Hi Ahiya, Yes, I agree with you 200 percent about DHCP server that is at the remote site if it is out-of-band deployment.
My Wifi client receives an IP address from the local firewall that acts as DHCP server and then nothing happens, no redirect or splash page. I checked your profile you sent me earlier. Pretty much simple, looks good to me, as long as the connection type in the filter is set to Wireless-Web-Auth it should work. What I'm curious about is the portal enabled interface. I assume you added the portal daemon to the PF management interface. Here’s how it looks on my setup. And also it is not clear to me something from Inverse documentation about it when it comes to Unifi integration. Here's the page from Inverse document about this specific setup, namely this line below one of the pictures: "You also need to enter the IP address of a portal enabled interface on the PacketFence server in Custom Portal" https://www.packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_unifi_side Where in PacketFence server is this CustomPortal section ? Next, one of the pictures shows enabled “Network Access” on the Unifi controller page. I don’t have it in mine and I do believe it is from older versions. What are we using for this ? Last but not least, my Access Points were defined by IP addresses. I followed the instructions under “Packetfence side” to run pfcron command followed by cache. Never had any outputs for switch_distributed list. And finally, is there any way, just in theory, to generate the random password for a user who is redirected to this custom portal? Eugene -----Original Message----- From: Ahiya Zadok via PacketFence-users <packetfence-users@lists.sourceforge.net> Sent: Thursday, December 15, 2022 9:11 AM To: Bénoni Delfosse <ben...@uniwan.be>; packetfence-users@lists.sourceforge.net Cc: Ahiya Zadok <ah...@younity.io> Subject: Re: [PacketFence-users] WiFi captive portal users get "Your computer was not found in the PacketFence database" error Hey Bénoni Thank you for responding. Each site has its DHCP server, and the guest's clients reach it via broadcast or relay, depending on the site size. I don't understand why the Captive portal needs to see all DHCP ACKs, as this is an out-of-band deployment. I have many stand-alone sites, with a DHCP server on each (using the same IP Prefix for the guest's network), and I plan to have the portal installed in AWS (now it's on a private "DC"). I understand PF is a NAC solution, not just a Captive portal. Can I disable the DHCP demon to eliminate this requirement? I'm trying the PF solution to have a multi-vendor solution and, in the future, to use different connection profiles on the same portal guest for non-registered clients without a vlan assignment and a radius-based auth for registered clients with a vlan assignment. Hopefully, this is doable 😉 -----Original Message----- From: Bénoni Delfosse < <mailto:ben...@uniwan.be> ben...@uniwan.be> Sent: Thursday, 15 December 2022 18:39 To: <mailto:packetfence-users@lists.sourceforge.net> packetfence-users@lists.sourceforge.net Cc: Ahiya Zadok < <mailto:ah...@younity.io> ah...@younity.io> Subject: RE: [PacketFence-users] WiFi captive portal users get "Your computer was not found in the PacketFence database" error Hi Ahiya, I had the same issue as you, but for version 11. In a same schema of deployment. I suppose you use an external DHCP server for your registration VLAN? If so, try to use the routing network and a DHCP-relay or helper. Or, probably more difficult, send the DHCPACK, from your DHCP server, to the packetfence DHCP daemon. In the case of a DHCP-relay, don't forget to activate the 'Force Listener update on DHCPACK' option under the 'Network Settings' in the 'Network Configuration' menu, otherwise the same error message will happen. And be aware that the DHCP-relay must relay all DHCP frames in the correct order to the DHCP daemon of packetfence (normally the dhcp-relay managed it correctly). Hope it help. Best regards, Bénoni Delfosse. -----Original Message----- From: Ahiya Zadok via PacketFence-users < <mailto:packetfence-users@lists.sourceforge.net> packetfence-users@lists.sourceforge.net> Sent: Thursday, 15 December 2022 16:07 To: <mailto:packetfence-users@lists.sourceforge.net> packetfence-users@lists.sourceforge.net Cc: Ahiya Zadok < <mailto:ah...