Hi Team,
Still can’t get accounting to proxy to the billing server. I don’t see the
configuration on the proxy.conf so I imagine is pulling from this file.
[root@wifi raddb]# cat proxy.conf.inc
# This file is generated from a template at
/usr/local/pf/conf/radiusd/proxy.conf.inc
# Any changes made to this file will be lost on restart
# Eduroam integration is not configured
realm default {
}
realm local {
}
realm null {
}
realm fispy.mx {
auth_pool = auth_pool_fispy.mx
acct_pool = acct_pool_fispy.mx
}
home_server_pool auth_pool_fispy.mx {
type = keyed-balance
home_server = Splynx
}
home_server_pool acct_pool_fispy.mx {
type = load-balance
home_server = Splynx
}
realm eduroam.default {
}
realm eduroam.local {
}
realm eduroam.null {
}
realm eduroam.fispy.mx {
}
home_server Splynx {
ipaddr = 10.0.254.100
port = 1812
secret = @Put@Madr3
type = auth+acct
status_check = status-server
}
# pfacct configuration
realm pfacct {
acct_pool = pfacct_pool
nostrip
}
home_server_pool pfacct_pool {
home_server = pfacct_local
}
home_server pfacct_local {
type = acct
ipaddr = 127.0.0.1
port = 1813
secret = 'ZDQ3YzUzMjkxM2M1NjBhM2IyMTJjNWE0'
src_ipaddr = 10.0.255.99
}
> On Feb 8, 2022, at 11:51 AM, Jorge Nolla <jno...@gmail.com> wrote:
>
> Fabrice,
>
> For some reason I cannot get accounting forwarding to the Billing/Radius
> Server. This server has the plans for the customers.
>
> <Screen Shot 2022-02-08 at 11.48.23 AM.png>
>
>
> <Screen Shot 2022-02-08 at 11.50.20 AM.png>
>
>
> <Screen Shot 2022-02-08 at 11.48.01 AM.png>
>
>
> <Screen Shot 2022-02-08 at 11.51.33 AM.png>
>
>> On Feb 8, 2022, at 11:39 AM, Jorge Nolla <jno...@gmail.com
>> <mailto:jno...@gmail.com>> wrote:
>>
>> Hi Fabrice,
>>
>> It worked. I had to change to HTTPS and DNS for the cert on the server to
>> work. We also changed the method to GET. Will try POST, not sure if this
>> will make a difference.
>>
>> my $html_form = qq[
>> <form name="weblogin_form" data-autosubmit="1000" method="GET"
>> action="https://portal.fispy.mx:8443/login
>> <https://portal.fispy.mx:8443/login>">
>> <input type="hidden" name="username" value="$mac">
>> <input type="hidden" name="password" value="$mac">
>> </form>
>> <script src="/content/autosubmit.js" type="text/javascript"></script>
>>
>> Here is the a sample of the radius info on PF. Top entry is with new
>> configuration MAC address as username. Bottom one is the old configuration,
>> where we were submitting the url request manually.
>>
>> <Screen Shot 2022-02-08 at 11.34.52 AM.png>
>>
>>
>>> On Feb 8, 2022, at 9:30 AM, Fabrice Durand <oeufd...@gmail.com
>>> <mailto:oeufd...@gmail.com>> wrote:
>>>
>>> Yes, that's it.
>>>
>>> Le mar. 8 févr. 2022 à 11:23, Jorge Nolla <jno...@gmail.com
>>> <mailto:jno...@gmail.com>> a écrit :
>>> Fabrice,
>>>
>>> The document you had provided didn’t layout the configuration steps. I
>>> think this might be the correct document for the configuration you are
>>> referring. If you have a chance take a look and let me know.
>>>
>>> https://support.huawei.com/enterprise/mx/knowledge/EKB1100055064
>>> <https://support.huawei.com/enterprise/mx/knowledge/EKB1100055064>
>>>
>>>
>>>
>>>> On Feb 8, 2022, at 9:14 AM, Fabrice Durand <oeufd...@gmail.com
>>>> <mailto:oeufd...@gmail.com>> wrote:
>>>>
>>>> You can try that instead:
>>>>
>>>> my $html_form = qq[
>>>> <form name="weblogin_form" data-autosubmit="1000" method="POST"
>>>> action="http://$controller_ip:8443/login
>>>> <http://$controller_ip:8443/login>">
>>>> <input type="hidden" name="username" value="$mac">
>>>> <input type="hidden" name="password" value="$mac">
>>>> </form>
>>>> <script src="/content/autosubmit.js"
>>>> type="text/javascript"></script>
>>>> ];
>>>>
>>>> It will pass the mac address of the device in the radius request as
>>>> username and password instead of the real username and password who has
>>>> been authenticated previously on the portal.
>>>> Then you just need to configure the registration role in the switch
>>>> configuration to be -1 (packetfence side) and if the device is unreg then
>>>> the request will be rejected.
