I am just not sure what to set for username and password, if you do sms auth then there is no password.
Also in the url it looks that it miss the mac address of the device , can you try to add device-mac and see if the device mac is in the url ? Here the first draft: https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff cd /usr/local/pf/ curl https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff | patch -p1 then restart packetfence. On the controller: url-template name PacketFence url https://wifi.fispy.mx/ <https://wifi.fispy.mx/captive-portal>Hawei url-parameter device-ip device-mac ac-ip user-ipaddress userip ssid ssid user-mac ap-mac So when the device will be forwarded to the portal it should be able to recognise the mac address and the ip of the device (in the bottom). Register on the portal and you should be forwarded to http:// $controller_ip:8443/login?username=bob&password=bob Let me know how it behave. Regards Fabrice Le dim. 6 févr. 2022 à 18:58, Jorge Nolla <jno...@gmail.com> a écrit : > Hi Fabrice > > This is the GET the AC is expecting: > > https://portal.fispy.mx:8443/login?username=($username)&password=($password) > > If successful it will return as per image below. If it fails the AC will > redirect back to the Portal > > > > Here is the configuration: > > url-template name PacketFence > url https://wifi.fispy.mx/captive-portal > url-parameter login-url destination_url > https://portal.fispy.mx:8443/login?username=($username)&password=($password) > > > HA Proxy output > > Feb 6 16:44:26 wifi haproxy[2427]: 10.9.70.173:52266 > [06/Feb/2022:16:44:26.153] portal-https-10.0.255.99~ 10.0.255.99-backend/ > 127.0.0.1 0/0/0/202/202 200 9003 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx} > "GET /captive-portal?destination_url= > https://portal.fispy.mx:8443/login?username=($username)&password=($password) > HTTP/1.1" > > Only problem is that PacketFence is not updating the dynamic values with > username and password for it to work > > AC = Access Controller. This manages the APs’ as they are operating in > Fit/Lightweight mode. > AP = Access Points. These are the actual radios. > > Best Regards, > Jorge > > > On Feb 6, 2022, at 4:40 PM, Fabrice Durand <oeufd...@gmail.com> wrote: > > Hello Jorge, > > i have what i need at least to be able to support the web-auth. > The only thing i am not sure is at the end of the registration process > what we are supposed to do. > > I will create a branch on github in order for you to test. (it will be an > update of the Huawei switch module). > > For information, what is the ac-ip ac-mac versus ap-ip ap-mac ? > > Regards > Fabrice > > > Le dim. 6 févr. 2022 à 18:30, Jorge Nolla <jno...@gmail.com> a écrit : > >> If I try to manually send the redirect in the browser here is what HA >> proxy records. This is a simple copy and paste in the browser and the >> output: >> >> https://wifi.fispy.mx/captive-portal?destination_url= >> https://portal.fispy.mx:8443/login?username=539z&password=0uf3 >> >> 4875 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx} "GET >> /captive-portal?destination_url= >> https://portal.fispy.mx:8443/login?username=539z&password=0uf3 HTTP/1.1" >> >> >> It doesn’t let it go through as it seems that is trying to validate >> network connectivity >> >> >> On Feb 6, 2022, at 4:07 PM, Jorge Nolla <jno...@gmail.com> wrote: >> >> Seems weird how the format of the URL is recorded/sent >> >> >> Here is a normal redirect, the url is formatted correctly, >> >> >> Feb 6 16:03:41 wifi haproxy[2427]: 10.99.1.20:63577 >> [06/Feb/2022:16:03:41.232] portal-https-10.0.255.99~ 10.0.255.99-backend/ >> 127.0.0.1 0/0/1/233/234 200 4910 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx} >> "GET /captive-portal?destination_url=https://www.fispy.mx/ HTTP/1.1" >> >> I’m not sure why the value sent by the AP has all the % and weird >> symbols >> destination%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >> <https://wifi.fispy.mx/captive-portal?switch_url=https://portal.fispy.mx:8443/login> >> >> >> On Feb 6, 2022, at 4:00 PM, Jorge Nolla <jno...