Did you try to hardcode that in the code and see if it works ? Also i don´t understand the goal of passing the username and password , is there any extra check after that ? What happen if the user register by sms/email ?
And i just found that: https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_1 Is it something that can be configured on the Hawei ? If yes then it will mimic the way the Cisco WLC works. Regards Fabrice Le lun. 7 févr. 2022 à 16:01, Jorge Nolla <jno...@gmail.com> a écrit : > Hi Fabrice, > > This line needs to be HTTPS for it to work > <form name="weblogin_form" data-autosubmit="1000" method="GET" action=" > http://$controller_ip:8443/login?username=bob&password=bob"; > style="display:none”> > > This needs to be the username and password which is being entered by the > user in the PF portal, which is the Radius username and password > username=bob&password=bob > > > On Feb 7, 2022, at 12:03 PM, Fabrice Durand <oeufd...@gmail.com> wrote: > > I just pushed a fix. > > cd /usr/local/pf > curl > https://github.com/inverse-inc/packetfence/commit/7628afddf46e0226667560dc33df192f9c4cf420.diff > | patch -p1 > and restart > > Le lun. 7 févr. 2022 à 13:46, Jorge Nolla <jno...@gmail.com> a écrit : > >> Here are the log outputs for /usr/local/pf/logs/packetfence.log >> >> >> Feb 7 11:03:04 wifi packetfence_httpd.portal[61371]: httpd.portal(61371) >> INFO: [mac:[undef]] URI '/Huawei' is detected as an external captive portal >> URI (pf::web::externalportal::handle) >> Feb 7 11:03:04 wifi packetfence_httpd.portal[61371]: httpd.portal(61371) >> ERROR: [mac:[undef]] Cannot load perl module for switch type >> 'pf::Switch::Huawei'. Either switch type is unknown or switch type perl >> module have compilation errors. See the following message for details: >> (pf::web::externalportal::handle) >> Feb 7 11:03:06 wifi packetfence_httpd.portal[61370]: httpd.portal(61370) >> INFO: [mac:[undef]] URI '/Huawei' is detected as an external captive portal >> URI (pf::web::externalportal::handle) >> Feb 7 11:03:06 wifi packetfence_httpd.portal[61370]: httpd.portal(61370) >> ERROR: [mac:[undef]] Cannot load perl module for switch type >> 'pf::Switch::Huawei'. Either switch type is unknown or switch type perl >> module have compilation errors. See the following message for details: >> (pf::web::externalportal::handle) >> >> >> >> On Feb 7, 2022, at 10:50 AM, Jorge Nolla <jno...@gmail.com> wrote: >> >> Here is the output for HAProxy >> >> Feb 7 10:48:54 wifi haproxy[2285]: 10.9.215.39:63814 >> [07/Feb/2022:10:48:54.074] portal-https-10.0.255.99~ 10.0.255.99-backend/ >> 127.0.0.1 0/0/0/13/13 501 413 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx} >> "GET >> /Huawei?ac-ip=10.7.255.2&userip=10.9.215.39&ssid=FISPY-WiFi&ap-mac=f02f4b1467d9 >> HTTP/1.1” >> >> >> >> On Feb 7, 2022, at 10:06 AM, Jorge Nolla <jno...@gmail.com> wrote: >> >> Hi Fabrice, >> >> From the Pf portal after the patch is applied. >> >> type: 'Huawei' is not a valid value The chosen type (Huawei) is not >> supported. >> >> On Feb 6, 2022, at 6:49 PM, Jorge Nolla <jno...@gmail.com> wrote: >> >> >> This is the only option on the config. >> >> <Screen Shot 2022-02-06 at 6.48.16 PM.png> >> >> >> On Feb 6, 2022, at 6:41 PM, Jorge Nolla <jno...@gmail.com> wrote: >> >> Hi Fabrice, >> >> Getting an error page from PF >> >> Not Implemented >> GET no supported for current URL. >> >> How is the switch supposed to be defined in PF? >> >> >> >> On Feb 6, 2022, at 5:55 PM, Fabrice Durand <oeufd...