@younity.io> ah...@younity.io> Subject: Re: [PacketFence-users] WiFi captive portal users get "Your computer was not found in the PacketFence database" error Hi All Any thoughs here? Appreciate any help! Thanks -----Original Message----- From: Ahiya Zadok < <mailto:ah...@younity.io> ah...@younity.io> Sent: Wednesday, 14 December 2022 18:05 To: 'packetfence-users@lists.sourceforge.net' < <mailto:packetfence-users@lists.sourceforge.net> packetfence-users@lists.sourceforge.net> Subject: WiFi captive portal users get "Your computer was not found in the PacketFence database" error Hello community I'm still struggling to set up my PF captive portal with my Unifi controller. I have a PF server (ZEN v12.1.0) and an Unifi controller (V6.5.55). Both servers are installed remotely from the actual site (APs and clients). And, of course, this is an out-of-band wireless-web-auth setup. All PF/Unifi controllers/WAPs/clients are behind NAT (I wonder if this architecture is supported?). All configurations are according to the online guides. When a client tries to access the guest WLAN, its redirected to the portal (my PF server) but gets the below error message: "Your computer was not found in the PacketFence database. Please reboot to solve this issue." I did run the "/usr/local/pf/bin/pfcmd pfmon ubiquiti_ap_mac_to_ip" command, but when running "/usr/local/pf/bin/pfcmd cache switch_distributed list" I get no output. when I run "/usr/local/pf/bin/pfcmd cache switch_distributed dump Ubiquiti-68:d7:9a:16:07:2a" i get this output “$VAR1 = undef;” I notice that the "allowed_device_oui.txt" contain oui only of gaming consoles, is this ok? I've attached below some logs and configuration files. Appreciate any help! Thanks pf.conf ================== # Copyright (C) Inverse inc. [general] # # general.domain # # Domain name of PacketFence system. domain=my.domain # # general.hostname # # Hostname of PacketFence system. This is concatenated with the domain in Apache rewriting rules and therefore must be resolvable by clients. hostname=https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fmy.host&c=E,1,UkzoSyntOLZzMcH-PXv0xTEaQEa3M-DmsOyqiYGsphbmheJFh4GEOWztTICKp9tIhe2XZbeZ5hXXbBzU96jVrZrRywhh2YUPHgAOx4LdW1hjFv8RUY3UiDzW&typo=1 # # general.timezone # # System's timezone in string format. List generated from Perl library DateTime::TimeZone # When left empty, it will use the timezone of the server timezone=UTC [database] # # database.db # # Name of the MySQL database used by PacketFence. db=pf # # database.user # # Username of the account with access to the MySQL database used by PacketFence. Changing this parameter after the initial configuration will *not* change it in the database it self, only in the configuration. user=pf # # database.pass # # Password for the mysql database used by PacketFence. Changing this parameter after the initial configuration will *not* change it in the database it self, only in the configuration. pass=XXXXXXXXXXXX [captive_portal] # # captive_portal.secure_redirect # # If secure_redirect is enabled, the captive portal uses HTTPS when redirecting # captured clients. This is the default behavior. secure_redirect=disabled # # captive_portal.rate_limiting # # Temporarily