>>>>
>>>>
>>>> Le mar. 8 févr. 2022 à 11:04, Jorge Nolla <jno...@gmail.com
>>>> <mailto:jno...@gmail.com>> a écrit :
>>>> Hi Fabrice,
>>>>
>>>> Let me check what the difference is in configuration on the AC side, I’ll
>>>> report within the hour. Any clues as to why the parameters are not being
>>>> passed?
>>>>
>>>>
>>>>> On Feb 8, 2022, at 8:55 AM, Fabrice Durand <oeufd...@gmail.com
>>>>> <mailto:oeufd...@gmail.com>> wrote:
>>>>>
>>>>> Hello Jorge,
>>>>>
>>>>> i really think that it´s not the correct way to support the web auth in
>>>>> Huawei.
>>>>> The only thing you can do with the portal is to authenticate with a
>>>>> username and password, there is no way to do anything else
>>>>> (sms/email/sponsor/....).
>>>>>
>>>>> Also when you authenticate on the portal , the portal validate your
>>>>> username and password and with the workflow you have it will authenticate
>>>>> twice (portal and radius) and it doesn´t make sense.
>>>>>
>>>>> So if you want to keep this way then you will need a simple html page
>>>>> with a username and password field that post on
>>>>> https://portal.fispy.mx:8443/login <https://portal.fispy.mx:8443/login>
>>>>> then configure packetfence to authenticate the username and password from
>>>>> radius.
>>>>>
>>>>> The other way who looks really better is to use that:
>>>>> (https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_2
>>>>>
>>>>> <https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_2>)
>>>>>
>>>>> <download.png>
>>>>>
>>>>> As i said , it´s exactly how it works with the cisco wlc and it will
>>>>> support all authentication mechanisms available on the portal.
>>>>>
>>>>> Regards
>>>>> Fabrice
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Le lun. 7 févr. 2022 à 20:25, Jorge Nolla <jno...@gmail.com
>>>>> <mailto:jno...@gmail.com>> a écrit :
>>>>>
>>>>> Radius request from the AC once it receives the correct values. This is
>>>>> sent back to Radius which in this case is PF
>>>>>
>>>>> User-Name = “5blz” <<< VALUE NEEDED IN URL as username
>>>>> User-Password = "******” <<< VALUE NEEDED IN URL as password
>>>>> NAS-IP-Address = 10.7.255.2
>>>>> NAS-Port = 900
>>>>> Service-Type = Framed-User
>>>>> Framed-Protocol = PPP
>>>>> Framed-IP-Address = 10.9.91.31
>>>>> Called-Station-Id = "c0:f6:c2:a5:c4:d0:FISPY-WiFi"
>>>>> Calling-Station-Id = "f0:2f:4b:14:67:d9"
>>>>> NAS-Identifier = "AirEngine9700-M1"
>>>>> NAS-Port-Type = Wireless-802.11
>>>>> Acct-Session-Id = "AirEngi00000000000900d5d66c0600187"
>>>>> Event-Timestamp = "Feb 7 2022 18:05:13 MST"
>>>>> NAS-Port-Id = "slot=0;subslot=0;port=0;vlanid=900"
>>>>> Huawei-Loopback-Address = "C0F6-C2A5-C4D0"
>>>>> Huawei-User-Mac = "\000\000\000\003"
>>>>> Stripped-User-Name = "5blz"
>>>>> Realm = "null"
>>>>> FreeRADIUS-Client-IP-Address = 10.7.255.2
>>>>> Called-Station-SSID = "FISPY-WiFi"
>>>>> PacketFence-KeyBalanced = "aa86741e358fa86079a91aaf4dc581f9"
>>>>> PacketFence-Radius-Ip = "10.0.255.99"
>>>>> SQL-User-Name = "5blz"
>>>>>
>>>>>> On Feb 7, 2022, at 3:58 PM, Jorge Nolla <jno...@gmail.com
>>>>>> <mailto:jno...@gmail.com>> wrote:
>>>>>>
>>>>>> Hi Fabrice,
>>>>>>
>>>>>> I did hardcode as follow:
>>>>>>
>>>>>> <form name="weblogin_form" data-autosubmit="1000" method="GET"
>>>>>> action="https://portal.fispy.mx:8443/login?username=bob&password=bob
>>>>>> <https://portal.fispy.mx:8443/login?username=bob&password=bob>"
>>>>>> style="display:none">
>>>>>>
>>>>>> But the redirect which the client is getting, is only this part, not
>>>>>> sure why:
>>>>>>
>>>>>> https://portal.fispy.mx:8443/login? <https://portal.fispy.mx:8443/login?>
>>>>>>
>>>>>>
>>>>>> Here is the flow of the External Portal Authentication as per Huawei.
>>>>>> Portal Server - Notify the STA of the login URL
>>>>>> STA - Send the username and password in HTTP GET POST. When this is
>>>>>> configured to use ISE as per the guide, the ISE server sends the
>>>>>> redirect to the STA as per the format.