@gmail.com> wrote: >> >> I am just not sure what to set for username and password, if you do sms >> auth then there is no password. >> >> Also in the url it looks that it miss the mac address of the device , can >> you try to add device-mac and see if the device mac is in the url ? >> >> Here the first draft: >> >> >> https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff >> >> cd /usr/local/pf/ >> curl >> https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff >> | patch -p1 >> >> then restart packetfence. >> >> On the controller: >> >> url-template name PacketFence >> url https://wifi.fispy.mx/ <https://wifi.fispy.mx/captive-portal>Hawei >> url-parameter device-ip device-mac ac-ip user-ipaddress userip ssid ssid >> user-mac ap-mac >> >> So when the device will be forwarded to the portal it should be able to >> recognise the mac address and the ip of the device (in the bottom). >> >> Register on the portal and you should be forwarded to >> http://$controller_ip:8443/login?username=bob&password=bob >> >> Let me know how it behave. >> >> Regards >> Fabrice >> >> >> >> >> Le dim. 6 févr. 2022 à 18:58, Jorge Nolla <jno...@gmail.com> a écrit : >> >>> Hi Fabrice >>> >>> This is the GET the AC is expecting: >>> >>> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >>> >>> If successful it will return as per image below. If it fails the AC will >>> redirect back to the Portal >>> >>> <WebAuthentication.png> >>> >>> >>> Here is the configuration: >>> >>> url-template name PacketFence >>> url https://wifi.fispy.mx/captive-portal >>> url-parameter login-url destination_url >>> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >>> >>> >>> HA Proxy output >>> >>> Feb 6 16:44:26 wifi haproxy[2427]: 10.9.70.173:52266 >>> [06/Feb/2022:16:44:26.153] portal-https-10.0.255.99~ 10.0.255.99-backend/ >>> 127.0.0.1 0/0/0/202/202 200 9003 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx} >>> "GET /captive-portal?destination_url= >>> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >>> HTTP/1.1" >>> >>> Only problem is that PacketFence is not updating the dynamic values with >>> username and password for it to work >>> >>> AC = Access Controller. This manages the APs’ as they are operating in >>> Fit/Lightweight mode. >>> AP = Access Points. These are the actual radios. >>> >>> Best Regards, >>> Jorge >>> >>> >>> On Feb 6, 2022, at 4:40 PM, Fabrice Durand <oeufd...@gmail.com> wrote: >>> >>> Hello Jorge, >>> >>> i have what i need at least to be able to support the web-auth. >>> The only thing i am not sure is at the end of the registration process >>> what we are supposed to do. >>> >>> I will create a branch on github in order for you to test. (it will be >>> an update of the Huawei switch module). >>> >>> For information, what is the ac-ip ac-mac versus ap-ip ap-mac ? >>> >>> Regards >>> Fabrice >>> >>> >>> Le dim. 6 févr. 2022 à 18:30, Jorge Nolla <jno...@gmail.com> a écrit : >>> >>>> If I try to manually send the redirect in the browser here is what HA >>>> proxy records. This is a simple copy and paste in the browser and the >>>> output: >>>> >>>> https://wifi.fispy.mx/captive-portal?destination_url= >>>> https://portal.fispy.mx:8443/login?username=539z&password=0uf3 >>>> >>>> 4875 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx} "GET >>>> /captive-portal?destination_url= >>>> https://portal.fispy.mx:8443/login?username=539z&password=0uf3 >>>> HTTP/1.1" >>>> >>>> >>>> It doesn’t let it go through as it seems that is trying to validate >>>> network connectivity >>>> >>>> >>>> On Feb 6, 2022, at 4:07 PM, Jorge Nolla <jno...