Hi again,
I have tested external portal with Unifi Controller Default site. Ok. It works
perfectly. But I have 20 sites on Unifi Controller.
Packetfence doesn't authorize clients different site other than default site.
Because packetfence API works only default site.
-- in lib/pf/Switch/Ubiquiti/Unifi.pm:
151 sub _deauthenticateMacWithHTTP {
152 my ( $self, $mac ) = @_;
153 my $logger = $self->logger;
154
155 my $node_info = node_view($mac);
156
157 my $controllerIp = $self->{_controllerIp};
158 my $transport = lc($self->{_wsTransport});
159 my $username = $self->{_wsUser};
160 my $password = $self->{_wsPwd};
161
162 my $site = 'default'; ===> here,
--
162. line : 'my $site' variable is static and only 'default'. How can we change
this? ( for multi sites)
I will be happy if you can help me. Thanks.
> On 16 Apr 2019, at 13:51, Emre Eryilmaz <[email protected]> wrote:
>
> Hi,
>
> I want to use packetfence captive portal with Unifi controller for guest sms
> authetication. Every things is ok. But guest clients can't authorize on Unifi
> Controller. There is multi sites on Unifi controller and I can manually
> authorize client via API .
> Packetfence and Unifi controller logs is below. Does anyone have any ideas?
>
>
> Thanks.
>
>
> - Packetfence Logs:
>
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:unknown] External captive portal detected !
> (captiveportal::PacketFence::Model::Portal::Session::_build_dispatcherSession)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:unknown] Detected external portal client. Using the IP 10.90.101.24
> address in it's session.
> (captiveportal::PacketFence::Model::Portal::Session::_build_clientIP)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:a6:7f:80:d7:1a:38] External captive portal detected !
> (captiveportal::PacketFence::Model::Portal::Session::_build_dispatcherSession)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:a6:7f:80:d7:1a:38] Detected external portal client. Using the IP
> 10.90.101.24 address in it's session.
> (captiveportal::PacketFence::Model::Portal::Session::_build_clientIP)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:a6:7f:80:d7:1a:38] Instantiate profile guest01
> (pf::Connection::ProfileFactory::_from_profile)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) WARN:
> [mac:a6:7f:80:d7:1a:38] Use of uninitialized value
> $pf::web::constants::URL_NETWORK_LOGOFF in string eq at
> /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm
> line 303.
> (captiveportal::PacketFence::DynamicRouting::Application::process_destination_url)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:a6:7f:80:d7:1a:38] [a6:7f:80:d7:1a:38] Activation code sent to email
> +901234567890 from +901234567890 successfully verified. for activation type:
> sms (pf::activation::validate_code_with_mac)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:a6:7f:80:d7:1a:38] User +901234567890 has authenticated on the portal.
> (Class::MOP::Class:::after)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:a6:7f:80:d7:1a:38] User +901234567890 has authenticated on the portal.
> (Class::MOP::Class:::after)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) WARN:
> [mac:a6:7f:80:d7:1a:38] Calling match with empty/invalid rule class.
> Defaulting to 'authentication' (pf::authentication::match)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:a6:7f:80:d7:1a:38] Using sources gozen_sms for matching
> (pf::authentication::match)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:a6:7f:80:d7:1a:38] Matched rule (guest_rule01) in source gozen_sms,
> returning actions. (pf::Authentication::Source::match_rule)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:a6:7f:80:d7:1a:38] Matched rule (guest_rule01) in source gozen_sms,
> returning actions. (pf::Authentication::Source::match)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:a6:7f:80:d7:1a:38] User +901234567890 has authenticated on the portal.
> (Class::MOP::Class:::after)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) WARN:
> [mac:a6:7f:80:d7:1a:38] Calling match with empty/invalid rule class.
