I just pushed a fix.
cd /usr/local/pf
curl
https://github.com/inverse-inc/packetfence/commit/7628afddf46e0226667560dc33df192f9c4cf420.diff
| patch -p1
and restart
Le lun. 7 févr. 2022 à 13:46, Jorge Nolla <jno...@gmail.com> a écrit :
> Here are the log outputs for /usr/local/pf/logs/packetfence.log
>
>
> Feb 7 11:03:04 wifi packetfence_httpd.portal[61371]: httpd.portal(61371)
> INFO: [mac:[undef]] URI '/Huawei' is detected as an external captive portal
> URI (pf::web::externalportal::handle)
> Feb 7 11:03:04 wifi packetfence_httpd.portal[61371]: httpd.portal(61371)
> ERROR: [mac:[undef]] Cannot load perl module for switch type
> 'pf::Switch::Huawei'. Either switch type is unknown or switch type perl
> module have compilation errors. See the following message for details:
> (pf::web::externalportal::handle)
> Feb 7 11:03:06 wifi packetfence_httpd.portal[61370]: httpd.portal(61370)
> INFO: [mac:[undef]] URI '/Huawei' is detected as an external captive portal
> URI (pf::web::externalportal::handle)
> Feb 7 11:03:06 wifi packetfence_httpd.portal[61370]: httpd.portal(61370)
> ERROR: [mac:[undef]] Cannot load perl module for switch type
> 'pf::Switch::Huawei'. Either switch type is unknown or switch type perl
> module have compilation errors. See the following message for details:
> (pf::web::externalportal::handle)
>
>
>
> On Feb 7, 2022, at 10:50 AM, Jorge Nolla <jno...@gmail.com> wrote:
>
> Here is the output for HAProxy
>
> Feb 7 10:48:54 wifi haproxy[2285]: 10.9.215.39:63814
> [07/Feb/2022:10:48:54.074] portal-https-10.0.255.99~ 10.0.255.99-backend/
> 127.0.0.1 0/0/0/13/13 501 413 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx} "GET
> /Huawei?ac-ip=10.7.255.2&userip=10.9.215.39&ssid=FISPY-WiFi&ap-mac=f02f4b1467d9
> HTTP/1.1”
>
>
>
> On Feb 7, 2022, at 10:06 AM, Jorge Nolla <jno...@gmail.com> wrote:
>
> Hi Fabrice,
>
> From the Pf portal after the patch is applied.
>
> type: 'Huawei' is not a valid value The chosen type (Huawei) is not
> supported.
>
> On Feb 6, 2022, at 6:49 PM, Jorge Nolla <jno...@gmail.com> wrote:
>
>
> This is the only option on the config.
>
> <Screen Shot 2022-02-06 at 6.48.16 PM.png>
>
>
> On Feb 6, 2022, at 6:41 PM, Jorge Nolla <jno...@gmail.com> wrote:
>
> Hi Fabrice,
>
> Getting an error page from PF
>
> Not Implemented
> GET no supported for current URL.
>
> How is the switch supposed to be defined in PF?
>
>
>
> On Feb 6, 2022, at 5:55 PM, Fabrice Durand <oeufd...@gmail.com> wrote:
>
> I am just not sure what to set for username and password, if you do sms
> auth then there is no password.
>
> Also in the url it looks that it miss the mac address of the device , can
> you try to add device-mac and see if the device mac is in the url ?
>
> Here the first draft:
>
>
> https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff
>
> cd /usr/local/pf/
> curl
> https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff
> | patch -p1
>
> then restart packetfence.
>
> On the controller:
>
> url-template name PacketFence
> url https://wifi.fispy.mx/ <https://wifi.fispy.mx/captive-portal>Hawei
> url-parameter device-ip device-mac ac-ip user-ipaddress userip ssid ssid
> user-mac ap-mac
>
> So when the device will be forwarded to the portal it should be able to
> recognise the mac address and the ip of the device (in the bottom).
>
> Register on the portal and you should be forwarded to
> http://$controller_ip:8443/login?username=bob&password=bob
>
> Let me know how it behave.
>
> Regards
> Fabrice
>
>
>
>
> Le dim. 6 févr. 2022 à 18:58, Jorge Nolla <jno...@gmail.com> a écrit :
>
>> Hi Fabrice
>>
>> This is the GET the AC is expecting:
>>
>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>
>> If successful it will return as per image below. If it fails the AC will
>> redirect back to the Portal
>>
>> <WebAuthentication.png>
>>
>>
>> Here is the configuration:
>>
>> url-template name PacketFence
>> url https://wifi.fispy.mx/captive-portal
>> url-parameter login-url destination_url
>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>
>>
>> HA Proxy output
>>
>> Feb 6 16:44:26 wifi haproxy[2427]: 10.9.70.173:52266
>> [06/Feb/2022:16:44:26.153] portal-https-10.0.255.99~ 10.0.255.99-backend/
>> 127.0.0.1 0/0/0/202/202 200 9003 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx}
>> "GET /captive-portal?destination_url=
>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>> HTTP/1.1"
>>
>> Only problem is that PacketFence is not updating the dynamic values with
>> username and password for it to work
>>
>> AC = Access Controller. This manages the APs’ as they are operating in
>> Fit/Lightweight mode.