@gmail.com> wrote: >> >> Hi Fabrice, >> >> Here are the options that can be added: >> >> [AirEngine9700-M1-url-template-PacketFence]url-parameter ? >> ap-group-name AP group name >> ap-ip AP IP address >> ap-location AP location >> ap-mac AP MAC address >> ap-name AP name >> device-ip Device IP address >> device-mac Device MAC address >> login-url Device's login URL provided to the external portal >> server >> mac-address Mac address >> redirect-url The url in user original http packet >> set Set >> ssid SSID >> sysname Device name >> user-ipaddress User IP address >> user-mac User MAC address >> >> >> url-template name PacketFence >> url https://wifi.fispy.mx/captive-portal >> url-parameter device-ip ac-ip user-ipaddress userip ssid ssid user-mac >> ap-mac >> >> >> 200 9003 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx} "GET >> /captive-portal?ac%2Dip=10%2E7%2E255%2E2&userip=10%2E9%2E70%2E173&ssid=FISPY%2DWiFi&ap%2Dmac=f02f4b1467d9 >> HTTP/1.1" >> >> >> If we do not specify the URL on this configuration, where would >> PacketFence get the value for the AC Web Authentication call? >> >> >> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >> >> Best Regards, >> Jorge >> >> On Feb 5, 2022, at 8:23 PM, Fabrice Durand <oeufd...@gmail.com> wrote: >> >> Hello Jorge, >> >> what we need is the user mac and the ap information. >> I found that >> https://support.huawei.com/enterprise/en/doc/EDOC1100008283/659354b1/display-url-template >> >> Is it possible to add extra parameters like user-mac ssid ap-ip ap-mac ? >> >> And if yes can you provide me the url generated by the controller when it >> redirect ? (haproxy-portal log) >> >> Regards >> Fabrice >> >> >> >> Le sam. 5 févr. 2022 à 20:42, Jorge Nolla <jno...@gmail.com> a écrit : >> >>> Hi Team, >>> >>> Any input on this? We really would like to get this to work. >>> >>> Thank you! >>> Jorge >>> >>> On Feb 2, 2022, at 7:48 PM, Jorge Nolla <jno...@gmail.com> wrote: >>> >>> Hi Fabrice, >>> >>> This is the sequence: >>> >>> Feb 2 14:51:32 wifi haproxy[2427]: 10.9.79.52:61132 >>> [02/Feb/2022:14:51:32.663] portal-http-10.0.255.99 10.0.255.99-backend/ >>> 127.0.0.1 0/0/0/201/201 200 7146 - - ---- 3/1/0/0/0 0/0 {wifi.fispy.mx} >>> "GET /access?lang= HTTP/1.1" >>> Feb 2 14:51:37 wifi haproxy[2427]: 10.9.79.52:61133 >>> [02/Feb/2022:14:51:37.905] portal-http-10.0.255.99 static/127.0.0.1 >>> 0/0/0/2/2 200 228 - - ---- 4/2/0/0/0 0/0 {10.0.255.99} "GET >>> /common/network-access-detection.gif?r=1643838705224 HTTP/1.1" >>> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61130 >>> [02/Feb/2022:14:51:43.927] portal-https-10.0.255.99~ 10.0.255.99-backend/ >>> 127.0.0.1 0/0/0/122/122 302 1018 - - ---- 4/1/0/0/0 0/0 {wifi.fispy.mx} >>> "GET >>> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>> HTTP/1.1" >>> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61132 >>> [02/Feb/2022:14:51:44.060] portal-http-10.0.255.99 10.0.255.99-backend/ >>> 127.0.0.1 0/0/0/129/129 200 7146 - - ---- 4/2/0/0/0 0/0 {wifi.fispy.mx} >>> "GET /access?lang= HTTP/1.1" >>> Feb 2 14:51:49 wifi haproxy[2427]: 10.9.79.52:61133 >>> [02/Feb/2022:14:51:49.219] portal-http-10.0.255.99 static/127.0.0.1 >>> 0/0/0/1/1 200 228 - - ---- 4/2/0/0/0 0/0 {10.0.255.99} "GET >>> /common/network-access-detection.gif?r=1643838716546 HTTP/1.1" >>> Feb 2 14:51:55 wifi haproxy[2427]: 10.9.79.52:61130 >>> [02/Feb/2022:14:51:55.287] portal-https-10.0.255.99~ 10.0.255.99-backend/ >>> 127.0.0.1 0/0/0/136/136 302 1018 - - ---- 4/1/0/0/0 0/0 {wifi.fispy.mx} >>> "GET >>> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>> HTTP/1.1” >>> >>> >>> >>> On Feb 2, 2022, at 7:12 PM, Fabrice Durand <oeufd...@gmail.com> wrote: >>> >>> Hello Jorge, >>> >>> i will have a look closer. >>> But i have a question, when the device is forwarded to the captive >>> portal, (just before >>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>> <https://wifi.fispy.mx/captive-portal?switch_url=https://portal.fispy.mx:8443/login>) >>> , what is the url ? >>> You should be able to see it in the haproxy-portal.log file. >>> >>> Regards >>> Fabrice >>> >>> Le mer. 2 févr. 2022 à 10:18, Jorge Nolla <jno...