Re: [PacketFence-users] Huawei AC6005 Wireless Controller doesn’t support Web Auth. #4790

2022-02-08 Thread Fabrice Durand via PacketFence-users 
Yes, that's it.

Le mar. 8 févr. 2022 à 11:23, Jorge Nolla  a écrit :

> Fabrice,
>
> The document you had provided didn’t layout the configuration steps. I
> think this might be the correct document for the configuration you are
> referring. If you have a chance take a look and let me know.
>
> https://support.huawei.com/enterprise/mx/knowledge/EKB1100055064
>
>
>
> On Feb 8, 2022, at 9:14 AM, Fabrice Durand  wrote:
>
> You can try that instead:
>
> my $html_form = qq[
>  action="http://$controller_ip:8443/login;>
> 
> 
> 
>  type="text/javascript">
> ];
>
> It will pass the mac address of the device in the radius request as
> username and password instead of the real username and password who has
> been authenticated previously on the portal.
> Then you just need to configure the registration role in the switch
> configuration to be -1 (packetfence side) and if the device is unreg then
> the request will be rejected.
>
>
> Le mar. 8 févr. 2022 à 11:04, Jorge Nolla  a écrit :
>
>> Hi Fabrice,
>>
>> Let me check what the difference is in configuration on the AC side, I’ll
>> report within the hour. Any clues as to why the parameters are not being
>> passed?
>>
>>
>> On Feb 8, 2022, at 8:55 AM, Fabrice Durand  wrote:
>>
>> Hello Jorge,
>>
>> i really think that it´s not the correct way to support the web auth in
>> Huawei.
>> The only thing you can do with the portal is to authenticate with a
>> username and password, there is no way to do anything else
>> (sms/email/sponsor/).
>>
>> Also when you authenticate on the portal , the portal validate your
>> username and password and with the workflow you have it will authenticate
>> twice (portal and radius) and it doesn´t make sense.
>>
>> So if you want to keep this way then you will need a simple html page
>> with a username and password field that post on
>> https://portal.fispy.mx:8443/login then configure packetfence to
>> authenticate the username and password from radius.
>>
>> The other way who looks really better is to use that: (
>> https://support.huawei.com/enterprise/en/doc/EDOC118282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_2
>> )
>>
>> 
>>
>> As i said , it´s exactly how it works with the cisco wlc and it will
>> support all authentication mechanisms available on the portal.
>>
>> Regards
>> Fabrice
>>
>>
>>
>>
>> Le lun. 7 févr. 2022 à 20:25, Jorge Nolla  a écrit :
>>
>>>
>>> Radius request from the AC once it receives the correct values. This is
>>> sent back to Radius which in this case is PF
>>>
>>> User-Name = “5blz” *<<< VALUE NEEDED IN URL as username* User-Password
>>> = "**” *<<< VALUE NEEDED IN URL as password* NAS-IP-Address =
>>> 10.7.255.2 NAS-Port = 900 Service-Type = Framed-User Framed-Protocol = PPP
>>> Framed-IP-Address = 10.9.91.31 Called-Station-Id =
>>> "c0:f6:c2:a5:c4:d0:FISPY-WiFi" Calling-Station-Id = "f0:2f:4b:14:67:d9"
>>> NAS-Identifier = "AirEngine9700-M1" NAS-Port-Type = Wireless-802.11
>>> Acct-Session-Id = "AirEngi000900d5d66c0600187" Event-Timestamp =
>>> "Feb 7 2022 18:05:13 MST" NAS-Port-Id =
>>> "slot=0;subslot=0;port=0;vlanid=900" Huawei-Loopback-Address =
>>> "C0F6-C2A5-C4D0" Huawei-User-Mac = "\000\000\000\003" Stripped-User-Name =
>>> "5blz" Realm = "null" FreeRADIUS-Client-IP-Address = 10.7.255.2
>>> Called-Station-SSID = "FISPY-WiFi" PacketFence-KeyBalanced =
>>> "aa86741e358fa86079a91aaf4dc581f9" PacketFence-Radius-Ip = "10.0.255.99"
>>> SQL-User-Name = "5blz"
>>>
>>> On Feb 7, 2022, at 3:58 PM, Jorge Nolla  wrote:
>>>
>>> Hi Fabrice,
>>>
>>> I did hardcode as follow:
>>>
>>> https://portal.fispy.mx:8443/login?username=bob=bob;
>>> style="display:none">
>>>
>>> But the redirect which the client is getting, is only this part, not
>>> sure why:
>>>
>>> https://portal.fispy.mx:8443/login?
>>>
>>>
>>> Here is the flow of the External Portal Authentication as per Huawei.
>>> Portal Server - Notify the STA of the login URL
>>> STA - Send the username and password in HTTP GET POST. When this is
>>> configured to use ISE as per the guide, the ISE server sends the redirect
>>> to the STA as per the format.
>>> https://portal.fispy.mx:8443/login?username=($username)=($password)
>>>
>>>
>>> 
>>>
>>> On Feb 7, 2022, at 2:51 PM, Fabrice Durand  wrote:
>>>
>>> Did you try to hardcode that in the code and see if it works ?
>>>
>>> Also i don´t understand the goal of passing the username and password ,
>>> is there any extra check after that ? What happen if the user register by
>>> sms/email ?
>>>
>>> And i just found that:
>>>
>>> https://support.huawei.com/enterprise/en/doc/EDOC118282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_1
>>> Is it something that can be configured on the Hawei ? If yes then it
>>> will mimic the way the Cisco WLC works.
>>>
>>> Regards
>>> Fabrice
>>>
>>>
>>> Le lun. 7 févr. 2022 à 16:01, Jorge Nolla  a écrit :
>>>
 Hi Fabrice,

