GFI Software Aurea SMB Solutions

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Control » Simple Captive Portal (I need a simple captive portal for a shopping mall)
Re: Simple Captive Portal [message #122823 is a reply to message #122822] Tue, 14 July 2015 01:54 Go to previous messageGo to next message
Kerio/GFI Brian is currently offline  Kerio/GFI Brian
Messages: 852
Registered: March 2004
Location: California
Reinaldo, the parts which seem unclear are the "Wifi access to registered customers of the shopping." and "We are trying to find a way using Kerio Control with the addition of an Apache web server"
I'm assuming you will be building some type of web server somewhere on the network that allows customers to register somehow. I believe what you are requesting here is a bit of consulting that goes beyond what we can offer here in the forums. Perhaps you might look into our API documentation as this may give you the flexibility to programmatically manage users the way you need.
http://www.kerio.com/learn-community/developer-zone/details# keriocontrol


Brian Carmichael
Instructional Content Architect
Re: Simple Captive Portal [message #122825 is a reply to message #122823] Tue, 14 July 2015 03:04 Go to previous messageGo to next message
reiferreira is currently offline  reiferreira
Messages: 153
Registered: October 2010
Location: Brazil
Hi Brian,
In fact, the only thing that I need to know is:
- is it possible that Kerio Control directs Internet calls from unauthenticated users to a portal in the Intranet.
That's the only question I need an answer from the Kerio experts.
I don't need at this time a consulting service. We can do it using different firewalls but obviously we want to use Kerio Control (that's why we are in this forum).
So if you or Ken or Ernesto or anybody else knows how to do it (and maybe it is a very easy thing to do but I'm not seeing the solution) it will be great.
I really hope to use Kerio Control in this project.
Thanks.


Reinaldo Ferreira
FCBrasil - General Manager
https://www.fcbrasil.com.br
Re: Simple Captive Portal [message #122827 is a reply to message #122825] Tue, 14 July 2015 05:48 Go to previous messageGo to next message
Kerio/GFI Brian is currently offline  Kerio/GFI Brian
Messages: 852
Registered: March 2004
Location: California
It's possible to redirect unauthenticated hosts to an external portal. The problem is that Kerio Control will not know when the user registers or authenticates to this external portal, so hosts will always be unauthenticated, and will always be redirected to this external portal for every request. If you use the administration API, then your external portal can communicate back to Kerio Control after the user has been authenticated.

Brian Carmichael
Instructional Content Architect
Re: Simple Captive Portal [message #122828 is a reply to message #122827] Tue, 14 July 2015 06:30 Go to previous messageGo to next message
reiferreira is currently offline  reiferreira
Messages: 153
Registered: October 2010
Location: Brazil
Hi Brian,
Can you show me how to redirect?
Then I'll find my way on the other apps.
You can imagine that these wifi users will enter the wifi router without any password and then Kerio must redirected them to the internal portal.
Also, we can connect these wifi routers/users to a specific Ethernet port (different from Trusted Interfaces) if necessary.
All suggestions will be very much appreciated.
Thanks in advance for your help.


Reinaldo Ferreira
FCBrasil - General Manager
https://www.fcbrasil.com.br

[Updated on: Tue, 14 July 2015 06:30]

Report message to a moderator

Re: Simple Captive Portal [message #122830 is a reply to message #122828] Tue, 14 July 2015 06:48 Go to previous messageGo to next message
Kerio/GFI Brian is currently offline  Kerio/GFI Brian
Messages: 852
Registered: March 2004
Location: California
In the content filter, create a rule with the action "redirect to" and input the URL of your captive portal site.

Brian Carmichael
Instructional Content Architect
Re: Simple Captive Portal [message #122857 is a reply to message #122830] Tue, 14 July 2015 21:29 Go to previous messageGo to next message
reiferreira is currently offline  reiferreira
Messages: 153
Registered: October 2010
Location: Brazil
Hi Brian,

Is there a way to specify that only unauthenticated users trying to connect to the Internet are redirected to a specific URL?
That's what we need.
As distributor of Kerio solutions we are always trying to use Kerio in all scenarios. If this is one of the cases where we cannot use it then please let us know.
Thanks.