> Defaulting to 'authentication' (pf::authentication::match)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:a6:7f:80:d7:1a:38] Using sources gozen_sms for matching
> (pf::authentication::match)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:a6:7f:80:d7:1a:38] Matched rule (guest_rule01) in source gozen_sms,
> returning actions. (pf::Authentication::Source::match_rule)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:a6:7f:80:d7:1a:38] Matched rule (guest_rule01) in source gozen_sms,
> returning actions. (pf::Authentication::Source::match)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:a6:7f:80:d7:1a:38] User +901234567890 has authenticated on the portal.
> (Class::MOP::Class:::after)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) WARN:
> [mac:a6:7f:80:d7:1a:38] Calling match with empty/invalid rule class.
> Defaulting to 'authentication' (pf::authentication::match)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:a6:7f:80:d7:1a:38] Using sources gozen_sms for matching
> (pf::authentication::match)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:a6:7f:80:d7:1a:38] User +901234567890 has authenticated on the portal.
> (Class::MOP::Class:::after)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) WARN:
> [mac:a6:7f:80:d7:1a:38] Calling match with empty/invalid rule class.
> Defaulting to 'authentication' (pf::authentication::match)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:a6:7f:80:d7:1a:38] Using sources gozen_sms for matching
> (pf::authentication::match)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2088) INFO:
> [mac:unknown] External captive portal detected !
> (captiveportal::PacketFence::Model::Portal::Session::_build_dispatcherSession)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2088) INFO:
> [mac:unknown] Detected external portal client. Using the IP 10.90.101.24
> address in it's session.
> (captiveportal::PacketFence::Model::Portal::Session::_build_clientIP)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2088) INFO:
> [mac:a6:7f:80:d7:1a:38] External captive portal detected !
> (captiveportal::PacketFence::Model::Portal::Session::_build_dispatcherSession)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2088) INFO:
> [mac:a6:7f:80:d7:1a:38] Detected external portal client. Using the IP
> 10.90.101.24 address in it's session.
> (captiveportal::PacketFence::Model::Portal::Session::_build_clientIP)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2088) INFO:
> [mac:a6:7f:80:d7:1a:38] Instantiate profile guest01
> (pf::Connection::ProfileFactory::_from_profile)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2088) WARN:
> [mac:a6:7f:80:d7:1a:38] Use of uninitialized value
> $pf::web::constants::URL_NETWORK_LOGOFF in string eq at
> /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm
> line 303.
> (captiveportal::PacketFence::DynamicRouting::Application::process_destination_url)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2088) INFO:
> [mac:a6:7f:80:d7:1a:38] User +901234567890 has authenticated on the portal.
> (Class::MOP::Class:::after)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2088) INFO:
> [mac:a6:7f:80:d7:1a:38] No provisioner found for a6:7f:80:d7:1a:38.
> Continuing.
> (captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2088) INFO:
> [mac:a6:7f:80:d7:1a:38] User +901234567890 has authenticated on the portal.
> (Class::MOP::Class:::after)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2088) INFO:
> [mac:a6:7f:80:d7:1a:38] User +901234567890 has authenticated on the portal.
> (Class::MOP::Class:::after)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2088) INFO:
> [mac:a6:7f:80:d7:1a:38] User +901234567890 has authenticated on the portal.
> (Class::MOP::Class:::after)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2088) INFO:
> [mac:a6:7f:80:d7:1a:38] User +901234567890 has authenticated on the portal.
> (Class::MOP::Class:::after)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2088) INFO:
> [mac:a6:7f:80:d7:1a:38] User +901234567890 has authenticated on the portal.
> (Class::MOP::Class:::after)
> Apr 16 12:33:05 nac01 packetfence_httpd.portal: httpd.portal(2088) INFO:
> [mac:a6:7f:80:d7:1a:38] violation 1300003 force-closed for a6:7f:80:d7:1a:38
> (pf::violation::violation_force_close)
> Apr 16 12:33:06 nac01 packetfence_httpd.portal: httpd.portal(2088) INFO:
> [mac:a6:7f:80:d7:1a:38] Instantiate profile guest01
> (pf::Connection::ProfileFactory::_from_profile)
> Apr 16 12:33:06 nac01 packetfence_httpd.portal: httpd.portal(2088) WARN:
> [mac:a6:7f:80:d7:1a:38] Use of uninitialized value in concatenation (.) or
> string at
> /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Module/Root.pm
> line 89.