 This line needs to be HTTPS for it to work

Re: [PacketFence-users] Huawei AC6005 Wireless Controller doesn’t support Web Auth. #4790

2022-02-08 Thread Jorge Nolla via PacketFence-users 
Fabrice,

The document you had provided didn’t layout the configuration steps. I think 
this might be the correct document for the configuration you are referring. If 
you have a chance take a look and let me know.

https://support.huawei.com/enterprise/mx/knowledge/EKB1100055064



> On Feb 8, 2022, at 9:14 AM, Fabrice Durand  wrote:
> 
> You can try that instead:
> 
> my $html_form = qq[
>  action="http://$controller_ip:8443/login;>
> 
> 
> 
> 
> ];
> 
> It will pass the mac address of the device in the radius request as username 
> and password instead of the real username and password who has been 
> authenticated previously on the portal.
> Then you just need to configure the registration role in the switch 
> configuration to be -1 (packetfence side) and if the device is unreg then the 
> request will be rejected.
> 
> 
> Le mar. 8 févr. 2022 à 11:04, Jorge Nolla  > a écrit :
> Hi Fabrice,
> 
> Let me check what the difference is in configuration on the AC side, I’ll 
> report within the hour. Any clues as to why the parameters are not being 
> passed?
> 
> 
>> On Feb 8, 2022, at 8:55 AM, Fabrice Durand > > wrote:
>> 
>> Hello Jorge,
>> 
>> i really think that it´s not the correct way to support the web auth in 
>> Huawei.
>> The only thing you can do with the portal is to authenticate with a username 
>> and password, there is no way to do anything else (sms/email/sponsor/).
>> 
>> Also when you authenticate on the portal , the portal validate your username 
>> and password and with the workflow you have it will authenticate twice 
>> (portal and radius) and it doesn´t make sense.
>> 
>> So if you want to keep this way then you will need a simple html page with a 
>> username and password field that post on https://portal.fispy.mx:8443/login 
>>  then configure packetfence to 
>> authenticate the username and password from radius.
>> 
>> The other way who looks really better is to use that: 
>> (https://support.huawei.com/enterprise/en/doc/EDOC118282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_2
>>  
>> )
>> 
>> 
>>  
>> As i said , it´s exactly how it works with the cisco wlc and it will support 
>> all authentication mechanisms available on the portal.
>> 
>> Regards
>> Fabrice
>> 
>> 
>> 
>> 
>> Le lun. 7 févr. 2022 à 20:25, Jorge Nolla > > a écrit :
>> 
>> Radius request from the AC once it receives the correct values. This is sent 
>> back to Radius which in this case is PF
