND0=&h=be552bdf7b724fce9b1bc74ab56ebd25> _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://us-east-2.protection.sophos.com?d=sourceforge.net&u=aHR0cHM6Ly9saXN0cy5zb3VyY2Vmb3JnZS5uZXQvbGlzdHMvbGlzdGluZm8vcGFja2V0ZmVuY2UtdXNlcnM=&i=NjBhNGUxYjg5YzEyNDkwZTllOGRmYTI2&t=UGNnWnh2eUxmclJwWkR5Y2RSeUthVmlveW5SR0Z3SnYzSVJjZUVjblpxWT0=&h=be552bdf7b724fce9b1bc74ab56ebd25>
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