@gmail.com> wrote: >>>> >>>> Seems weird how the format of the URL is recorded/sent >>>> >>>> >>>> Here is a normal redirect, the url is formatted correctly, >>>> >>>> >>>> Feb 6 16:03:41 wifi haproxy[2427]: 10.99.1.20:63577 >>>> [06/Feb/2022:16:03:41.232] portal-https-10.0.255.99~ 10.0.255.99-backend/ >>>> 127.0.0.1 0/0/1/233/234 200 4910 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx} >>>> "GET /captive-portal?destination_url=https://www.fispy.mx/ HTTP/1.1" >>>> >>>> I’m not sure why the value sent by the AP has all the % and weird >>>> symbols >>>> destination%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>>> <https://wifi.fispy.mx/captive-portal?switch_url=https://portal.fispy.mx:8443/login> >>>> >>>> >>>> On Feb 6, 2022, at 4:00 PM, Jorge Nolla <jno...@gmail.com> wrote: >>>> >>>> Hi Fabrice, >>>> >>>> Here are the options that can be added: >>>> >>>> [AirEngine9700-M1-url-template-PacketFence]url-parameter ? >>>> ap-group-name AP group name >>>> ap-ip AP IP address >>>> ap-location AP location >>>> ap-mac AP MAC address >>>> ap-name AP name >>>> device-ip Device IP address >>>> device-mac Device MAC address >>>> login-url Device's login URL provided to the external portal >>>> server >>>> mac-address Mac address >>>> redirect-url The url in user original http packet >>>> set Set >>>> ssid SSID >>>> sysname Device name >>>> user-ipaddress User IP address >>>> user-mac User MAC address >>>> >>>> >>>> url-template name PacketFence >>>> url https://wifi.fispy.mx/captive-portal >>>> url-parameter device-ip ac-ip user-ipaddress userip ssid ssid user-mac >>>> ap-mac >>>> >>>> >>>> 200 9003 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx} "GET >>>> /captive-portal?ac%2Dip=10%2E7%2E255%2E2&userip=10%2E9%2E70%2E173&ssid=FISPY%2DWiFi&ap%2Dmac=f02f4b1467d9 >>>> HTTP/1.1" >>>> >>>> >>>> If we do not specify the URL on this configuration, where would >>>> PacketFence get the value for the AC Web Authentication call? >>>> >>>> >>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >>>> >>>> Best Regards, >>>> Jorge >>>> >>>> On Feb 5, 2022, at 8:23 PM, Fabrice Durand <oeufd...@gmail.com> wrote: >>>> >>>> Hello Jorge, >>>> >>>> what we need is the user mac and the ap information. >>>> I found that >>>> https://support.huawei.com/enterprise/en/doc/EDOC1100008283/659354b1/display-url-template >>>> >>>> Is it possible to add extra parameters like user-mac ssid ap-ip ap-mac ? >>>> >>>> And if yes can you provide me the url generated by the controller when >>>> it redirect ? (haproxy-portal log) >>>> >>>> Regards >>>> Fabrice >>>> >>>> >>>> >>>> Le sam. 5 févr. 2022 à 20:42, Jorge Nolla <jno...@gmail.com> a écrit : >>>> >>>>> Hi Team, >>>>> >>>>> Any input on this? We really would like to get this to work. >>>>> >>>>> Thank you! >>>>> Jorge >>>>> >>>>> On Feb 2, 2022, at 7:48 PM, Jorge Nolla <jno...