> (captiveportal::PacketFence::DynamicRouting::Module::Root::release)
> Apr 16 12:33:06 nac01 packetfence_httpd.portal: httpd.portal(2089) WARN:
> [mac:unknown] locale from the URL is not supported
> (pf::Portal::Session::getLanguages)
> Apr 16 12:33:06 nac01 packetfence_httpd.portal: httpd.portal(2089) INFO:
> [mac:unknown] External captive portal detected !
> (captiveportal::PacketFence::Model::Portal::Session::_build_dispatcherSession)
> Apr 16 12:33:06 nac01 packetfence_httpd.portal: httpd.portal(2089) INFO:
> [mac:unknown] Detected external portal client. Using the IP 10.90.101.24
> address in it's session.
> (captiveportal::PacketFence::Model::Portal::Session::_build_clientIP)
> Apr 16 12:33:06 nac01 packetfence_httpd.portal: httpd.portal(2089) WARN:
> [mac:a6:7f:80:d7:1a:38] locale from the URL is not supported
> (pf::Portal::Session::getLanguages)
> Apr 16 12:33:06 nac01 packetfence_httpd.portal: httpd.portal(2089) INFO:
> [mac:a6:7f:80:d7:1a:38] External captive portal detected !
> (captiveportal::PacketFence::Model::Portal::Session::_build_dispatcherSession)
> Apr 16 12:33:06 nac01 packetfence_httpd.portal: httpd.portal(2089) INFO:
> [mac:a6:7f:80:d7:1a:38] Detected external portal client. Using the IP
> 10.90.101.24 address in it's session.
> (captiveportal::PacketFence::Model::Portal::Session::_build_clientIP)
> Apr 16 12:33:06 nac01 packetfence_httpd.portal: httpd.portal(2089) INFO:
> [mac:a6:7f:80:d7:1a:38] Instantiate profile guest01
> (pf::Connection::ProfileFactory::_from_profile)
> Apr 16 12:33:06 nac01 packetfence_httpd.portal: httpd.portal(2089) WARN:
> [mac:a6:7f:80:d7:1a:38] locale from the URL is not supported
> (captiveportal::PacketFence::Controller::Root::getLanguages)
> Apr 16 12:33:06 nac01 packetfence_httpd.portal: httpd.portal(2089) WARN:
> [mac:a6:7f:80:d7:1a:38] Use of uninitialized value
> $pf::web::constants::URL_NETWORK_LOGOFF in string eq at
> /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm
> line 303.
> (captiveportal::PacketFence::DynamicRouting::Application::process_destination_url)
> Apr 16 12:33:06 nac01 packetfence_httpd.portal: httpd.portal(2089) INFO:
> [mac:a6:7f:80:d7:1a:38] Releasing device
> (captiveportal::PacketFence::DynamicRouting::Module::Root::release)
> Apr 16 12:33:06 nac01 packetfence_httpd.portal: httpd.portal(2089) INFO:
> [mac:a6:7f:80:d7:1a:38] User default has authenticated on the portal.
> (Class::MOP::Class:::after)
> Apr 16 12:33:06 nac01 packetfence_httpd.portal: httpd.portal(2089) WARN:
> [mac:a6:7f:80:d7:1a:38] locale from the URL is not supported
> (pf::Portal::Session::getLanguages)
> Apr 16 12:33:06 nac01 packetfence_httpd.portal: httpd.portal(2089) INFO:
> [mac:a6:7f:80:d7:1a:38] re-evaluating access (manage_register called)
> (pf::enforcement::reevaluate_access)
> Apr 16 12:33:06 nac01 packetfence_httpd.portal: httpd.portal(2089) INFO:
> [mac:a6:7f:80:d7:1a:38] VLAN reassignment is forced.