deny access to a user that performs too many requests on the captive portal on invalid URLs rate_limiting=disabled [advanced] # advanced.configurator # # Enable the Configurator and the Configurator API configurator=disabled # advanced.openid_attributes # # List of known OpenID Attributes openid_attributes= [interface eth0] ip=1x.x.x.x type=management,portal mask=255.255.252.0 roles.conf =================================================== [guest] inherit_web_auth_url=disabled inherit_vlan=disabled inherit_role=disabled auth source ===================== [null-source] type=Null description=null-source set_access_durations_action= [null-source rule catchall] status=enabled action1=set_access_duration=12h match=all action0=set_role=guest class=authentication switch.conf ================================================ [my unifi controller IP] SNMPCommunityRead=XXXXXXXX SNMPVersion=2c wsUser=XXXXXXXXX wsPwd=xxxxxxxxxxx isolationVlan=1 guestVlan=1 registrationVlan=1 group=Unifi ExternalPortalEnforcement=Y # Copyright (C) Inverse inc. # # # # See the enclosed file COPYING for license information (GPL). # If you did not receive this file, see # <https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.fsf.org%2flicensing%2flicenses%2fgpl.html&c=E,1,23DF4BHUfdRR40bB_qsQyXDcVsEyJfXa4cz1yVoHU1RKLq79P8fR4pzupkoQpz9PPuHnhbiSV2NVMZ_JspmRIJI6JJJCcFqtm3NLRRt3bsStMmnF&typo=1> https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.fsf.org%2flicensing%2flicenses%2fgpl.html&c=E,1,23DF4BHUfdRR40bB_qsQyXDcVsEyJfXa4cz1yVoHU1RKLq79P8fR4pzupkoQpz9PPuHnhbiSV2NVMZ_JspmRIJI6JJJCcFqtm3NLRRt3bsStMmnF&typo=1 [192.168.0.1] description=Test Switch type=Cisco::Catalyst_2960 mode=production uplink=23,24 VoIPLLDPDetect=N #SNMPVersion = 3 #SNMPEngineID = 0000000000000 #SNMPUserNameRead = readUser #SNMPAuthProtocolRead = MD5 #SNMPAuthPasswordRead = authpwdread #SNMPPrivProtocolRead = DES #SNMPPrivPasswordRead = privpwdread #SNMPUserNameWrite = writeUser #SNMPAuthProtocolWrite = MD5 #SNMPAuthPasswordWrite = authpwdwrite #SNMPPrivProtocolWrite = DES #SNMPPrivPasswordWrite = privpwdwrite #SNMPVersionTrap = 3 #SNMPUserNameTrap = readUser #SNMPAuthProtocolTrap = MD5 #SNMPAuthPasswordTrap = authpwdread #SNMPPrivProtocolTrap = DES #SNMPPrivPasswordTrap = privpwdread [192.168.1.0/24] description=Test Range WLC type=Cisco::WLC mode=production uplink_dynamic=0 VoIPLLDPDetect=N [group Unifi] type=Ubiquiti::Unifi description=unifi VoIPDHCPDetect=N deauthMethod=HTTPS VlanMap=N wsTransport=https haproxy_portal.log ====================================================== .aspx?replaceCurrent=1&url=https://x.x.x.x/ecp HTTP/1.1" Dec 14 14:51:57 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51313 [14/Dec/2022:14:51:56.145] portal-http-1x.x.x.x proxy/proxy 0/0/1/933/934 200 1039 - - ---- 2/1/0/0/0 0/0 {x.x.x.x:80} "GET /guest/s/6qca4zw5/?ap=68:d7:9a:16:07:2a&id=4a:7f:54:ab:28:f2&t=1671029515&url=http://captive.apple.com%2Fhotspot-detect.html&ssid=test HTTP/1.0" Dec 14 14:51:57 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51061 [14/Dec/2022:14:51:57.617] portal-http-1x.x.x.x proxy/proxy 0/0/0/2/2 200 1030 - - ---- 2/1/0/0/0 0/0 {x.x.x.x} "GET /guest/s/6qca4zw5/?ap=68:d7:9a:16:07:2a&id=4a:7f:54:ab:28:f2&t=1671029517&url=http://captive.apple.com%2Fhotspot-detect.html&ssid=test HTTP/1.1" Dec 14 14:51:57 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51315 [14/Dec/2022:14:51:57.924] portal-http-1x.x.x.x proxy/proxy 0/0/0/3/3 200 1039 - - ---- 3/2/0/0/0 0/0 {x.x.x.x:80} "GET /guest/s/6qca4zw5/?ap=68:d7:9a:16:07:2a&id=4a:7f:54:ab:28:f2&t=1671029517&url=http://captive.apple.com%2Fhotspot-detect.html&ssid=test HTTP/1.0" Dec 14 14:51:58 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51063 [14/Dec/2022:14:51:58.162] portal-http-1x.x.x.x 