>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>
>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>
>>>>>>
>>>>>> <PastedGraphic-1.tiff>
>>>>>>
>>>>>>> On Feb 7, 2022, at 2:51 PM, Fabrice Durand <oeufd...@gmail.com
>>>>>>> <mailto:oeufd...@gmail.com>> wrote:
>>>>>>>
>>>>>>> Did you try to hardcode that in the code and see if it works ?
>>>>>>>
>>>>>>> Also i don´t understand the goal of passing the username and password ,
>>>>>>> is there any extra check after that ? What happen if the user register
>>>>>>> by sms/email ?
>>>>>>>
>>>>>>> And i just found that:
>>>>>>> https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_1
>>>>>>>
>>>>>>> <https://support.huawei.com/enterprise/en/doc/EDOC1100008282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_1>
>>>>>>> Is it something that can be configured on the Hawei ? If yes then it
>>>>>>> will mimic the way the Cisco WLC works.
>>>>>>>
>>>>>>> Regards
>>>>>>> Fabrice
>>>>>>>
>>>>>>>
>>>>>>> Le lun. 7 févr. 2022 à 16:01, Jorge Nolla <jno...@gmail.com
>>>>>>> <mailto:jno...@gmail.com>> a écrit :
>>>>>>> Hi Fabrice,
>>>>>>>
>>>>>>> This line needs to be HTTPS for it to work
>>>>>>> <form name="weblogin_form" data-autosubmit="1000" method="GET"
>>>>>>> action="http://$controller_ip:8443/login?username=bob&password=bob
>>>>>>> <http://$controller_ip:8443/login?username=bob&password=bob>"
>>>>>>> style="display:none”>
>>>>>>>
>>>>>>> This needs to be the username and password which is being entered by
>>>>>>> the user in the PF portal, which is the Radius username and password
>>>>>>> username=bob&password=bob
>>>>>>>
>>>>>>>
>>>>>>>> On Feb 7, 2022, at 12:03 PM, Fabrice Durand <oeufd...@gmail.com
>>>>>>>> <mailto:oeufd...@gmail.com>> wrote:
>>>>>>>>
>>>>>>>> I just pushed a fix.
>>>>>>>>
>>>>>>>> cd /usr/local/pf
>>>>>>>> curl
>>>>>>>> https://github.com/inverse-inc/packetfence/commit/7628afddf46e0226667560dc33df192f9c4cf420.diff
>>>>>>>>
>>>>>>>> <https://github.com/inverse-inc/packetfence/commit/7628afddf46e0226667560dc33df192f9c4cf420.diff>
>>>>>>>> | patch -p1
>>>>>>>> and restart
>>>>>>>>
>>>>>>>> Le lun. 7 févr. 2022 à 13:46, Jorge Nolla <jno...@gmail.com
>>>>>>>> <mailto:jno...@gmail.com>> a écrit :
>>>>>>>> Here are the log outputs for /usr/local/pf/logs/packetfence.log
>>>>>>>>
>>>>>>>>
>>>>>>>> Feb 7 11:03:04 wifi packetfence_httpd.portal[61371]:
>>>>>>>> httpd.portal(61371) INFO: [mac:[undef]] URI '/Huawei' is detected as
>>>>>>>> an external captive portal URI (pf::web::externalportal::handle)
>>>>>>>> Feb 7 11:03:04 wifi packetfence_httpd.portal[61371]:
>>>>>>>> httpd.portal(61371) ERROR: [mac:[undef]] Cannot load perl module for
>>>>>>>> switch type 'pf::Switch::Huawei'. Either switch type is unknown or
>>>>>>>> switch type perl module have compilation errors. See the following
>>>>>>>> message for details: (pf::web::externalportal::handle)
>>>>>>>> Feb 7 11:03:06 wifi packetfence_httpd.portal[61370]:
>>>>>>>> httpd.portal(61370) INFO: [mac:[undef]] URI '/Huawei' is detected as
>>>>>>>> an external captive portal URI (pf::web::externalportal::handle)
>>>>>>>> Feb 7 11:03:06 wifi packetfence_httpd.portal[61370]:
>>>>>>>> httpd.portal(61370) ERROR: [mac:[undef]] Cannot load perl module for
>>>>>>>> switch type 'pf::Switch::Huawei'. Either switch type is unknown or
>>>>>>>> switch type perl module have compilation errors. See the following
>>>>>>>> message for details: (pf::web::externalportal::handle)
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Feb 7, 2022, at 10:50 AM, Jorge Nolla <jno...@gmail.com
>>>>>>>>> <mailto:jno...@gmail.com>> wrote:
>>>>>>>>>
>>>>>>>>> Here is the output for HAProxy
>>>>>>>>>
>>>>>>>>> Feb 7 10:48:54 wifi haproxy[2285]: 10.9.215.39:63814
>>>>>>>>> <http://10.9.215.39:63814/> [07/Feb/2022:10:48:54.074]
>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1
>>>>>>>>> <http://127.0.0.1/> 0/0/0/13/13 501 413 - - ---- 2/1/0/0/0 0/0
>>>>>>>>> {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET
>>>>>>>>> /Huawei?ac-ip=10.7.255.2&userip=10.9.215.39&ssid=FISPY-WiFi&ap-mac=f02f4b1467d9
>>>>>>>>> HTTP/1.1”
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> On Feb 7, 2022, at 10:06 AM, Jorge Nolla <jno...@gmail.com
>>>>>>>>>> <mailto:jno...@gmail.com>> wrote:
>>>>>>>>>>
>>>>>>>>>> Hi Fabrice,
>>>>>>>>>>
>>>>>>>>>> From the Pf portal after the patch is applied.