>> AP = Access Points. These are the actual radios.
>>
>> Best Regards,
>> Jorge
>>
>>
>> On Feb 6, 2022, at 4:40 PM, Fabrice Durand <oeufd...@gmail.com> wrote:
>>
>> Hello Jorge,
>>
>> i have what i need at least to be able to support the web-auth.
>> The only thing i am not sure is at the end of the registration process
>> what we are supposed to do.
>>
>> I will create a branch on github in order for you to test. (it will be an
>> update of the Huawei switch module).
>>
>> For information, what is the ac-ip ac-mac versus ap-ip ap-mac ?
>>
>> Regards
>> Fabrice
>>
>>
>> Le dim. 6 févr. 2022 à 18:30, Jorge Nolla <jno...@gmail.com> a écrit :
>>
>>> If I try to manually send the redirect in the browser here is what HA
>>> proxy records. This is a simple copy and paste in the browser and the
>>> output:
>>>
>>> https://wifi.fispy.mx/captive-portal?destination_url=
>>> https://portal.fispy.mx:8443/login?username=539z&password=0uf3
>>>
>>> 4875 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx} "GET
>>> /captive-portal?destination_url=
>>> https://portal.fispy.mx:8443/login?username=539z&password=0uf3 HTTP/1.1"
>>>
>>>
>>> It doesn’t let it go through as it seems that is trying to validate
>>> network connectivity
>>>
>>>
>>> On Feb 6, 2022, at 4:07 PM, Jorge Nolla <jno...@gmail.com> wrote:
>>>
>>> Seems weird how the format of the URL is recorded/sent
>>>
>>>
>>> Here is a normal redirect, the url is formatted correctly,
>>>
>>>
>>> Feb 6 16:03:41 wifi haproxy[2427]: 10.99.1.20:63577
>>> [06/Feb/2022:16:03:41.232] portal-https-10.0.255.99~ 10.0.255.99-backend/
>>> 127.0.0.1 0/0/1/233/234 200 4910 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx}
>>> "GET /captive-portal?destination_url=https://www.fispy.mx/ HTTP/1.1"
>>>
>>> I’m not sure why the value sent by the AP has all the % and weird
>>> symbols
>>> destination%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>> <https://wifi.fispy.mx/captive-portal?switch_url=https://portal.fispy.mx:8443/login>
>>>
>>>
>>> On Feb 6, 2022, at 4:00 PM, Jorge Nolla <jno...@gmail.com> wrote:
>>>
>>> Hi Fabrice,
>>>
>>> Here are the options that can be added:
>>>
>>> [AirEngine9700-M1-url-template-PacketFence]url-parameter ?
>>> ap-group-name AP group name
>>> ap-ip AP IP address
>>> ap-location AP location
>>> ap-mac AP MAC address
>>> ap-name AP name
>>> device-ip Device IP address
>>> device-mac Device MAC address
>>> login-url Device's login URL provided to the external portal
>>> server
>>> mac-address Mac address
>>> redirect-url The url in user original http packet
>>> set Set
>>> ssid SSID
>>> sysname Device name
>>> user-ipaddress User IP address
>>> user-mac User MAC address
>>>
>>>
>>> url-template name PacketFence
>>> url https://wifi.fispy.mx/captive-portal
>>> url-parameter device-ip ac-ip user-ipaddress userip ssid ssid user-mac
>>> ap-mac
>>>
>>>
>>> 200 9003 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx} "GET
>>> /captive-portal?ac%2Dip=10%2E7%2E255%2E2&userip=10%2E9%2E70%2E173&ssid=FISPY%2DWiFi&ap%2Dmac=f02f4b1467d9
>>> HTTP/1.1"
>>>
>>>
>>> If we do not specify the URL on this configuration, where would
>>> PacketFence get the value for the AC Web Authentication call?
>>>
>>>
>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>
>>> Best Regards,
>>> Jorge
>>>
>>> On Feb 5, 2022, at 8:23 PM, Fabrice Durand <oeufd...@gmail.com> wrote:
>>>
>>> Hello Jorge,
>>>
>>> what we need is the user mac and the ap information.
>>> I found that
>>> https://support.huawei.com/enterprise/en/doc/EDOC1100008283/659354b1/display-url-template
>>>
>>> Is it possible to add extra parameters like user-mac ssid ap-ip ap-mac ?