1x.x.x.x-backend/containers-gateway.internal:8080 0/0/0/40/40 200 4933 - - ---- 3/2/0/0/0 0/0 {my.fqdn} "GET /captive-portal?destination_url=http://x.x.x.x/guest/s/6qca4zw5/?ap=68:d7:9a:16:07:2a&id=4a:7f:54:ab:28:f2&t=1671029517&url=http://captive.apple.com%2Fhotspot-detect.html&ssid=test HTTP/1.1" Dec 14 14:51:58 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51065 [14/Dec/2022:14:51:58.942] portal-http-1x.x.x.x static/static 0/0/0/1/1 200 6157 - - ---- 5/4/1/1/0 0/0 {my.fqdn} "GET /common/pf.js HTTP/1.1" Dec 14 14:51:58 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51064 [14/Dec/2022:14:51:58.942] portal-http-1x.x.x.x static/static 0/0/0/1/1 200 42006 - - ---- 5/4/0/0/0 0/0 {my.fqdn} "GET /common/styles.css HTTP/1.1" Dec 14 14:51:58 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51066 [14/Dec/2022:14:51:58.944] portal-http-1x.x.x.x static/static 0/0/0/0/0 200 8239 - - ---- 6/5/0/0/0 0/0 {my.fqdn} "GET /content/captiveportal.js HTTP/1.1" Dec 14 14:51:58 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51068 [14/Dec/2022:14:51:58.952] portal-http-1x.x.x.x static/static 0/0/0/1/1 200 1506 - - ---- 8/7/1/1/0 0/0 {my.fqdn} "GET /common/jquery-shim.js HTTP/1.1" Dec 14 14:51:58 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51067 [14/Dec/2022:14:51:58.952] portal-http-1x.x.x.x static/static 0/0/0/1/1 200 20248 - - ---- 8/7/0/0/0 0/0 {my.fqdn} "GET /common/qrcode.min.js HTTP/1.1" Dec 14 14:51:59 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51063 [14/Dec/2022:14:51:59.224] portal-http-1x.x.x.x static/static 0/0/0/0/0 200 4480 - - ---- 8/7/0/0/0 0/0 {my.fqdn} "GET /common/packetfence-cp.png HTTP/1.1" Dec 14 14:51:59 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51065 [14/Dec/2022:14:51:59.254] portal-http-1x.x.x.x static/static 0/0/0/0/0 200 39912 - - ---- 8/7/0/0/0 0/0 {my.fqdn} "GET /common/img/sprite.svg HTTP/1.1" Dec 14 14:51:59 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51064 [14/Dec/2022:14:51:59.252] portal-http-1x.x.x.x 1x.x.x.x-backend/containers-gateway.internal:8080 0/0/0/35/35 200 789 - - ---- 8/7/0/0/0 0/0 {my.fqdn} "POST /record_destination_url HTTP/1.1" Dec 14 14:52:01 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51317 [14/Dec/2022:14:51:59.561] portal-http-1x.x.x.x proxy/proxy 0/0/0/1522/1522 200 1039 - - ---- 9/8/0/0/0 0/0 {x.x.x.x:80} "GET /guest/s/6qca4zw5/?ap=68:d7:9a:16:07:2a&id=4a:7f:54:ab:28:f2&t=1671029519&url=http://captive.apple.com%2Fhotspot-detect.html&ssid=test HTTP/1.0" packetfence.log ============================================================= Dec 14 14:54:33 packetfence httpd.dispatcher-docker-wrapper[2727]: httpd.dispatcher: Ip2Mac mac for x.x.x.x not found sql: no rows in result set Dec 14 14:54:33 packetfence httpd.dispatcher-docker-wrapper[2727]: httpd.dispatcher: Ip2Mac mac for x.x.x.x not found sql: no rows in result set Dec 14 14:54:34 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(87) WARN: [mac:unknown] Unable to match MAC address to IP 'x.x.x.x' (pf::ip4log::ip2mac) Dec 14 14:54:34 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(87) WARN: [mac:0] Unable to match MAC address to IP 'x.x.x.x' (pf::ip4log::ip2mac) Dec 14 14:54:34 packetfence httpd.dispatcher-docker-wrapper[2727]: httpd.dispatcher: Ip2Mac mac for x.x.x.x not found sql: no rows in result set Dec 14 14:54:34 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(87) WARN: [mac:unknown] Unable to match MAC address to IP 'x.x.x.x' (pf::ip4log::ip2mac) Dec 14 14:54:34 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(87) WARN: [mac:0] Unable to match MAC address to IP 'x.x.x.x' (pf::ip4log::ip2mac) Dec 14 14:54:37 packetfence httpd.dispatcher-docker-wrapper[2727]: httpd.dispatcher: Ip2Mac mac for x.x.x.x not found sql: no rows in result set Dec 14 14:54:42 