>>>>>>>>>>
>>>>>>>>>> type: 'Huawei' is not a valid value The chosen type (Huawei) is not
>>>>>>>>>> supported.
>>>>>>>>>>
>>>>>>>>>>> On Feb 6, 2022, at 6:49 PM, Jorge Nolla <jno...@gmail.com
>>>>>>>>>>> <mailto:jno...@gmail.com>> wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> This is the only option on the config.
>>>>>>>>>>>
>>>>>>>>>>> <Screen Shot 2022-02-06 at 6.48.16 PM.png>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> On Feb 6, 2022, at 6:41 PM, Jorge Nolla <jno...@gmail.com
>>>>>>>>>>>> <mailto:jno...@gmail.com>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> Hi Fabrice,
>>>>>>>>>>>>
>>>>>>>>>>>> Getting an error page from PF
>>>>>>>>>>>>
>>>>>>>>>>>> Not Implemented
>>>>>>>>>>>> GET no supported for current URL.
>>>>>>>>>>>>
>>>>>>>>>>>> How is the switch supposed to be defined in PF?
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> On Feb 6, 2022, at 5:55 PM, Fabrice Durand <oeufd...@gmail.com
>>>>>>>>>>>>> <mailto:oeufd...@gmail.com>> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> I am just not sure what to set for username and password, if you
>>>>>>>>>>>>> do sms auth then there is no password.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Also in the url it looks that it miss the mac address of the
>>>>>>>>>>>>> device , can you try to add device-mac and see if the device mac
>>>>>>>>>>>>> is in the url ?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Here the first draft:
>>>>>>>>>>>>>
>>>>>>>>>>>>> https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff
>>>>>>>>>>>>>
>>>>>>>>>>>>> <https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff>
>>>>>>>>>>>>>
>>>>>>>>>>>>> cd /usr/local/pf/
>>>>>>>>>>>>> curl
>>>>>>>>>>>>> https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff
>>>>>>>>>>>>>
>>>>>>>>>>>>> <https://github.com/inverse-inc/packetfence/compare/feature/Huawei_web_auth.diff>
>>>>>>>>>>>>> | patch -p1
>>>>>>>>>>>>>
>>>>>>>>>>>>> then restart packetfence.
>>>>>>>>>>>>>
>>>>>>>>>>>>> On the controller:
>>>>>>>>>>>>>
>>>>>>>>>>>>> url-template name PacketFence
>>>>>>>>>>>>> url https://wifi.fispy.mx/
>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>Hawei
>>>>>>>>>>>>> url-parameter device-ip device-mac ac-ip user-ipaddress userip
>>>>>>>>>>>>> ssid ssid user-mac ap-mac
>>>>>>>>>>>>>
>>>>>>>>>>>>> So when the device will be forwarded to the portal it should be
>>>>>>>>>>>>> able to recognise the mac address and the ip of the device (in
>>>>>>>>>>>>> the bottom).