@gmail.com> wrote: >>>>> >>>>> Hi Fabrice, >>>>> >>>>> This is the sequence: >>>>> >>>>> Feb 2 14:51:32 wifi haproxy[2427]: 10.9.79.52:61132 >>>>> [02/Feb/2022:14:51:32.663] portal-http-10.0.255.99 10.0.255.99-backend/ >>>>> 127.0.0.1 0/0/0/201/201 200 7146 - - ---- 3/1/0/0/0 0/0 {wifi.fispy.mx} >>>>> "GET /access?lang= HTTP/1.1" >>>>> Feb 2 14:51:37 wifi haproxy[2427]: 10.9.79.52:61133 >>>>> [02/Feb/2022:14:51:37.905] portal-http-10.0.255.99 static/127.0.0.1 >>>>> 0/0/0/2/2 200 228 - - ---- 4/2/0/0/0 0/0 {10.0.255.99} "GET >>>>> /common/network-access-detection.gif?r=1643838705224 HTTP/1.1" >>>>> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61130 >>>>> [02/Feb/2022:14:51:43.927] portal-https-10.0.255.99~ 10.0.255.99-backend/ >>>>> 127.0.0.1 0/0/0/122/122 302 1018 - - ---- 4/1/0/0/0 0/0 {wifi.fispy.mx} >>>>> "GET >>>>> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>>>> HTTP/1.1" >>>>> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61132 >>>>> [02/Feb/2022:14:51:44.060] portal-http-10.0.255.99 10.0.255.99-backend/ >>>>> 127.0.0.1 0/0/0/129/129 200 7146 - - ---- 4/2/0/0/0 0/0 {wifi.fispy.mx} >>>>> "GET /access?lang= HTTP/1.1" >>>>> Feb 2 14:51:49 wifi haproxy[2427]: 10.9.79.52:61133 >>>>> [02/Feb/2022:14:51:49.219] portal-http-10.0.255.99 static/127.0.0.1 >>>>> 0/0/0/1/1 200 228 - - ---- 4/2/0/0/0 0/0 {10.0.255.99} "GET >>>>> /common/network-access-detection.gif?r=1643838716546 HTTP/1.1" >>>>> Feb 2 14:51:55 wifi haproxy[2427]: 10.9.79.52:61130 >>>>> [02/Feb/2022:14:51:55.287] portal-https-10.0.255.99~ 10.0.255.99-backend/ >>>>> 127.0.0.1 0/0/0/136/136 302 1018 - - ---- 4/1/0/0/0 0/0 {wifi.fispy.mx} >>>>> "GET >>>>> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>>>> HTTP/1.1” >>>>> >>>>> >>>>> >>>>> On Feb 2, 2022, at 7:12 PM, Fabrice Durand <oeufd...@gmail.com> wrote: >>>>> >>>>> Hello Jorge, >>>>> >>>>> i will have a look closer. >>>>> But i have a question, when the device is forwarded to the captive >>>>> portal, (just before >>>>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>>>> <https://wifi.fispy.mx/captive-portal?switch_url=https://portal.fispy.mx:8443/login>) >>>>> , what is the url ? >>>>> You should be able to see it in the haproxy-portal.log file. >>>>> >>>>> Regards >>>>> Fabrice >>>>> >>>>> Le mer. 2 févr. 2022 à 10:18, Jorge Nolla <jno...@gmail.com> a écrit : >>>>> >>>>>> Hi Fabrice, >>>>>> >>>>>> >>>>>> We almost have the configuration working, but are not sure how to get >>>>>> the redirect to the client to work correctly. Attached is the >>>>>> documentation >>>>>> for Cisco ISE which we used for PacketFence as well. >>>>>> >>>>>> Portal.fispy.mx <http://portal.fispy.mx/> is the Huawei AC. >>>>>> >>>>>> This is the format the client should get from PacketFence. This is >>>>>> the only piece we are missing for this to work. >>>>>> >>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >>>>>> >>>>>> >>>>>> If we manually click on the link above, then the flow of traffic >>>>>> works correctly CLIENT > AC > RADIUS (PacketFence), and authentication >>>>>> works. The problem is that when the user logs in to the portal the >>>>>> redirect >>>>>> is broken. The parameter for the redirect that PacketFence is serving, >>>>>> comes from a configuration parameter within the AC. This configuration >>>>>> works fine for Cisco ISE, but the URL format is not working for >>>>>> PacketFence. >>>>>> >>>>>> >>>>>> When we configure the redirect this is what the client is getting >>>>>> from PacketFence >>>>>> >>>>>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>>>>> >>>>>> >>>>>> url-template name PacketFence >>>>>> url https://wifi.fispy.mx/captive-portal >>>>>> url-parameter login-url switch_url >>>>>> https://portal.fispy.mx:8443/login <<< THIS IS THE PARAMETER FOR >>>>>> THE REDIRECT TO PACKETFENCE >>>>>> >>>>>> >>>>>> >>>>>> AC