@gmail.com> a écrit : >>> >>>> Hi Fabrice, >>>> >>>> >>>> We almost have the configuration working, but are not sure how to get >>>> the redirect to the client to work correctly. Attached is the documentation >>>> for Cisco ISE which we used for PacketFence as well. >>>> >>>> Portal.fispy.mx <http://portal.fispy.mx/> is the Huawei AC. >>>> >>>> This is the format the client should get from PacketFence. This is the >>>> only piece we are missing for this to work. >>>> >>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >>>> >>>> >>>> If we manually click on the link above, then the flow of traffic works >>>> correctly CLIENT > AC > RADIUS (PacketFence), and authentication works. The >>>> problem is that when the user logs in to the portal the redirect is broken. >>>> The parameter for the redirect that PacketFence is serving, comes from a >>>> configuration parameter within the AC. This configuration works fine for >>>> Cisco ISE, but the URL format is not working for PacketFence. >>>> >>>> >>>> When we configure the redirect this is what the client is getting from >>>> PacketFence >>>> >>>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>>> >>>> >>>> url-template name PacketFence >>>> url https://wifi.fispy.mx/captive-portal >>>> url-parameter login-url switch_url https://portal.fispy.mx:8443/login >>>> <<< THIS IS THE PARAMETER FOR THE REDIRECT TO PACKETFENCE >>>> >>>> >>>> >>>> AC CONFIG >>>> >>>> authentication-profile name PacketFence >>>> portal-access-profile PacketFence >>>> free-rule-template default_free_rule >>>> authentication-scheme PacketFence >>>> accounting-scheme PacketFence >>>> radius-server PacketFence >>>> force-push url https://www.fispy.mx >>>> >>>> radius-server template PacketFence >>>> radius-server shared-key cipher %^%#*)l=:1.X-Yd$\<~orEF@ >>>> ]<}NMejv3)E^\6;7:NUY%^%# >>>> radius-server authentication 10.0.255.99 1812 source ip-address >>>> 10.7.255.2 weight 90 >>>> radius-server accounting 10.0.255.99 1813 source ip-address 10.7.255.2 >>>> weight 80 >>>> undo radius-server user-name domain-included >>>> calling-station-id mac-format unformatted >>>> called-station-id wlan-user-format ac-mac >>>> radius-server attribute translate >>>> radius-attribute disable HW-NAS-Startup-Time-Stamp send >>>> radius-attribute disable HW-IP-Host-Address send >>>> radius-attribute disable HW-Connect-ID send >>>> radius-attribute disable HW-Version send >>>> radius-attribute disable HW-Product-ID send >>>> radius-attribute disable HW-Domain-Name send >>>> radius-attribute disable HW-User-Extend-Info send >>>> >>>> url-template name PacketFence >>>> url https://wifi.fispy.mx/captive-portal >>>> url-parameter login-url switch_url https://portal.fispy.mx:8443/login >>>> <<< THIS IS THE PARAMETER FOR THE REDIRECT TO PACKETFENCE >>>> >>>> web-auth-server PacketFence >>>> server-ip 10.0.255.99 >>>> port 443 >>>> url-template PacketFence >>>> protocol http >>>> http get-method enable >>>> >>>> portal-access-profile name PacketFence >>>> web-auth-server PacketFence direct >>>> >>>> >>>> authentication-scheme PacketFence >>>> authentication-mode radius >>>> >>>> wlan >>>> security-profile name FISPY-WiFi >>>> >>>> vap-profile name FISPY-WiFi >>>> service-vlan vlan-id 900 >>>> permit-vlan vlan-id 900 >>>> ssid-profile FISPY-WiFi >>>> security-profile FISPY-WiFi >>>> authentication-profile PacketFence >>>> sta-network-detect disable >>>> service-experience-analysis enable >>>> mdns-snooping enable >>>> >>>> >>>> >>>> >>>> ###CISCO ISE CONFIG TO COMPARE### >>>> >>>> url-template name CISCO-ISE >>>> url >>>> https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02 >>>> parameter start-mark # >>>> url-parameter login-url switch_url https://portal.fispy.mx:8443/login >>>> >>>> #################################### >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Feb 2, 2022, at 6:17 AM, Fabrice Durand <oeufd...@gmail.com> wrote: >>>> >>>> Hello Jorge, >>>> >>>> do you have any Huawei documentation to implement that ? >>>> >>>> Regards >>>> Fabrice >>>> >>>> >>>> Le mer. 26 janv. 2022 à 15:59, Jorge Nolla via PacketFence-users < >>>> packetfence-users@lists.sourceforge.net> a écrit : >>>> >>>>> Hi Team, >>>>> >>>>> We were wondering if anyone has had any success in configuring Web >>>>> Auth for the Huawei AC? It’s somewhat critical for us to get this going. >>>>> >>>>> Thank you! >>>>> Jorge >>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>> >>>> PacketFence-users@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>> >>>> >>>> >>>> >>> >>> >> >> >> >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