>>>>>>>>>>>>>
>>>>>>>>>>>>> Register on the portal and you should be forwarded to
>>>>>>>>>>>>> http://$controller_ip:8443/login?username=bob&password=bob
>>>>>>>>>>>>> <http://$controller_ip:8443/login?username=bob&password=bob>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Let me know how it behave.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards
>>>>>>>>>>>>> Fabrice
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Le dim. 6 févr. 2022 à 18:58, Jorge Nolla <jno...@gmail.com
>>>>>>>>>>>>> <mailto:jno...@gmail.com>> a écrit :
>>>>>>>>>>>>> Hi Fabrice
>>>>>>>>>>>>>
>>>>>>>>>>>>> This is the GET the AC is expecting:
>>>>>>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>>>>>>>
>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>>>>>>>
>>>>>>>>>>>>> If successful it will return as per image below. If it fails the
>>>>>>>>>>>>> AC will redirect back to the Portal
>>>>>>>>>>>>>
>>>>>>>>>>>>> <WebAuthentication.png>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Here is the configuration:
>>>>>>>>>>>>>
>>>>>>>>>>>>> url-template name PacketFence
>>>>>>>>>>>>> url https://wifi.fispy.mx/captive-portal
>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>
>>>>>>>>>>>>> url-parameter login-url destination_url
>>>>>>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>>>>>>>
>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> HA Proxy output
>>>>>>>>>>>>>
>>>>>>>>>>>>> Feb 6 16:44:26 wifi haproxy[2427]: 10.9.70.173:52266
>>>>>>>>>>>>> <http://10.9.70.173:52266/> [06/Feb/2022:16:44:26.153]
>>>>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1
>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/202/202 200 9003 - - ---- 2/1/0/0/0 0/0
>>>>>>>>>>>>> {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET
>>>>>>>>>>>>> /captive-portal?destination_url=https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>>>>>>>
>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>>>>>>> HTTP/1.1"
>>>>>>>>>>>>>
>>>>>>>>>>>>> Only problem is that PacketFence is not updating the dynamic
>>>>>>>>>>>>> values with username and password for it to work
>>>>>>>>>>>>>
>>>>>>>>>>>>> AC = Access Controller. This manages the APs’ as they are
>>>>>>>>>>>>> operating in Fit/Lightweight mode.
>>>>>>>>>>>>> AP = Access Points. These are the actual radios.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Best Regards,
>>>>>>>>>>>>> Jorge
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Feb 6, 2022, at 4:40 PM, Fabrice Durand <oeufd...@gmail.com
>>>>>>>>>>>>>> <mailto:oeufd...@gmail.com>> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hello Jorge,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> i have what i need at least to be able to support the web-auth.
>>>>>>>>>>>>>> The only thing i am not sure is at the end of the registration
>>>>>>>>>>>>>> process what we are supposed to do.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I will create a branch on github in order for you to test. (it
>>>>>>>>>>>>>> will be an update of the Huawei switch module).
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> For information, what is the ac-ip ac-mac versus ap-ip ap-mac ?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>> Fabrice
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Le dim. 6 févr. 2022 à 18:30, Jorge Nolla <jno...@gmail.com
>>>>>>>>>>>>>> <mailto:jno...@gmail.com>> a écrit :
>>>>>>>>>>>>>> If I try to manually send the redirect in the browser here is
>>>>>>>>>>>>>> what HA proxy records. This is a simple copy and paste in the
>>>>>>>>>>>>>> browser and the output:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> https://wifi.fispy.mx/captive-portal
>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>?destination_url=https://portal.fispy.mx:8443/login?username=539z&password=0uf3
>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=539z&password=0uf3>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 4875 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx
>>>>>>>>>>>>>> <http://wifi.fispy.mx/>} "GET
>>>>>>>>>>>>>> /captive-portal?destination_url=https://portal.fispy.mx:8443/login?username=539z&password=0uf3
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=539z&password=0uf3>
>>>>>>>>>>>>>> HTTP/1.1"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> It doesn’t let it go through as it seems that is trying to
>>>>>>>>>>>>>> validate network connectivity
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Feb 6, 2022, at 4:07 PM, Jorge Nolla <jno...@gmail.com
>>>>>>>>>>>>>>> <mailto:jno...@gmail.com>> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Seems weird how the format of the URL is recorded/sent
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Here is a normal redirect, the url is formatted correctly,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Feb 6 16:03:41 wifi haproxy[2427]: 10.99.1.20:63577
>>>>>>>>>>>>>>> <http://10.99.1.20:63577/> [06/Feb/2022:16:03:41.232]
>>>>>>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1
>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/1/233/234 200 4910 - - ---- 2/1/0/0/0
>>>>>>>>>>>>>>> 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET
>>>>>>>>>>>>>>> /captive-portal?destination_url=https://www.fispy.mx/
>>>>>>>>>>>>>>> <https://www.fispy.mx/> HTTP/1.1"
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I’m not sure why the value sent by the AP has all the % and
>>>>>>>>>>>>>>> weird symbols
>>>>>>>>>>>>>>> destination%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal?switch_url=https://portal.fispy.mx:8443/login>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Feb 6, 2022, at 4:00 PM, Jorge Nolla <jno...@gmail.com
>>>>>>>>>>>>>>>> <mailto:jno...@gmail.com>> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hi Fabrice,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Here are the options that can be added:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> [AirEngine9700-M1-url-template-PacketFence]url-parameter ?