CONFIG >>>>>> >>>>>> authentication-profile name PacketFence >>>>>> portal-access-profile PacketFence >>>>>> free-rule-template default_free_rule >>>>>> authentication-scheme PacketFence >>>>>> accounting-scheme PacketFence >>>>>> radius-server PacketFence >>>>>> force-push url https://www.fispy.mx >>>>>> >>>>>> radius-server template PacketFence >>>>>> radius-server shared-key cipher %^%#*)l=:1.X-Yd$\<~orEF@ >>>>>> ]<}NMejv3)E^\6;7:NUY%^%# >>>>>> radius-server authentication 10.0.255.99 1812 source ip-address >>>>>> 10.7.255.2 weight 90 >>>>>> radius-server accounting 10.0.255.99 1813 source ip-address >>>>>> 10.7.255.2 weight 80 >>>>>> undo radius-server user-name domain-included >>>>>> calling-station-id mac-format unformatted >>>>>> called-station-id wlan-user-format ac-mac >>>>>> radius-server attribute translate >>>>>> radius-attribute disable HW-NAS-Startup-Time-Stamp send >>>>>> radius-attribute disable HW-IP-Host-Address send >>>>>> radius-attribute disable HW-Connect-ID send >>>>>> radius-attribute disable HW-Version send >>>>>> radius-attribute disable HW-Product-ID send >>>>>> radius-attribute disable HW-Domain-Name send >>>>>> radius-attribute disable HW-User-Extend-Info send >>>>>> >>>>>> url-template name PacketFence >>>>>> url https://wifi.fispy.mx/captive-portal >>>>>> url-parameter login-url switch_url >>>>>> https://portal.fispy.mx:8443/login <<< THIS IS THE PARAMETER FOR >>>>>> THE REDIRECT TO PACKETFENCE >>>>>> >>>>>> web-auth-server PacketFence >>>>>> server-ip 10.0.255.99 >>>>>> port 443 >>>>>> url-template PacketFence >>>>>> protocol http >>>>>> http get-method enable >>>>>> >>>>>> portal-access-profile name PacketFence >>>>>> web-auth-server PacketFence direct >>>>>> >>>>>> >>>>>> authentication-scheme PacketFence >>>>>> authentication-mode radius >>>>>> >>>>>> wlan >>>>>> security-profile name FISPY-WiFi >>>>>> >>>>>> vap-profile name FISPY-WiFi >>>>>> service-vlan vlan-id 900 >>>>>> permit-vlan vlan-id 900 >>>>>> ssid-profile FISPY-WiFi >>>>>> security-profile FISPY-WiFi >>>>>> authentication-profile PacketFence >>>>>> sta-network-detect disable >>>>>> service-experience-analysis enable >>>>>> mdns-snooping enable >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ###CISCO ISE CONFIG TO COMPARE### >>>>>> >>>>>> url-template name CISCO-ISE >>>>>> url >>>>>> https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02 >>>>>> parameter start-mark # >>>>>> url-parameter login-url switch_url >>>>>> https://portal.fispy.mx:8443/login >>>>>> >>>>>> #################################### >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Feb 2, 2022, at 6:17 AM, Fabrice Durand <oeufd...@gmail.com> >>>>>> wrote: >>>>>> >>>>>> Hello Jorge, >>>>>> >>>>>> do you have any Huawei documentation to implement that ? >>>>>> >>>>>> Regards >>>>>> Fabrice >>>>>> >>>>>> >>>>>> Le mer. 26 janv. 2022 à 15:59, Jorge Nolla via PacketFence-users < >>>>>> packetfence-users@lists.sourceforge.net> a écrit : >>>>>> >>>>>>> Hi Team, >>>>>>> >>>>>>> We were wondering if anyone has had any success in configuring Web >>>>>>> Auth for the Huawei AC? It’s somewhat critical for us to get this going. >>>>>>> >>>>>>> Thank you! >>>>>>> Jorge >>>>>>> >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>> >>>>>> PacketFence-users@lists.sourceforge.net >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>> >>>> >>>> >>> >> >> >> >> >> >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
