Hi Enrique, thanks for your precious informations!
In the next days, I'll try yo recreate two brand new VMs, one for PF and one for Unifi Controller, in order to avoid any precious misconfiguration. I'll let you know if everything is working as espected, and I'll post every useful tcpdump output, either PF and Unifi side. For now, I would like to share this GitHub issue with you, regarding Disconnect-Requests with Unifi controller, (the issue Is not from me, but from another user which apparantly has the same problem): <https://github.com/inverse-inc/packetfence/issues/8065> For now, I still using old Unifi Dashboard with CoA checked, and if I run "netstat -an | grep 3799" I can see the port successfully in listening mode on the socket. Thanks again for your reply and tour time! Il 13 apr 2024, 12:20 +0200, Elia <thelizardnerd.e...@gmail.com>, ha scritto: > Hello there, > I'm struggling with configuring Wireless MAB with Ubiquiti Access Points, my > goal is to authenticate wireless supplicants through Ubiquiti APs with > PacketFence's Captive Portal and dynamic VLAN, in this way they can be moved > into the right VLAN (after a successful authentication with credentials). > > Some infos: > Unifi controller version: 7.29 > Ubiquiti AP nanohd firmware version: 6.6 > PacketFence version: 13.2 > > To setup the environment (specifically the SSIDs) I followed the section 6.28 > under the Network Devices Configuration Guide, specifically 6.28.2 VLAN > Enforcement. > > I enabled CoA on Unifi Controller and on PacketFence "Switches" section I > added the AP through his IP, then I configured: SNMP strings, WebServices > (https), RADIUS secret password, associated VLAN IDs with Roles, specified > Unifi Controller IP address, enabled deauth wih CoA, specified "RADIUS" under > Deauthentication Method option, choosed "Production" mode and "Unifi > Controller" as type. > > For now, a supplicant which connect to open SSID is correctly redirected to > Captive Portal, but, after login, it isn't dynamically moved into the correct > VLAN, instead, it needs to switch off and switch on WiFi in order to > reconnect to the SSID and to take the IP in the right VLAN through our DHCP > server. > > Is there a way to fix this behaviour and make the supplicant dynamically > moved? > > One strange behaviour is that sometimes a supplicant is correctly dynamically > moved into the assigned Role (so the assigned VLAN) after login (I don't know > why sometimes it works without changing anything on Unifi side neither PF > side). For example: 2 supplicants are correctly moved into thw VLAN, while > the third supplicant which come after them, after a successful login, is not > dynamically moved into the assigned VLAN. Any suggestions with this? > > Another issue: if I delete a node after a successful authentication, > PacketFence RADIUS server send a Disconnect Request to the Ubiquiti AP, the > Ubituiti AP replies with a "Disconnect-ACK" packet but the supplicant still > connected to WiFi without being disconnected. How can I successfully > disconnect a client? > > Eventually, I have a suspect that is all properly configured on PF and on > Unifi Controller, at this point my question is: which is the actual status of > integration between PF and Unifi? Does the MAB authentication ever worked? > Thanks!
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
