Many thanks for the tips. With your guidance I've been following the
"Packetfence RADIUS and Unifi Out of Band" and am 90% of the way there.
For anyone curious, please check in on that thread, as it's got more of the
case history and steps outlined.
Best,
David
On Thu, Feb 1, 2018 at 1:39 AM, Timothy Mullican <tjmullic...@yahoo.com>
wrote:
> David,
> Your understanding is correct. Currently the UniFi only supports
> deauthenticating a client using the controller API and not using CoA. It is
> possible to enable RADIUS CoA for a single SSID and frequency, but this may
> not be useful for you. This is because the UniFi runs a separate hostapd
> instance for all of the different SSIDs and frequencies. See:
> https://community.ubnt.com/t5/UniFi-Wireless/RADIUS-Interi
> <https://community.ubnt.com/t5/UniFi-Wireless/RADIUS-Interim-updates/m-p/1860205/highlight/true#M216003>
> m-updates/m-p/1860205/highlight/true#M216003
> <https://community.ubnt.com/t5/UniFi-Wireless/RADIUS-Interim-updates/m-p/1860205/highlight/true#M216003>
>
> Sent from mobile phone
>
> On Jan 31, 2018, at 17:46, Durand fabrice via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
> Hello David,
>
> the unifi AP is not yet correctly supported, there is some code about that
> but you have to do some custom config on the Unifi controller.
> Have a look at the mailing list archive about unifi.
>
> Regards
> Fabrice
>
> Le 2018-01-31 à 13:02, David Harvey via PacketFence-users a écrit :
>
> I should also note. I've just changed our APs from switch type hostapd to
> ubiquity::unify, added the controller IP (a docker image in my case), and
> also attempted to add the webservices field as details in the
> documentation:
>
> wsTransport=HTTPS
> wsUser=admin
> wsPwd=admin
>
>
> On Wed, Jan 31, 2018 at 6:00 PM, David Harvey <da...@thoughtmachine.net>
> wrote:
>
>> Hi packetfence users,
>>
>> I just wanted to confirm a feature (or my undertsnading of).
>>
>> I'm using unifi access points with great success for portal login paired
>> with EAP-TLS.
>>
>> Unregistered clients with certs land on the registration VLAN, and then
>> have their proper vlans assigned by the portal login.
>> After the portal login has been performed the client needs the wifi
>> toggling off and on at present to reauth and get put onto the correct VLAN.
>> subsequent reconnects work fine...
>>
>> If I've read the archives correctly, the wifi down/up is required becuase
>> CoA is not supported by unifi, nor does the controller allow RADIUS
>> disconnect events to force a client to reauth.
>> Have I understood correctly, and is there any other magic I could try in
>> order to smooth the portal sign in experience?
>>
>> Thanks in advnce,
>>
>> David
>>
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> _______________________________________________
> PacketFence-users mailing
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