>>>>>>>>>>>>>>>> ap-group-name AP group name
>>>>>>>>>>>>>>>> ap-ip AP IP address
>>>>>>>>>>>>>>>> ap-location AP location
>>>>>>>>>>>>>>>> ap-mac AP MAC address
>>>>>>>>>>>>>>>> ap-name AP name
>>>>>>>>>>>>>>>> device-ip Device IP address
>>>>>>>>>>>>>>>> device-mac Device MAC address
>>>>>>>>>>>>>>>> login-url Device's login URL provided to the external
>>>>>>>>>>>>>>>> portal server
>>>>>>>>>>>>>>>> mac-address Mac address
>>>>>>>>>>>>>>>> redirect-url The url in user original http packet
>>>>>>>>>>>>>>>> set Set
>>>>>>>>>>>>>>>> ssid SSID
>>>>>>>>>>>>>>>> sysname Device name
>>>>>>>>>>>>>>>> user-ipaddress User IP address
>>>>>>>>>>>>>>>> user-mac User MAC address
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> url-template name PacketFence
>>>>>>>>>>>>>>>> url https://wifi.fispy.mx/captive-portal
>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>
>>>>>>>>>>>>>>>> url-parameter device-ip ac-ip user-ipaddress userip ssid ssid
>>>>>>>>>>>>>>>> user-mac ap-mac
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> 200 9003 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx
>>>>>>>>>>>>>>>> <http://wifi.fispy.mx/>} "GET
>>>>>>>>>>>>>>>> /captive-portal?ac%2Dip=10%2E7%2E255%2E2&userip=10%2E9%2E70%2E173&ssid=FISPY%2DWiFi&ap%2Dmac=f02f4b1467d9
>>>>>>>>>>>>>>>> HTTP/1.1"
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> If we do not specify the URL on this configuration, where
>>>>>>>>>>>>>>>> would PacketFence get the value for the AC Web Authentication
>>>>>>>>>>>>>>>> call?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Best Regards,
>>>>>>>>>>>>>>>> Jorge
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> On Feb 5, 2022, at 8:23 PM, Fabrice Durand
>>>>>>>>>>>>>>>>> <oeufd...@gmail.com <mailto:oeufd...@gmail.com>> wrote:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hello Jorge,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> what we need is the user mac and the ap information.
>>>>>>>>>>>>>>>>> I found that
>>>>>>>>>>>>>>>>> https://support.huawei.com/enterprise/en/doc/EDOC1100008283/659354b1/display-url-template
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> <https://support.huawei.com/enterprise/en/doc/EDOC1100008283/659354b1/display-url-template>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Is it possible to add extra parameters like user-mac ssid
>>>>>>>>>>>>>>>>> ap-ip ap-mac ?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> And if yes can you provide me the url generated by the
>>>>>>>>>>>>>>>>> controller when it redirect ? (haproxy-portal log)
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>>>>> Fabrice
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Le sam. 5 févr. 2022 à 20:42, Jorge Nolla <jno...@gmail.com
>>>>>>>>>>>>>>>>> <mailto:jno...@gmail.com>> a écrit :
>>>>>>>>>>>>>>>>> Hi Team,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Any input on this? We really would like to get this to work.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Thank you!
>>>>>>>>>>>>>>>>> Jorge
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> On Feb 2, 2022, at 7:48 PM, Jorge Nolla <jno...@gmail.com
>>>>>>>>>>>>>>>>>> <mailto:jno...@gmail.com>> wrote:
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Hi Fabrice,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> This is the sequence:
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Feb 2 14:51:32 wifi haproxy[2427]: 10.9.79.52:61132
>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61132/> [02/Feb/2022:14:51:32.663]
>>>>>>>>>>>>>>>>>> portal-http-10.0.255.99 10.0.255.99-backend/127.0.0.1
>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/201/201 200 7146 - - ----
>>>>>>>>>>>>>>>>>> 3/1/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET
>>>>>>>>>>>>>>>>>> /access?lang= HTTP/1.1"
>>>>>>>>>>>>>>>>>> Feb 2 14:51:37 wifi haproxy[2427]: 10.9.79.52:61133
>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61133/> [02/Feb/2022:14:51:37.905]
>>>>>>>>>>>>>>>>>> portal-http-10.0.255.99 static/127.0.0.1 <http://127.0.0.1/>
>>>>>>>>>>>>>>>>>> 0/0/0/2/2 200 228 - - ---- 4/2/0/0/0 0/0 {10.0.255.99} "GET
>>>>>>>>>>>>>>>>>> /common/network-access-detection.gif?r=1643838705224
>>>>>>>>>>>>>>>>>> HTTP/1.1"
>>>>>>>>>>>>>>>>>> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61130
>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61130/> [02/Feb/2022:14:51:43.927]
>>>>>>>>>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1
>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/122/122 302 1018 - - ----
>>>>>>>>>>>>>>>>>> 4/1/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET
>>>>>>>>>>>>>>>>>> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>>>>>>>>>>>>>>>> HTTP/1.1"