>>>
>>> And if yes can you provide me the url generated by the controller when
>>> it redirect ? (haproxy-portal log)
>>>
>>> Regards
>>> Fabrice
>>>
>>>
>>>
>>> Le sam. 5 févr. 2022 à 20:42, Jorge Nolla <jno...@gmail.com> a écrit :
>>>
>>>> Hi Team,
>>>>
>>>> Any input on this? We really would like to get this to work.
>>>>
>>>> Thank you!
>>>> Jorge
>>>>
>>>> On Feb 2, 2022, at 7:48 PM, Jorge Nolla <jno...@gmail.com> wrote:
>>>>
>>>> Hi Fabrice,
>>>>
>>>> This is the sequence:
>>>>
>>>> Feb 2 14:51:32 wifi haproxy[2427]: 10.9.79.52:61132
>>>> [02/Feb/2022:14:51:32.663] portal-http-10.0.255.99 10.0.255.99-backend/
>>>> 127.0.0.1 0/0/0/201/201 200 7146 - - ---- 3/1/0/0/0 0/0 {wifi.fispy.mx}
>>>> "GET /access?lang= HTTP/1.1"
>>>> Feb 2 14:51:37 wifi haproxy[2427]: 10.9.79.52:61133
>>>> [02/Feb/2022:14:51:37.905] portal-http-10.0.255.99 static/127.0.0.1
>>>> 0/0/0/2/2 200 228 - - ---- 4/2/0/0/0 0/0 {10.0.255.99} "GET
>>>> /common/network-access-detection.gif?r=1643838705224 HTTP/1.1"
>>>> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61130
>>>> [02/Feb/2022:14:51:43.927] portal-https-10.0.255.99~ 10.0.255.99-backend/
>>>> 127.0.0.1 0/0/0/122/122 302 1018 - - ---- 4/1/0/0/0 0/0 {wifi.fispy.mx}
>>>> "GET
>>>> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>> HTTP/1.1"
>>>> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61132
>>>> [02/Feb/2022:14:51:44.060] portal-http-10.0.255.99 10.0.255.99-backend/
>>>> 127.0.0.1 0/0/0/129/129 200 7146 - - ---- 4/2/0/0/0 0/0 {wifi.fispy.mx}
>>>> "GET /access?lang= HTTP/1.1"
>>>> Feb 2 14:51:49 wifi haproxy[2427]: 10.9.79.52:61133
>>>> [02/Feb/2022:14:51:49.219] portal-http-10.0.255.99 static/127.0.0.1
>>>> 0/0/0/1/1 200 228 - - ---- 4/2/0/0/0 0/0 {10.0.255.99} "GET
>>>> /common/network-access-detection.gif?r=1643838716546 HTTP/1.1"
>>>> Feb 2 14:51:55 wifi haproxy[2427]: 10.9.79.52:61130
>>>> [02/Feb/2022:14:51:55.287] portal-https-10.0.255.99~ 10.0.255.99-backend/
>>>> 127.0.0.1 0/0/0/136/136 302 1018 - - ---- 4/1/0/0/0 0/0 {wifi.fispy.mx}
>>>> "GET
>>>> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>> HTTP/1.1”
>>>>
>>>>
>>>>
>>>> On Feb 2, 2022, at 7:12 PM, Fabrice Durand <oeufd...@gmail.com> wrote:
>>>>
>>>> Hello Jorge,
>>>>
>>>> i will have a look closer.
>>>> But i have a question, when the device is forwarded to the captive
>>>> portal, (just before
>>>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>> <https://wifi.fispy.mx/captive-portal?switch_url=https://portal.fispy.mx:8443/login>)
>>>> , what is the url ?
>>>> You should be able to see it in the haproxy-portal.log file.
>>>>
>>>> Regards
>>>> Fabrice
>>>>
>>>> Le mer. 2 févr. 2022 à 10:18, Jorge Nolla <jno...@gmail.com> a écrit :
>>>>
>>>>> Hi Fabrice,
>>>>>
>>>>>
>>>>> We almost have the configuration working, but are not sure how to get
>>>>> the redirect to the client to work correctly. Attached is the
>>>>> documentation
>>>>> for Cisco ISE which we used for PacketFence as well.
>>>>>
>>>>> Portal.fispy.mx <http://portal.fispy.mx/> is the Huawei AC.
>>>>>
>>>>> This is the format the client should get from PacketFence. This is the
>>>>> only piece we are missing for this to work.
>>>>>
>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>
>>>>>
>>>>> If we manually click on the link above, then the flow of traffic works
>>>>> correctly CLIENT > AC > RADIUS (PacketFence), and authentication works.
>>>>> The
>>>>> problem is that when the user logs in to the portal the redirect is
>>>>> broken.