>> 
>> User-Name = “5blz”  <<< VALUE NEEDED IN URL as username
>> User-Password = "**”   <<< VALUE NEEDED IN URL as password
>> NAS-IP-Address = 10.7.255.2
>> NAS-Port = 900
>> Service-Type = Framed-User
>> Framed-Protocol = PPP
>> Framed-IP-Address = 10.9.91.31
>> Called-Station-Id = "c0:f6:c2:a5:c4:d0:FISPY-WiFi"
>> Calling-Station-Id = "f0:2f:4b:14:67:d9"
>> NAS-Identifier = "AirEngine9700-M1"
>> NAS-Port-Type = Wireless-802.11
>> Acct-Session-Id = "AirEngi000900d5d66c0600187"
>> Event-Timestamp = "Feb  7 2022 18:05:13 MST"
>> NAS-Port-Id = "slot=0;subslot=0;port=0;vlanid=900"
>> Huawei-Loopback-Address = "C0F6-C2A5-C4D0"
>> Huawei-User-Mac = "\000\000\000\003"
>> Stripped-User-Name = "5blz"
>> Realm = "null"
>> FreeRADIUS-Client-IP-Address = 10.7.255.2
>> Called-Station-SSID = "FISPY-WiFi"
>> PacketFence-KeyBalanced = "aa86741e358fa86079a91aaf4dc581f9"
>> PacketFence-Radius-Ip = "10.0.255.99"
>> SQL-User-Name = "5blz"
>> 
>>> On Feb 7, 2022, at 3:58 PM, Jorge Nolla >> > wrote:
>>> 
>>> Hi Fabrice,
>>> 
>>> I did hardcode as follow:
>>> 
>>> >> action="https://portal.fispy.mx:8443/login?username=bob=bob 
>>> " 
>>> style="display:none">
>>> 
>>> But the redirect which the client is getting, is only this part, not sure 
>>> why:
>>> 
>>> https://portal.fispy.mx:8443/login? 
>>> 
>>> 
>>> Here is the flow of the External Portal Authentication as per Huawei. 
>>> Portal Server - Notify the STA of the login URL
>>> STA - Send the username and password in HTTP GET POST. When this is 
>>> configured to use ISE as per the guide, the ISE server sends the redirect 
>>> to the STA as per the format. 
>>> https://portal.fispy.mx:8443/login?username=($username)=($password)
>>>  
>>> 
>>> 
>>> 
>>> 
>>> 
 On Feb 7, 2022, at 2:51 PM, Fabrice Durand >>> > wrote:
 
 Did you try to hardcode that in the code and see if it works ?
 
 Also i don´t understand the goal of passing the username and password , is 
 there any extra check after that ? What happen if the user register by 
 sms/email ?
 
 And

Re: [PacketFence-users] Huawei AC6005 Wireless Controller doesn’t support Web Auth. #4790

2022-02-08 Thread Fabrice Durand via PacketFence-users 
You can try that instead:

my $html_form = qq[
http://$controller_ip:8443/login;>




];

It will pass the mac address of the device in the radius request as
username and password instead of the real username and password who has
been authenticated previously on the portal.
Then you just need to configure the registration role in the switch
configuration to be -1 (packetfence side) and if the device is unreg then
the request will be rejected.