>>>>>>>>>>>>>>>>>> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61132
>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61132/> [02/Feb/2022:14:51:44.060]
>>>>>>>>>>>>>>>>>> portal-http-10.0.255.99 10.0.255.99-backend/127.0.0.1
>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/129/129 200 7146 - - ----
>>>>>>>>>>>>>>>>>> 4/2/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET
>>>>>>>>>>>>>>>>>> /access?lang= HTTP/1.1"
>>>>>>>>>>>>>>>>>> Feb 2 14:51:49 wifi haproxy[2427]: 10.9.79.52:61133
>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61133/> [02/Feb/2022:14:51:49.219]
>>>>>>>>>>>>>>>>>> portal-http-10.0.255.99 static/127.0.0.1 <http://127.0.0.1/>
>>>>>>>>>>>>>>>>>> 0/0/0/1/1 200 228 - - ---- 4/2/0/0/0 0/0 {10.0.255.99} "GET
>>>>>>>>>>>>>>>>>> /common/network-access-detection.gif?r=1643838716546
>>>>>>>>>>>>>>>>>> HTTP/1.1"
>>>>>>>>>>>>>>>>>> Feb 2 14:51:55 wifi haproxy[2427]: 10.9.79.52:61130
>>>>>>>>>>>>>>>>>> <http://10.9.79.52:61130/> [02/Feb/2022:14:51:55.287]
>>>>>>>>>>>>>>>>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1
>>>>>>>>>>>>>>>>>> <http://127.0.0.1/> 0/0/0/136/136 302 1018 - - ----
>>>>>>>>>>>>>>>>>> 4/1/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET
>>>>>>>>>>>>>>>>>> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>>>>>>>>>>>>>>>> HTTP/1.1”
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> On Feb 2, 2022, at 7:12 PM, Fabrice Durand
>>>>>>>>>>>>>>>>>>> <oeufd...@gmail.com <mailto:oeufd...@gmail.com>> wrote:
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Hello Jorge,
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> i will have a look closer.
>>>>>>>>>>>>>>>>>>> But i have a question, when the device is forwarded to the
>>>>>>>>>>>>>>>>>>> captive portal, (just before
>>>>>>>>>>>>>>>>>>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal?switch_url=https://portal.fispy.mx:8443/login>)
>>>>>>>>>>>>>>>>>>> , what is the url ?
>>>>>>>>>>>>>>>>>>> You should be able to see it in the haproxy-portal.log file.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>>>>>>> Fabrice
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Le mer. 2 févr. 2022 à 10:18, Jorge Nolla <jno...@gmail.com
>>>>>>>>>>>>>>>>>>> <mailto:jno...@gmail.com>> a écrit :
>>>>>>>>>>>>>>>>>>> Hi Fabrice,
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> We almost have the configuration working, but are not sure
>>>>>>>>>>>>>>>>>>> how to get the redirect to the client to work correctly.
>>>>>>>>>>>>>>>>>>> Attached is the documentation for Cisco ISE which we used
>>>>>>>>>>>>>>>>>>> for PacketFence as well.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Portal.fispy.mx <http://portal.fispy.mx/> is the Huawei AC.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> This is the format the client should get from PacketFence.
>>>>>>>>>>>>>>>>>>> This is the only piece we are missing for this to work.
>>>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password)
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> If we manually click on the link above, then the flow of
>>>>>>>>>>>>>>>>>>> traffic works correctly CLIENT > AC > RADIUS (PacketFence),
>>>>>>>>>>>>>>>>>>> and authentication works. The problem is that when the user
>>>>>>>>>>>>>>>>>>> logs in to the portal the redirect is broken. The parameter
>>>>>>>>>>>>>>>>>>> for the redirect that PacketFence is serving, comes from a
>>>>>>>>>>>>>>>>>>> configuration parameter within the AC. This configuration
>>>>>>>>>>>>>>>>>>> works fine for Cisco ISE, but the URL format is not working
>>>>>>>>>>>>>>>>>>> for PacketFence.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> When we configure the redirect this is what the client is
>>>>>>>>>>>>>>>>>>> getting from PacketFence
>>>>>>>>>>>>>>>>>>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> url-template name PacketFence
>>>>>>>>>>>>>>>>>>> url https://wifi.fispy.mx/captive-portal
>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>
>>>>>>>>>>>>>>>>>>> url-parameter login-url switch_url
>>>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login
>>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login> <<< THIS IS THE
>>>>>>>>>>>>>>>>>>> PARAMETER FOR THE REDIRECT TO PACKETFENCE
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> AC CONFIG
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> authentication-profile name PacketFence
>>>>>>>>>>>>>>>>>>> portal-access-profile PacketFence
>>>>>>>>>>>>>>>>>>> free-rule-template default_free_rule
>>>>>>>>>>>>>>>>>>> authentication-scheme PacketFence
>>>>>>>>>>>>>>>>>>> accounting-scheme PacketFence
>>>>>>>>>>>>>>>>>>> radius-server PacketFence
>>>>>>>>>>>>>>>>>>> force-push url https://www.fispy.mx <https://www.fispy.mx/>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> radius-server template PacketFence