Reinaldo Ferreira
FCBrasil - General Manager
https://www.fcbrasil.com.br
Re: Simple Captive Portal [message #122861 is a reply to message #122857] Tue, 14 July 2015 22:51 Go to previous messageGo to next message
Kerio/GFI Brian is currently offline  Kerio/GFI Brian
Messages: 852
Registered: March 2004
Location: California
Since you are not authenticating users to Kerio Control, then the rule will always apply because all devices will be considered as unauthenticated.
We still have vague details regarding the use case of your customer. I'm sure that Kerio Control can satisfy your customer's needs, however it will require some level of programming from your end to integrate your external registration system with the Kerio Control user database via the API that I previously referenced.


Brian Carmichael
Instructional Content Architect
Re: Simple Captive Portal [message #122863 is a reply to message #122861] Tue, 14 July 2015 23:57 Go to previous messageGo to next message
reiferreira is currently offline  reiferreira
Messages: 153
Registered: October 2010
Location: Brazil
Hi Brian,

The idea is:
1) Kerio deviates Internet-only calls from unauthenticated users (unfortunately there is no such an option in the traffic rules) to a local web server (portal)
2) After registration we will inform this situation to Kerio Control in some way (maybe using Kerio API or even AD/LDAP)]
3) Then the user will be directed to the Kerio Control login page and do the authentication
4) The user has Internet access

Do you think this is possible? I'm particularly concerned about the first point.


Reinaldo Ferreira
FCBrasil - General Manager
https://www.fcbrasil.com.br
Re: Simple Captive Portal [message #122864 is a reply to message #122537] Wed, 15 July 2015 00:29 Go to previous messageGo to next message
Kerio/GFI Brian is currently offline  Kerio/GFI Brian
Messages: 852
Registered: March 2004
Location: California
Here are the rules you need.
http://screencast.com/t/NdrT6USpNIt
http://screencast.com/t/sJzqAkVm
You use the content filter to redirect unauthenticated users. You need a rule above it to allow the group of registered users. You use the traffic rules to block people from using other non HTTP protocols if they are not authenticated.
You may not need step 3 as you could associate the user's IP address when adding them through the API. Otherwise you can post the login directly to Kerio Control after you have generated the user account through the API.


Brian Carmichael
Instructional Content Architect
Re: Simple Captive Portal [message #123308 is a reply to message #122864] Thu, 06 August 2015 02:40 Go to previous messageGo to next message
reiferreira is currently offline  reiferreira
Messages: 153
Registered: October 2010
Location: Brazil
Hi,

We are still trying to use Kerio Control in this project although many of my friends are telling me to use a Linux firewall and other open source app.
I really don't like the idea of using other firewall so is there anyone that can tell me how to use the API to write usename+password into Kerio Control from a registration database?
I'm trying but it is complex without an example. In fact, the Control portion is not documented at all.
Regards,
Reinaldo


Reinaldo Ferreira
FCBrasil - General Manager
https://www.fcbrasil.com.br

[Updated on: Thu, 06 August 2015 02:55]

Report message to a moderator

Re: Simple Captive Portal [message #123316 is a reply to message #123308] Thu, 06 August 2015 13:24 Go to previous messageGo to next message
valshare is currently offline  valshare
Messages: 64
Registered: June 2007
@Reinaldo: use Pfsense with captive portal and radius plug-in or external radius. I think this is what you need.
Re: Simple Captive Portal [message #123343 is a reply to message #123316] Fri, 07 August 2015 13:27 Go to previous messageGo to next message
reiferreira is currently offline  reiferreira
Messages: 153
Registered: October 2010
Location: Brazil
Thanks Valshare. I know we can do it with free Linux software but we are Kerio distributors and want to create the solution using Control.
At this point I think I'd like to hear from Kerio.
Again, I don't need a consulting service, I just need an example of how to add/delete usar from Kerio Control database.
I'm sure Kerio experts know how to do it.


Reinaldo Ferreira
FCBrasil - General Manager
https://www.fcbrasil.com.br
Re: Simple Captive Portal [message #123344 is a reply to message #122537] Fri, 07 August 2015 13:51 Go to previous messageGo to next message
Petr Dobry (Kerio) is currently offline  Petr Dobry (Kerio)
Messages: 405
Registered: November 2003

Kerio Technologies
We do have public API based on JSON-RPC. The documentation is in our Developer Zone.

Basically you just need to send proper JSON data to the Control API.