Le mar. 8 févr. 2022 à 11:04, Jorge Nolla  a écrit :

> Hi Fabrice,
>
> Let me check what the difference is in configuration on the AC side, I’ll
> report within the hour. Any clues as to why the parameters are not being
> passed?
>
>
> On Feb 8, 2022, at 8:55 AM, Fabrice Durand  wrote:
>
> Hello Jorge,
>
> i really think that it´s not the correct way to support the web auth in
> Huawei.
> The only thing you can do with the portal is to authenticate with a
> username and password, there is no way to do anything else
> (sms/email/sponsor/).
>
> Also when you authenticate on the portal , the portal validate your
> username and password and with the workflow you have it will authenticate
> twice (portal and radius) and it doesn´t make sense.
>
> So if you want to keep this way then you will need a simple html page with
> a username and password field that post on
> https://portal.fispy.mx:8443/login then configure packetfence to
> authenticate the username and password from radius.
>
> The other way who looks really better is to use that: (
> https://support.huawei.com/enterprise/en/doc/EDOC118282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_2
> )
>
> 
>
> As i said , it´s exactly how it works with the cisco wlc and it will
> support all authentication mechanisms available on the portal.
>
> Regards
> Fabrice
>
>
>
>
> Le lun. 7 févr. 2022 à 20:25, Jorge Nolla  a écrit :
>
>>
>> Radius request from the AC once it receives the correct values. This is
>> sent back to Radius which in this case is PF
>>
>> User-Name = “5blz” *<<< VALUE NEEDED IN URL as username* User-Password =
>> "**” *<<< VALUE NEEDED IN URL as password* NAS-IP-Address =
>> 10.7.255.2 NAS-Port = 900 Service-Type = Framed-User Framed-Protocol = PPP
>> Framed-IP-Address = 10.9.91.31 Called-Station-Id =
>> "c0:f6:c2:a5:c4:d0:FISPY-WiFi" Calling-Station-Id = "f0:2f:4b:14:67:d9"
>> NAS-Identifier = "AirEngine9700-M1" NAS-Port-Type = Wireless-802.11
>> Acct-Session-Id = "AirEngi000900d5d66c0600187" Event-Timestamp =
>> "Feb 7 2022 18:05:13 MST" NAS-Port-Id =
>> "slot=0;subslot=0;port=0;vlanid=900" Huawei-Loopback-Address =
>> "C0F6-C2A5-C4D0" Huawei-User-Mac = "\000\000\000\003" Stripped-User-Name =
>> "5blz" Realm = "null" FreeRADIUS-Client-IP-Address = 10.7.255.2
>> Called-Station-SSID = "FISPY-WiFi" PacketFence-KeyBalanced =
>> "aa86741e358fa86079a91aaf4dc581f9" PacketFence-Radius-Ip = "10.0.255.99"
>> SQL-User-Name = "5blz"
>>
>> On Feb 7, 2022, at 3:58 PM, Jorge Nolla  wrote:
>>
>> Hi Fabrice,
>>
>> I did hardcode as follow:
>>
>> https://portal.fispy.mx:8443/login?username=bob=bob;
>> style="display:none">
>>
>> But the redirect which the client is getting, is only this part, not sure
>> why:
>>
>> https://portal.fispy.mx:8443/login?
>>
>>
>> Here is the flow of the External Portal Authentication as per Huawei.
>> Portal Server - Notify the STA of the login URL
>> STA - Send the username and password in HTTP GET POST. When this is
>> configured to use ISE as per the guide, the ISE server sends the redirect
>> to the STA as per the format.
>> https://portal.fispy.mx:8443/login?username=($username)=($password)
>>
>>
>> 
>>
>> On Feb 7, 2022, at 2:51 PM, Fabrice Durand  wrote:
>>
>> Did you try to hardcode that in the code and see if it works ?
>>
>> Also i don´t understand the goal of passing the username and password ,
>> is there any extra check after that ? What happen if the user register by
>> sms/email ?
>>
>> And i just found that:
>>
>> https://support.huawei.com/enterprise/en/doc/EDOC118282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_1
>> Is it something that can be configured on the Hawei ? If yes then it will
>> mimic the way the Cisco WLC works.
>>
>> Regards
>> Fabrice
>>
>>
>> Le lun. 7 févr. 2022 à 16:01, Jorge Nolla  a écrit :
>>
>>> Hi Fabrice,
>>>
>>> This line needs to be HTTPS for it to work
>>> http://$controller_ip:8443/login?username=bob=bob;
>>> style="display:none”>
>>>
>>> This needs to be the username and password which is being entered by the
>>> user in the PF portal, which is the Radius username and password
>>> username=bob=bob
>>>
>>>
>>> On Feb 7, 2022, at 12:03 PM, Fabrice Durand  wrote:
>>>
>>> I just pushed a fix.
>>>
>>> cd /usr/local/pf
>>> curl
>>> https://github.com/inverse-inc/packetfence/commit/7628afddf46e0226667560dc33df192f9c4cf420.diff
>>> | patch -p1
>>> and restart
>>>
>>> Le lun. 7 févr. 2022 à 13:46, Jorge Nolla  a écrit :
>>>
 Here are the log outputs for