>>>>>>>>>>>>>>>>>>> radius-server shared-key cipher
>>>>>>>>>>>>>>>>>>> %^%#*)l=:1.X-Yd$\<~orEF@]<}NMejv3)E^\6;7:NUY%^%#
>>>>>>>>>>>>>>>>>>> radius-server authentication 10.0.255.99 1812 source
>>>>>>>>>>>>>>>>>>> ip-address 10.7.255.2 weight 90
>>>>>>>>>>>>>>>>>>> radius-server accounting 10.0.255.99 1813 source
>>>>>>>>>>>>>>>>>>> ip-address 10.7.255.2 weight 80
>>>>>>>>>>>>>>>>>>> undo radius-server user-name domain-included
>>>>>>>>>>>>>>>>>>> calling-station-id mac-format unformatted
>>>>>>>>>>>>>>>>>>> called-station-id wlan-user-format ac-mac
>>>>>>>>>>>>>>>>>>> radius-server attribute translate
>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-NAS-Startup-Time-Stamp send
>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-IP-Host-Address send
>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-Connect-ID send
>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-Version send
>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-Product-ID send
>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-Domain-Name send
>>>>>>>>>>>>>>>>>>> radius-attribute disable HW-User-Extend-Info send
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> url-template name PacketFence
>>>>>>>>>>>>>>>>>>> url https://wifi.fispy.mx/captive-portal
>>>>>>>>>>>>>>>>>>> <https://wifi.fispy.mx/captive-portal>
>>>>>>>>>>>>>>>>>>> url-parameter login-url switch_url
>>>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login
>>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login> <<< THIS IS THE
>>>>>>>>>>>>>>>>>>> PARAMETER FOR THE REDIRECT TO PACKETFENCE
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> web-auth-server PacketFence
>>>>>>>>>>>>>>>>>>> server-ip 10.0.255.99
>>>>>>>>>>>>>>>>>>> port 443
>>>>>>>>>>>>>>>>>>> url-template PacketFence
>>>>>>>>>>>>>>>>>>> protocol http
>>>>>>>>>>>>>>>>>>> http get-method enable
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> portal-access-profile name PacketFence
>>>>>>>>>>>>>>>>>>> web-auth-server PacketFence direct
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> authentication-scheme PacketFence
>>>>>>>>>>>>>>>>>>> authentication-mode radius
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> wlan
>>>>>>>>>>>>>>>>>>> security-profile name FISPY-WiFi
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> vap-profile name FISPY-WiFi
>>>>>>>>>>>>>>>>>>> service-vlan vlan-id 900
>>>>>>>>>>>>>>>>>>> permit-vlan vlan-id 900
>>>>>>>>>>>>>>>>>>> ssid-profile FISPY-WiFi
>>>>>>>>>>>>>>>>>>> security-profile FISPY-WiFi
>>>>>>>>>>>>>>>>>>> authentication-profile PacketFence
>>>>>>>>>>>>>>>>>>> sta-network-detect disable
>>>>>>>>>>>>>>>>>>> service-experience-analysis enable
>>>>>>>>>>>>>>>>>>> mdns-snooping enable
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> ###CISCO ISE CONFIG TO COMPARE###
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> url-template name CISCO-ISE
>>>>>>>>>>>>>>>>>>> url
>>>>>>>>>>>>>>>>>>> https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> <https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02>
>>>>>>>>>>>>>>>>>>> parameter start-mark #
>>>>>>>>>>>>>>>>>>> url-parameter login-url switch_url
>>>>>>>>>>>>>>>>>>> https://portal.fispy.mx:8443/login
>>>>>>>>>>>>>>>>>>> <https://portal.fispy.mx:8443/login>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> ####################################
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> On Feb 2, 2022, at 6:17 AM, Fabrice Durand
>>>>>>>>>>>>>>>>>>>> <oeufd...@gmail.com <mailto:oeufd...@gmail.com>> wrote:
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Hello Jorge,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> do you have any Huawei documentation to implement that ?
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>>>>>>>> Fabrice
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Le mer. 26 janv. 2022 à 15:59, Jorge Nolla via
>>>>>>>>>>>>>>>>>>>> PacketFence-users <packetfence-users@lists.sourceforge.net
>>>>>>>>>>>>>>>>>>>> <mailto:packetfence-users@lists.sourceforge.net>> a écrit :
>>>>>>>>>>>>>>>>>>>> Hi Team,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> We were wondering if anyone has had any success in
>>>>>>>>>>>>>>>>>>>> configuring Web Auth for the Huawei AC? It’s somewhat
>>>>>>>>>>>>>>>>>>>> critical for us to get this going.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Thank you!
>>>>>>>>>>>>>>>>>>>> Jorge
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>>>>>>> PacketFence-users mailing list
>>>>>>>>>>>>>>>>>>>> PacketFence-users@lists.sourceforge.net
>>>>>>>>>>>>>>>>>>>> <mailto:PacketFence-users@lists.sourceforge.net>
>>>>>>>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
