Hello Jorge, i will have a look closer. But i have a question, when the device is forwarded to the captive portal, (just before https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin) , what is the url ? You should be able to see it in the haproxy-portal.log file.
Regards Fabrice Le mer. 2 févr. 2022 à 10:18, Jorge Nolla <jno...@gmail.com> a écrit : > Hi Fabrice, > > > We almost have the configuration working, but are not sure how to get the > redirect to the client to work correctly. Attached is the documentation for > Cisco ISE which we used for PacketFence as well. > > Portal.fispy.mx is the Huawei AC. > > This is the format the client should get from PacketFence. This is the > only piece we are missing for this to work. > > https://portal.fispy.mx:8443/login?username=($username)&password=($password) > > > If we manually click on the link above, then the flow of traffic works > correctly CLIENT > AC > RADIUS (PacketFence), and authentication works. The > problem is that when the user logs in to the portal the redirect is broken. > The parameter for the redirect that PacketFence is serving, comes from a > configuration parameter within the AC. This configuration works fine for > Cisco ISE, but the URL format is not working for PacketFence. > > > When we configure the redirect this is what the client is getting from > PacketFence > > https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin > > > url-template name PacketFence > url https://wifi.fispy.mx/captive-portal > url-parameter login-url switch_url https://portal.fispy.mx:8443/login > <<< THIS IS THE PARAMETER FOR THE REDIRECT TO PACKETFENCE > > > > AC CONFIG > > authentication-profile name PacketFence > portal-access-profile PacketFence > free-rule-template default_free_rule > authentication-scheme PacketFence > accounting-scheme PacketFence > radius-server PacketFence > force-push url https://www.fispy.mx > > radius-server template PacketFence > radius-server shared-key cipher %^%#*)l=:1.X-Yd$\<~orEF@ > ]<}NMejv3)E^\6;7:NUY%^%# > radius-server authentication 10.0.255.99 1812 source ip-address > 10.7.255.2 weight 90 > radius-server accounting 10.0.255.99 1813 source ip-address 10.7.255.2 > weight 80 > undo radius-server user-name domain-included > calling-station-id mac-format unformatted > called-station-id wlan-user-format ac-mac > radius-server attribute translate > radius-attribute disable HW-NAS-Startup-Time-Stamp send > radius-attribute disable HW-IP-Host-Address send > radius-attribute disable HW-Connect-ID send > radius-attribute disable HW-Version send > radius-attribute disable HW-Product-ID send > radius-attribute disable HW-Domain-Name send > radius-attribute disable HW-User-Extend-Info send > > url-template name PacketFence > url https://wifi.fispy.mx/captive-portal > url-parameter login-url switch_url https://portal.fispy.mx:8443/login > <<< THIS IS THE PARAMETER FOR THE REDIRECT TO PACKETFENCE > > web-auth-server PacketFence > server-ip 10.0.255.99 > port 443 > url-template PacketFence > protocol http > http get-method enable > > portal-access-profile name PacketFence > web-auth-server PacketFence direct > > > authentication-scheme PacketFence > authentication-mode radius > > wlan > security-profile name FISPY-WiFi > > vap-profile name FISPY-WiFi > service-vlan vlan-id 900 > permit-vlan vlan-id 900 > ssid-profile FISPY-WiFi > security-profile FISPY-WiFi > authentication-profile PacketFence > sta-network-detect disable > service-experience-analysis enable > mdns-snooping enable > > > > > ###CISCO ISE CONFIG TO COMPARE### > > url-template name CISCO-ISE > url > https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02 > parameter start-mark # > url-parameter login-url switch_url https://portal.fispy.mx:8443/login > > #################################### > > > > > > > On Feb 2, 2022, at 6:17 AM, Fabrice Durand <oeufd...@gmail.com> wrote: > > Hello Jorge, > > do you have any Huawei documentation to implement that ? > > Regards > Fabrice > > > Le mer. 26 janv. 2022 à 15:59, Jorge Nolla via PacketFence-users < > packetfence-users@lists.sourceforge.net> a écrit : > >> Hi Team, >> >> We were wondering if anyone has had any success in configuring Web Auth >> for the Huawei AC? It’s somewhat critical for us to get this going. >> >> Thank you! >> Jorge >> >> _______________________________________________ >> PacketFence-users mailing list > > PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > > > >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