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(89) INFO: [mac:00:11:22:33:44:55] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Dec 14 14:54:52 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(90) INFO: [mac:00:11:22:33:44:55] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Dec 14 14:55:03 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(89) INFO: [mac:00:11:22:33:44:55] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Dec 14 14:55:09 packetfence pfperl-api-docker-wrapper[1734]: pfperl-api(17) INFO: [mac:[undef]] Using 300 resolution threshold (pf::pfcron::task::cluster_check::run) Dec 14 14:55:09 packetfence pfperl-api-docker-wrapper[1734]: pfperl-api(17) INFO: [mac:[undef]] All cluster members are running the same configuration version (pf::pfcron::task::cluster_check::run) Dec 14 14:55:09 packetfence pfperl-api-docker-wrapper[1734]: pfperl-api(14) INFO: [mac:[undef]] getting security_events triggers for accounting cleanup (pf::accounting::acct_maintenance) Dec 14 14:55:09 packetfence pfperl-api-docker-wrapper[1734]: pfperl-api(11) INFO: [mac:[undef]] processed 0 security_events during security_event maintenance (1671029709.13696 1671029709.14665) (pf::security_event::security_event_maintenance) Dec 14 14:55:09 packetfence httpd.dispatcher-docker-wrapper[2727]: httpd.dispatcher: Ip2Mac mac for x.x.x.x not found sql: no rows in result set Dec 14 14:55:09 packetfence httpd.dispatcher-docker-wrapper[2727]: httpd.dispatcher: Ip2Mac mac for x.x.x.x not found sql: no rows in result set Dec 14 14:55:10 packetfence httpd.dispatcher-docker-wrapper[2727]: httpd.dispatcher: Ip2Mac mac for x.x.x.x not found sql: no rows in result set Dec 14 14:55:10 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(88) WARN: [mac:unknown] Unable to match MAC address to IP 'x.x.x.x' (pf::ip4log::ip2mac) Dec 14 14:55:10 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(88) WARN: [mac:0] Unable to match MAC address to IP 'x.x.x.x' (pf::ip4log::ip2mac) Dec 14 14:55:10 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(90) WARN: [mac:unknown] Unable to match MAC address to IP 'x.x.x.x' (pf::ip4log::ip2mac) Dec 14 14:55:10 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(90) WARN: [mac:0] Unable to match MAC address to IP 'x.x.x.x' (pf::ip4log::ip2mac) Dec 14 14:55:13 packetfence httpd.dispatcher-docker-wrapper[2727]: httpd.dispatcher: Ip2Mac mac for x.x.x.x not found sql: no rows in result set Dec 14 14:55:13 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(90) INFO: [mac:00:11:22:33:44:55] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Dec 14 14:55:23 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(89) INFO: [mac:00:11:22:33:44:55] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Dec 14 14:55:33 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(88) INFO: [mac:00:11:22:33:44:55] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Dec 14 14:55:41 packetfence httpd.dispatcher-docker-wrapper[2727]: httpd.dispatcher: Ip2Mac mac for 179.60.149.71 not found sql: no rows in result set Dec 14 14:55:41 packetfence httpd.dispatcher-docker-wrapper[2727]: httpd.dispatcher: Ip2Mac mac for 179.60.149.71 not found sql: no rows in result set _______________________________________________ PacketFence-users mailing list <mailto:PacketFence-users@lists.sourceforge.net> PacketFence-users@lists.sourceforge.net <https://lists.sourceforge.net/lists/listinfo/packetfence-users> https://lists.sourceforge.net/lists/listinfo/packetfence-users _______________________________________________ PacketFence-users mailing list <mailto:PacketFence-users@lists.sourceforge.net> PacketFence-users@lists.sourceforge.net <https://lists.sourceforge.net/lists/listinfo/packetfence-users> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