Re: [PacketFence-users] Huawei AC6005 Wireless Controller doesn’t support Web Auth. #4790

2022-02-08 Thread Jorge Nolla via PacketFence-users 
Hi Fabrice,

Let me check what the difference is in configuration on the AC side, I’ll 
report within the hour. Any clues as to why the parameters are not being passed?


> On Feb 8, 2022, at 8:55 AM, Fabrice Durand  wrote:
> 
> Hello Jorge,
> 
> i really think that it´s not the correct way to support the web auth in 
> Huawei.
> The only thing you can do with the portal is to authenticate with a username 
> and password, there is no way to do anything else (sms/email/sponsor/).
> 
> Also when you authenticate on the portal , the portal validate your username 
> and password and with the workflow you have it will authenticate twice 
> (portal and radius) and it doesn´t make sense.
> 
> So if you want to keep this way then you will need a simple html page with a 
> username and password field that post on https://portal.fispy.mx:8443/login 
>  then configure packetfence to 
> authenticate the username and password from radius.
> 
> The other way who looks really better is to use that: 
> (https://support.huawei.com/enterprise/en/doc/EDOC118282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_2
>  
> )
> 
> 
>  
> As i said , it´s exactly how it works with the cisco wlc and it will support 
> all authentication mechanisms available on the portal.
> 
> Regards
> Fabrice
> 
> 
> 
> 
> Le lun. 7 févr. 2022 à 20:25, Jorge Nolla  > a écrit :
> 
> Radius request from the AC once it receives the correct values. This is sent 
> back to Radius which in this case is PF
> 
> User-Name = “5blz”  <<< VALUE NEEDED IN URL as username
> User-Password = "**”   <<< VALUE NEEDED IN URL as password
> NAS-IP-Address = 10.7.255.2
> NAS-Port = 900
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-IP-Address = 10.9.91.31
> Called-Station-Id = "c0:f6:c2:a5:c4:d0:FISPY-WiFi"
> Calling-Station-Id = "f0:2f:4b:14:67:d9"
> NAS-Identifier = "AirEngine9700-M1"
> NAS-Port-Type = Wireless-802.11
> Acct-Session-Id = "AirEngi000900d5d66c0600187"
> Event-Timestamp = "Feb  7 2022 18:05:13 MST"
> NAS-Port-Id = "slot=0;subslot=0;port=0;vlanid=900"
> Huawei-Loopback-Address = "C0F6-C2A5-C4D0"
> Huawei-User-Mac = "\000\000\000\003"
> Stripped-User-Name = "5blz"
> Realm = "null"
> FreeRADIUS-Client-IP-Address = 10.7.255.2
> Called-Station-SSID = "FISPY-WiFi"
> PacketFence-KeyBalanced = "aa86741e358fa86079a91aaf4dc581f9"
> PacketFence-Radius-Ip = "10.0.255.99"
> SQL-User-Name = "5blz"
> 
>> On Feb 7, 2022, at 3:58 PM, Jorge Nolla > > wrote:
>> 
>> Hi Fabrice,
>> 
>> I did hardcode as follow:
>> 
>> > action="https://portal.fispy.mx:8443/login?username=bob=bob 
>> " 
>> style="display:none">
>> 
>> But the redirect which the client is getting, is only this part, not sure 
>> why:
>> 
>> https://portal.fispy.mx:8443/login? 
>> 
>> 
>> Here is the flow of the External Portal Authentication as per Huawei. 
>> Portal Server - Notify the STA of the login URL
>> STA - Send the username and password in HTTP GET POST. When this is 
>> configured to use ISE as per the guide, the ISE server sends the redirect to 
>> the STA as per the format. 
>> https://portal.fispy.mx:8443/login?username=($username)=($password) 
>> 
>> 
>> 
>> 
>> 
>>> On Feb 7, 2022, at 2:51 PM, Fabrice Durand >> > wrote:
>>> 
>>> Did you try to hardcode that in the code and see if it works ?
>>> 
>>> Also i don´t understand the goal of passing the username and password , is 
>>> there any extra check after that ? What happen if the user register by 
>>> sms/email ?
>>> 
>>> And i just found that:
>>> https://support.huawei.com/enterprise/en/doc/EDOC118282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_1
>>>  
>>> 
>>> Is it something that can be configured on the Hawei ? If yes then it will 
>>> mimic the way the Cisco WLC works.
>>> 
>>> Regards
>>> Fabrice
>>> 
>>> 
>>> Le lun. 7 févr. 2022 à 16:01, Jorge Nolla >> > a écrit :
>>> Hi Fabrice,
>>> 
>>> This line needs to be HTTPS for it to work
>>> >> action="http://$controller_ip:8443/login?username=bob=bob 
>>> " 
>>> style="display:none”>
>>> 
>>> This needs to be the username and password which is being entered by the 
>>> user in the PF portal, which is the Radius username and password
>>> username=bob=bob
>>> 
>>> 
 On Feb 7, 2022, at 12:03 PM, Fabrice Durand >>> > wrote:
 