Example for creating new user is:
POST /admin/api/jsonrpc/?methods=Users.create HTTP/1.1
X-Token: db2e6fdb794f03668ad3c0d8ed29012c95505ad965caec68fc1d01e55c64632d
Cookie: SESSION_CONTROL_WEBADMIN=17f9d5c98f7d1ffd6c3cfeeca7d903a0385f7dd82b9d902128fbab26a316d98e; TOKEN_CONTROL_WEBADMIN=db2e6fdb794f03668ad3c0d8ed29012c95505ad965caec68fc1d01e55c64632d; SESSION_CONTROL_WEBIFACE=9b1f42bd0c5284e73435785890f2cf3e29e52bdf38fd684d2618b87993a30d8b; TOKEN_CONTROL_WEBIFACE=7833495841385a86e21c7cd2d29baae3b52aaa719e7c7fa0c72248b92f0c9743
Host: control:4081
Connection: close
User-Agent: Paw/2.2.2 (Macintosh; OS X/10.10.4) GCDHTTPRequest
Content-Length: 2151

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "Users.create",
  "params": {
    "users": [
      {
        "data": {
          "rights": {
            "readConfig": false,
            "writeConfig": false,
            "unlockRule": false,
            "dialRasConnection": false,
            "connectVpn": false,
            "useP2p": false
          },
          "quota": {
            "daily": {
              "enabled": false,
              "type": "QuotaBoth",
              "limit": {
                "value": 0,
                "units": "GigaBytes"
              }
            },
            "weekly": {
              "enabled": false,
              "type": "QuotaBoth",
              "limit": {
                "value": 0,
                "units": "GigaBytes"
              }
            },
            "monthly": {
              "enabled": false,
              "type": "QuotaBoth",
              "limit": {
                "value": 0,
                "units": "GigaBytes"
              }
            },
            "blockTraffic": false,
            "notifyUser": false
          },
          "wwwFilter": {
            "javaApplet": false,
            "embedObject": false,
            "script": false,
            "popup": false,
            "referer": false
          },
          "language": "detect"
        },
        "credentials": {
          "userName": "homer",
          "password": "12345",
          "passwordChanged": true
        },
        "fullName": "Homer J. Simpson",
        "description": "",
        "email": "homer<_at_>springfield.com",
        "authType": "Internal",
        "useTemplate": true,
        "adEnabled": true,
        "localEnabled": true,
        "groups": [],
        "autoLogin": {
          "addresses": {
            "enabled": false,
            "value": null
          },
          "addressGroup": {
            "enabled": false,
            "id": null
          },
          "macAddresses": {
            "enabled": false,
            "value": null
          }
        },
        "vpnAddress": {
          "enabled": false,
          "value": null
        }
      }
    ],
    "domainId": "local"
  }
}


You need to login and get proper X-Token header first of course. If you download the documentation to public API, there are examples (look for index.html file)


Petr Dobry
Product Development Manager | Kerio
Re: Simple Captive Portal [message #123345 is a reply to message #123308] Fri, 07 August 2015 13:54 Go to previous messageGo to next message
Petr Dobry (Kerio) is currently offline  Petr Dobry (Kerio)
Messages: 405
Registered: November 2003

Kerio Technologies
Reinaldo wrote on Thu, 06 August 2015 02:40
I'm trying but it is complex without an example. In fact, the Control portion is not documented at all.


The documentation can be downloaded here - http://download.kerio.com/dwn/kerio-control-api-en.zip


Petr Dobry
Product Development Manager | Kerio
Re: Simple Captive Portal [message #123403 is a reply to message #123345] Tue, 11 August 2015 03:56 Go to previous messageGo to previous message
reiferreira is currently offline  reiferreira
Messages: 153
Registered: October 2010
Location: Brazil
Hi Petr,
Thanks for the help so far.
I'm probably very stupid but I'm not understanding where should I insert the code provided into my PHP files. I've gone through the examples but I couldn't combine all the different information into something that I can work with.
What would be the file structure in my web server? How can I insert the JSON commands you listed into a PHP file that can control the communication?
In other words, would you be kind enough to put this code in a PHP example? I just want to use Kerio Control in a new type of project and promote Kerio as an alternative to PFSense.
Thanks.


Reinaldo Ferreira
FCBrasil - General Manager
https://www.fcbrasil.com.br

[Updated on: Wed, 12 August 2015 22:19]

Report message to a moderator

Previous Topic: Block Microsoft GWX access to internet
Next Topic: Access Internet By Usb Dongle
Goto Forum:
  


Current Time: Fri Dec 03 01:17:18 CET 2021

Total time taken to generate the page: 0.04650 seconds