> (pf::enforcement::_should_we_reassign_vlan)
> Apr 16 12:33:06 nac01 packetfence_httpd.portal: httpd.portal(2089) INFO:
> [mac:a6:7f:80:d7:1a:38] switch port is (f0:9f:c2:69:23:00) ifIndex unknown
> connection type: Wifi Web Auth (pf::enforcement::_vlan_reevaluation)
> Apr 16 12:33:07 nac01 pfqueue: pfqueue(2634) INFO: [mac:a6:7f:80:d7:1a:38]
> [a6:7f:80:d7:1a:38] DesAssociating mac on switch (f0:9f:c2:69:23:00)
> (pf::api::desAssociate)
> Apr 16 12:33:07 nac01 pfqueue: pfqueue(2634) INFO: [mac:a6:7f:80:d7:1a:38]
> Deauth on site: default
> (pf::Switch::Ubiquiti::Unifi::_deauthenticateMacWithHTTP)
> Apr 16 12:33:07 nac01 pfqueue: pfqueue(2634) INFO: [mac:a6:7f:80:d7:1a:38]
> Switched status on the Unifi controller using command authorize-guest
> (pf::Switch::Ubiquiti::Unifi::_deauthenticateMacWithHTTP)
> Apr 16 12:33:16 nac01 packetfence_httpd.portal: httpd.portal(2088) INFO:
> [mac:a6:7f:80:d7:1a:38] URI '/guest/s/m5ax5dl7/' is detected as an external
> captive portal URI (pf::web::externalportal::handle)
> Apr 16 12:33:16 nac01 packetfence_httpd.portal: httpd.portal(2089) INFO:
> [mac:unknown] External captive portal detected !
> (captiveportal::PacketFence::Model::Portal::Session::_build_dispatcherSession)
> Apr 16 12:33:16 nac01 packetfence_httpd.portal: httpd.portal(2089) INFO:
> [mac:unknown] Detected external portal client. Using the IP 10.90.101.24
> address in it's session.
> (captiveportal::PacketFence::Model::Portal::Session::_build_clientIP)
> Apr 16 12:33:16 nac01 packetfence_httpd.portal: httpd.portal(2089) INFO:
> [mac:a6:7f:80:d7:1a:38] External captive portal detected !
> (captiveportal::PacketFence::Model::Portal::Session::_build_dispatcherSession)
> Apr 16 12:33:16 nac01 packetfence_httpd.portal: httpd.portal(2089) INFO:
> [mac:a6:7f:80:d7:1a:38] Detected external portal client. Using the IP
> 10.90.101.24 address in it's session.
> (captiveportal::PacketFence::Model::Portal::Session::_build_clientIP)
> Apr 16 12:33:16 nac01 packetfence_httpd.portal: httpd.portal(2089) INFO:
> [mac:a6:7f:80:d7:1a:38] Instantiate profile guest01
> (pf::Connection::ProfileFactory::_from_profile)
> Apr 16 12:33:16 nac01 packetfence_httpd.portal: httpd.portal(2089) INFO:
> [mac:a6:7f:80:d7:1a:38] User default has authenticated on the portal.
> (Class::MOP::Class:::after)
> Apr 16 12:33:16 nac01 packetfence_httpd.portal: httpd.portal(2089) INFO:
> [mac:a6:7f:80:d7:1a:38] Reevaluating access of device.
> (captiveportal::PacketFence::DynamicRouting::Module::Root::unknown_state)
> Apr 16 12:33:16 nac01 packetfence_httpd.portal: httpd.portal(2089) INFO:
> [mac:a6:7f:80:d7:1a:38] re-evaluating access (manage_register called)
> (pf::enforcement::reevaluate_access)
> Apr 16 12:33:16 nac01 packetfence_httpd.portal: httpd.portal(2089) INFO:
> [mac:a6:7f:80:d7:1a:38] VLAN reassignment is forced.