 I just pushed a fix.
 
 cd /usr/local/pf
 curl

Re: [PacketFence-users] Huawei AC6005 Wireless Controller doesn’t support Web Auth. #4790

2022-02-08 Thread Fabrice Durand via PacketFence-users 
Hello Jorge,

i really think that it´s not the correct way to support the web auth in
Huawei.
The only thing you can do with the portal is to authenticate with a
username and password, there is no way to do anything else
(sms/email/sponsor/).

Also when you authenticate on the portal , the portal validate your
username and password and with the workflow you have it will authenticate
twice (portal and radius) and it doesn´t make sense.

So if you want to keep this way then you will need a simple html page with
a username and password field that post on
https://portal.fispy.mx:8443/login then configure packetfence to
authenticate the username and password from radius.

The other way who looks really better is to use that: (
https://support.huawei.com/enterprise/en/doc/EDOC118282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_2
)

[image: download.png]

As i said , it´s exactly how it works with the cisco wlc and it will
support all authentication mechanisms available on the portal.

Regards
Fabrice




Le lun. 7 févr. 2022 à 20:25, Jorge Nolla  a écrit :

>
> Radius request from the AC once it receives the correct values. This is
> sent back to Radius which in this case is PF
>
> User-Name = “5blz” *<<< VALUE NEEDED IN URL as username* User-Password =
> "**” *<<< VALUE NEEDED IN URL as password* NAS-IP-Address =
> 10.7.255.2 NAS-Port = 900 Service-Type = Framed-User Framed-Protocol = PPP
> Framed-IP-Address = 10.9.91.31 Called-Station-Id =
> "c0:f6:c2:a5:c4:d0:FISPY-WiFi" Calling-Station-Id = "f0:2f:4b:14:67:d9"
> NAS-Identifier = "AirEngine9700-M1" NAS-Port-Type = Wireless-802.11
> Acct-Session-Id = "AirEngi000900d5d66c0600187" Event-Timestamp =
> "Feb 7 2022 18:05:13 MST" NAS-Port-Id =
> "slot=0;subslot=0;port=0;vlanid=900" Huawei-Loopback-Address =
> "C0F6-C2A5-C4D0" Huawei-User-Mac = "\000\000\000\003" Stripped-User-Name =
> "5blz" Realm = "null" FreeRADIUS-Client-IP-Address = 10.7.255.2
> Called-Station-SSID = "FISPY-WiFi" PacketFence-KeyBalanced =
> "aa86741e358fa86079a91aaf4dc581f9" PacketFence-Radius-Ip = "10.0.255.99"
> SQL-User-Name = "5blz"
>
> On Feb 7, 2022, at 3:58 PM, Jorge Nolla  wrote:
>
> Hi Fabrice,
>
> I did hardcode as follow:
>
> https://portal.fispy.mx:8443/login?username=bob=bob;
> style="display:none">
>
> But the redirect which the client is getting, is only this part, not sure
> why:
>
> https://portal.fispy.mx:8443/login?