>>>>> The parameter for the redirect that PacketFence is serving, comes from a
>>>>> configuration parameter within the AC. This configuration works fine for
>>>>> Cisco ISE, but the URL format is not working for PacketFence.
>>>>>
>>>>>
>>>>> When we configure the redirect this is what the client is getting from
>>>>> PacketFence
>>>>>
>>>>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>>>
>>>>>
>>>>> url-template name PacketFence
>>>>> url https://wifi.fispy.mx/captive-portal
>>>>> url-parameter login-url switch_url https://portal.fispy.mx:8443/login
>>>>> <<< THIS IS THE PARAMETER FOR THE REDIRECT TO PACKETFENCE
>>>>>
>>>>>
>>>>>
>>>>> AC CONFIG
>>>>>
>>>>> authentication-profile name PacketFence
>>>>> portal-access-profile PacketFence
>>>>> free-rule-template default_free_rule
>>>>> authentication-scheme PacketFence
>>>>> accounting-scheme PacketFence
>>>>> radius-server PacketFence
>>>>> force-push url https://www.fispy.mx
>>>>>
>>>>> radius-server template PacketFence
>>>>> radius-server shared-key cipher %^%#*)l=:1.X-Yd$\<~orEF@
>>>>> ]<}NMejv3)E^\6;7:NUY%^%#
>>>>> radius-server authentication 10.0.255.99 1812 source ip-address
>>>>> 10.7.255.2 weight 90
>>>>> radius-server accounting 10.0.255.99 1813 source ip-address
>>>>> 10.7.255.2 weight 80
>>>>> undo radius-server user-name domain-included
>>>>> calling-station-id mac-format unformatted
>>>>> called-station-id wlan-user-format ac-mac
>>>>> radius-server attribute translate
>>>>> radius-attribute disable HW-NAS-Startup-Time-Stamp send
>>>>> radius-attribute disable HW-IP-Host-Address send
>>>>> radius-attribute disable HW-Connect-ID send
>>>>> radius-attribute disable HW-Version send
>>>>> radius-attribute disable HW-Product-ID send
>>>>> radius-attribute disable HW-Domain-Name send
>>>>> radius-attribute disable HW-User-Extend-Info send
>>>>>
>>>>> url-template name PacketFence
>>>>> url https://wifi.fispy.mx/captive-portal
>>>>> url-parameter login-url switch_url https://portal.fispy.mx:8443/login
>>>>> <<< THIS IS THE PARAMETER FOR THE REDIRECT TO PACKETFENCE
>>>>>
>>>>> web-auth-server PacketFence
>>>>> server-ip 10.0.255.99
>>>>> port 443
>>>>> url-template PacketFence
>>>>> protocol http
>>>>> http get-method enable
>>>>>
>>>>> portal-access-profile name PacketFence
>>>>> web-auth-server PacketFence direct
>>>>>
>>>>>
>>>>> authentication-scheme PacketFence
>>>>> authentication-mode radius
>>>>>
>>>>> wlan
>>>>> security-profile name FISPY-WiFi
>>>>>
>>>>> vap-profile name FISPY-WiFi
>>>>> service-vlan vlan-id 900
>>>>> permit-vlan vlan-id 900
>>>>> ssid-profile FISPY-WiFi
>>>>> security-profile FISPY-WiFi
>>>>> authentication-profile PacketFence
>>>>> sta-network-detect disable
>>>>> service-experience-analysis enable
>>>>> mdns-snooping enable
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ###CISCO ISE CONFIG TO COMPARE###
>>>>>
>>>>> url-template name CISCO-ISE
>>>>> url
>>>>> https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02
>>>>> parameter start-mark #
>>>>> url-parameter login-url switch_url https://portal.fispy.mx:8443/login
>>>>>
>>>>> ####################################
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Feb 2, 2022, at 6:17 AM, Fabrice Durand <oeufd...@gmail.com> wrote:
>>>>>
>>>>> Hello Jorge,
>>>>>
>>>>> do you have any Huawei documentation to implement that ?
>>>>>
>>>>> Regards
>>>>> Fabrice
>>>>>
>>>>>
>>>>> Le mer. 26 janv. 2022 à 15:59, Jorge Nolla via PacketFence-users <
>>>>> packetfence-users@lists.sourceforge.net> a écrit :
>>>>>
>>>>>> Hi Team,
>>>>>>
>>>>>> We were wondering if anyone has had any success in configuring Web
>>>>>> Auth for the Huawei AC? It’s somewhat critical for us to get this going.
>>>>>>
>>>>>> Thank you!
>>>>>> Jorge
>>>>>>
>>>>>> _______________________________________________
>>>>>> PacketFence-users mailing list
>>>>>
>>>>> PacketFence-users@lists.sourceforge.net
>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>
>
>
>
>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