> (pf::enforcement::_should_we_reassign_vlan)
> Apr 16 12:33:16 nac01 packetfence_httpd.portal: httpd.portal(2089) INFO:
> [mac:a6:7f:80:d7:1a:38] switch port is (f0:9f:c2:69:23:00) ifIndex unknown
> connection type: Wifi Web Auth (pf::enforcement::_vlan_reevaluation)
> Apr 16 12:33:16 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:unknown] External captive portal detected !
> (captiveportal::PacketFence::Model::Portal::Session::_build_dispatcherSession)
> Apr 16 12:33:16 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:unknown] Detected external portal client. Using the IP 10.90.101.24
> address in it's session.
> (captiveportal::PacketFence::Model::Portal::Session::_build_clientIP)
> Apr 16 12:33:16 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:a6:7f:80:d7:1a:38] External captive portal detected !
> (captiveportal::PacketFence::Model::Portal::Session::_build_dispatcherSession)
> Apr 16 12:33:16 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:a6:7f:80:d7:1a:38] Detected external portal client. Using the IP
> 10.90.101.24 address in it's session.
> (captiveportal::PacketFence::Model::Portal::Session::_build_clientIP)
> Apr 16 12:33:16 nac01 packetfence_httpd.portal: httpd.portal(2091) INFO:
> [mac:a6:7f:80:d7:1a:38] Instantiate profile guest01
> (pf::Connection::ProfileFactory::_from_profile)
> Apr 16 12:33:17 nac01 pfqueue: pfqueue(2644) INFO: [mac:a6:7f:80:d7:1a:38]
> [a6:7f:80:d7:1a:38] DesAssociating mac on switch (f0:9f:c2:69:23:00)
> (pf::api::desAssociate)
> Apr 16 12:33:18 nac01 pfqueue: pfqueue(2644) INFO: [mac:a6:7f:80:d7:1a:38]
> Deauth on site: default
> (pf::Switch::Ubiquiti::Unifi::_deauthenticateMacWithHTTP)
> Apr 16 12:33:18 nac01 pfqueue: pfqueue(2644) INFO: [mac:a6:7f:80:d7:1a:38]
> Switched status on the Unifi controller using command authorize-guest
> (pf::Switch::Ubiquiti::Unifi::_deauthenticateMacWithHTTP)
> Apr 16 12:35:18 nac01 pfipset[1091]: t=2019-04-16T12:35:18+0300 lvl=info
> msg="No Inline Network bypass ipsets reload" pid=1091
>
> Unifi Controller Logs:
>
> [12:00:54,596] <webapi-22981> INFO event - [event] Guest[a6:7f:80:d7:1a:38]
> is authorized by Admin[admin] for 480 minutes
> [12:00:59,919] <webapi-22981> INFO event - [event] Guest[a6:7f:80:d7:1a:38]
> is authorized by Admin[admin] for 480 minutes
> [12:01:01,989] <webapi-22984> INFO event - [event] Guest[a6:7f:80:d7:1a:38]
> is authorized by Admin[admin] for 480 minutes
> [12:01:03,893] <webapi-22985> INFO event - [event] Guest[a6:7f:80:d7:1a:38]
> is authorized by Admin[admin] for 480 minutes
> [12:01:06,076] <webapi-22987> INFO event - [event] Guest[a6:7f:80:d7:1a:38]
> is authorized by Admin[admin] for 480 minutes
> [12:01:07,966] <webapi-22986> INFO event - [event] Guest[a6:7f:80:d7:1a:38]
> is authorized by Admin[admin] for 480 minutes
> [12:01:10,228] <webapi-22987> INFO event - [event] Guest[a6:7f:80:d7:1a:38]
> is authorized by Admin[admin] for 480 minutes
>
>
> --
> Emre Eryilmaz
> [email protected]
>
>
>
>
>
--
Emre Eryilmaz
[email protected]
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
