Hi Timothy, All Thanks for sharing this. We've been able to activate mac-address auth on dynamic VLAN (from radius server) using your example below. For the record, it's also possible to activate radius accounting using the same method :
In the config.properties of your controler for the relevant site, you can the following lines, if you have 2 SSID on your site: /var/lib/unifi/sites/XXXXXXXX/config.properties config.system_cfg.1=aaa.1.auth_cache=disabled config.system_cfg.2=aaa.2.auth_cache=disabled config.system_cfg.3=aaa.1.dynamic_vlan=1 config.system_cfg.4=aaa.2.dynamic_vlan=1 config.system_cfg.5=aaa.1.radius.acct.1.ip=<radius accounting server IP> config.system_cfg.6=aaa.1.radius.acct.1.port=<radius accounting server port> config.system_cfg.7=aaa.1.radius.acct.1.secret=<radius accounting server password> config.system_cfg.8=aaa.2.radius.acct.1.ip=<radius accounting server IP> config.system_cfg.9=aaa.2.radius.acct.1.port=<radius accounting server port> config.system_cfg.10=aaa.2.radius.acct.1.secret=<radius accounting server password> After re-provisioning the AP in the controler, your AP should start sending connection stat to your radius server. Hope this helps, Regards ----- Mail original ----- > De: "Timothy Mullican via PacketFence-users" > <[email protected]> > À: [email protected] > Cc: "Timothy Mullican" <[email protected]> > Envoyé: Dimanche 17 Décembre 2017 04:54:41 > Objet: Re: [PacketFence-users] Ubiquiti UniFi AP Captive Portal > All, > I was able to solve my issue with the mac address authentication dynamic vlan > assignment not working. You will have to download the latest beta firmware -- > 3.9.15.8011 -- from Ubiquiti (see > https://community.ubnt.com/t5/UniFi-Beta-Blog/UniFi-5-7-10-Testing-has-been-released/ba-p/2169697) > and apply it to your APs. From the UniFi 5.7.10 Changelog (see > https://community.ubnt.com/t5/UniFi-Beta-Blog/UniFi-5-7-10-Testing-has-been-released/ba-p/2169697?attachment-id=87025): > Firmware changes since 3.9.14: > [UAPG3] Add RADIUS VLAN support to MAC authentication bypass. > Firmware changes since 3.9.10/4.4.12: > [UAPG2] Add RADIUS VLAN support to MAC authentication bypass. > I had to make the following changes in order for dynamic vlan assignment with > mac address authentication to work. On one of your UniFi APs, run the > following: > # cat /tmp/system.cfg | grep ssid > Note which IDs are tied to your SSIDs using mac address authentication. > On your controller, create a file called "config.properties" in your active > site. For Linux the default install location is likely > "/usr/lib/unifi/data/sites/XXXXXXXXX/config.properties". For Linux the default > install location is likely "C:\Users\<username>\Ubiquiti > Unifi\data\sites\XXXXXXXXX\config.properties". Replace "XXXXXXXXX" with your > active site, likely "default". For Windows, replace "<username>" with the > account that installed the UniFi Controller software. > In the config.properties file, enter the following: > config.system_cfg.1=aaa.X.dynamic_vlan=1 > config.system_cfg.2=aaa.X.dynamic_vlan=1 > Replace "X" with the IDs you noted above. If you have any questions about the > config.properties file, see > https://help.ubnt.com/hc/en-us/articles/205223330-UniFi-How-to-make-persistent-changes-to-UAP-s-system-cfg. > For example, my SSID ID's using mac address authentication were 2 and 5, so I > would add the following: > config.system_cfg.1=aaa.2.dynamic_vlan=1 > config.system_cfg.2=aaa.5.dynamic_vlan=1 > Once you are done adding, you need to manually re-provision the applicable > APs. > Do the following: > From the controller web ui, click on the applicable AP, select config->Manage > Device, and click Provision. Once this is complete, dynamic VLAN assignment > with mac authentication should work correctly. > I didn't see an option in the GUI to enable this, but it's possible I missed > it. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