>
>
> Here is the flow of the External Portal Authentication as per Huawei.
> Portal Server - Notify the STA of the login URL
> STA - Send the username and password in HTTP GET POST. When this is
> configured to use ISE as per the guide, the ISE server sends the redirect
> to the STA as per the format.
> https://portal.fispy.mx:8443/login?username=($username)=($password)
>
>
> 
>
> On Feb 7, 2022, at 2:51 PM, Fabrice Durand  wrote:
>
> Did you try to hardcode that in the code and see if it works ?
>
> Also i don´t understand the goal of passing the username and password , is
> there any extra check after that ? What happen if the user register by
> sms/email ?
>
> And i just found that:
>
> https://support.huawei.com/enterprise/en/doc/EDOC118282/4d5793da/understanding-nac#dc_cfg_nac_2006u_1_1
> Is it something that can be configured on the Hawei ? If yes then it will
> mimic the way the Cisco WLC works.
>
> Regards
> Fabrice
>
>
> Le lun. 7 févr. 2022 à 16:01, Jorge Nolla  a écrit :
>
>> Hi Fabrice,
>>
>> This line needs to be HTTPS for it to work
>> http://$controller_ip:8443/login?username=bob=bob;
>> style="display:none”>
>>
>> This needs to be the username and password which is being entered by the
>> user in the PF portal, which is the Radius username and password
>> username=bob=bob
>>
>>
>> On Feb 7, 2022, at 12:03 PM, Fabrice Durand  wrote:
>>
>> I just pushed a fix.
>>
>> cd /usr/local/pf
>> curl
>> https://github.com/inverse-inc/packetfence/commit/7628afddf46e0226667560dc33df192f9c4cf420.diff
>> | patch -p1
>> and restart
>>
>> Le lun. 7 févr. 2022 à 13:46, Jorge Nolla  a écrit :
>>
>>> Here are the log outputs for /usr/local/pf/logs/packetfence.log
>>>
>>>
>>> Feb  7 11:03:04 wifi packetfence_httpd.portal[61371]:
>>> httpd.portal(61371) INFO: [mac:[undef]] URI '/Huawei' is detected as an
>>> external captive portal URI (pf::web::externalportal::handle)
>>> Feb  7 11:03:04 wifi packetfence_httpd.portal[61371]:
>>> httpd.portal(61371) ERROR: [mac:[undef]] Cannot load perl module for switch
>>> type 'pf::Switch::Huawei'. Either switch type is unknown or switch type
>>> perl module have compilation errors. See the following message for details:
>>>  (pf::web::externalportal::handle)
>>> Feb  7 11:03:06 wifi packetfence_httpd.portal[61370]:
>>> httpd.portal(61370) INFO: [mac:[undef]] URI '/Huawei' is detected as an
>>> external captive portal URI (pf::web::externalportal::handle)
>>> Feb  7 11:03:06 wifi packetfence_httpd.portal[61370]:
>>> httpd.portal(61370) ERROR: [mac:[undef]] Cannot load perl module for switch
>>> type