Hello Ronald,
sorry for the delay.
Can you do that:
bin/pfcmd cache switch_distributed dump Ubiquiti-f0:9f:c2:70:c3:6c
And check if the ip returned by this command is defined as a switch in
packetfence ?
Regards
Fabrice
Le 20-10-06 à 15 h 59, Oley, Ronald a écrit :
Update to this:
If I manually add in the AP as another switch, the captive portal
works. So the issue here seems to be with the pulling in of the APs
from the Unifi controller. As I said before if I use the commandpfcmd
cache switch_distributed to list out the APs, they do all show up, but
the captive portal doesn’t work. We have about 400 Ubiquiti APs, so
manually creating an entry for each MAC address is not a great option.
Has anyone gotten his working using the pfcmd pfmon
ubiquiti_ap_mac_to_ip command?
*From:* Oley, Ronald
*Sent:* Monday, October 5, 2020 4:12 PM
*To:* 'Graham Prentice' <[email protected]>;
[email protected]
*Cc:* Fabrice Durand <[email protected]>
*Subject:* RE: [PacketFence-users] Can't load Captive Portal with
Ubiquiti Wireless - GET not supported
When I run bin/pfcmd cache switch_distributed list I get a list of all
of my Ubiquiti APs. The item for the AP in question displays as follows:
Ubiquiti-f0:9f:c2:70:c3:6c
My haproxy_portal.log shows this when I try to connect to the wifi:
Oct 5 16:10:42 packetfence haproxy[1671]: 10.1.28.118:43156
[05/Oct/2020:16:10:42.076] portal-https-10.1.18.45~
10.1.18.45-backend/127.0.0.1 0/0/0/43/43 501 445 - - ---- 2/1/0/0/0
0/0 {nac-pf01.DOMAIN.COM} "GET
/guest/s/94mbh3bf/?ap=f0:9f:c2:70:c3:6c&id=e8:e8:b7:9b:5a:3f&t=1601928641&url=http://connectivitycheck.gstatic.com%2fgenerate_204&ssid=Dev+LeoNet
HTTP/1.1"
Oct 5 16:10:42 packetfence haproxy[1671]: 10.1.28.118:43158
[05/Oct/2020:16:10:42.302] portal-https-10.1.18.45~ static/<NOSRV>
0/0/0/1/1 200 15326 - - ---- 2/1/0/0/0 0/0 {nac-pf01.DOMAIN.COM} "GET
/favicon.ico HTTP/1.1"
Thanks!
*From:* Graham Prentice <[email protected]
<mailto:[email protected]>>
*Sent:* Friday, October 2, 2020 4:53 PM
*To:* Oley, Ronald <[email protected]
<mailto:[email protected]>>;
[email protected]
<mailto:[email protected]>
*Cc:* Fabrice Durand <[email protected] <mailto:[email protected]>>
*Subject:* Re: [PacketFence-users] Can't load Captive Portal with
Ubiquiti Wireless - GET not supported
When I had mine working with Unifi, in the switches section, had the
Unifi controller IP and each AP (MAC address) listed. (PF v10.1)
Used latest firmware also for Unifi components.
Regards,
Graham
On Friday, October 2, 2020, 03:40:04 PM EDT, Fabrice Durand via
PacketFence-users <[email protected]
<mailto:[email protected]>> wrote:
Hello Ronald,
first you don't need to specify
https://nac-pf01.domain.com/guest/s/94mbh3bf/
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770419734&sdata=YQ99Su%2BHXs%2FSVgjGD0zIsK2vgyNOowUW0sK7Gz5oBiU%3D&reserved=0>
, this is set on the controller side.
Can you run this command (and paste the result):
bin/pfcmd cache switch_distributed list
This list is used by PacketFence to map the bssid (included in the
http request) to the ip address of the controller.
Also can you paste the content of haproxy_portal.log where you have
something like:
Oct 1 20:48:19 localhost haproxy[8970]: 10.255.1.142:46030
[01/Oct/2020:20:48:19.030] portal-http-172.20.20.86
172.20.20.86-backend/127.0.0.1 0/0/0/11/11 501 444 - - ---- 2/1/0/0/0
0/0 {172.20.20.86} "GET
/guest/s/default/?ap=80:2a:a8:86:3d:5b&id=10:cd:b6:04:2c:d2&t=1601599506&url=http://connectivitycheck.gstatic.com%2fgenerate_204&ssid=loveapple
HTTP/1.1"
Regards
Fabrice
Le 20-10-02 à 14 h 04, Oley, Ronald a écrit :
Sure, both are printed below. In the logs, the 10.1.28.123 address is
my wired workstation I’m using to configure PF and view the portal,
not a wireless client or AP. Also sanitized our domain to domain.com.
SWITCH:
[10.1.252.80]
description=Ubqiuiti WiFi Controller
group=default
uplink_dynamic=0
wsPwd=REMOVED
controllerIp=10.1.252.80
deauthMethod=HTTPS
disconnectPort=0
type=Ubiquiti::Unifi
wsUser=REMOVED
wsTransport=https
registrationVlan=28
registrationUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770419734&sdata=YQ99Su%2BHXs%2FSVgjGD0zIsK2vgyNOowUW0sK7Gz5oBiU%3D&reserved=0>
UrlMap=Y
WiNet_UsersUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770429729&sdata=ybql5Dsgoug8iUp5jmveujewssyzY%2F0fzDrVO%2Fb9OYg%3D&reserved=0>
WiNet_UsersVlan=28
guestUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770429729&sdata=ybql5Dsgoug8iUp5jmveujewssyzY%2F0fzDrVO%2Fb9OYg%3D&reserved=0>
WiNet_GeneralVlan=28
guestVlan=28
voiceUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770439728&sdata=hbhW4QRp0ch1iNEnSUfsOQPPWJZ0Cd6K0BsLz6G0LxQ%3D&reserved=0>
isolationUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770449723&sdata=uPw5y56FFvsGXwcK%2BscE%2BAJcwNuWych3Kjyd0F21bwo%3D&reserved=0>
WiNet_GeneralUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770449723&sdata=uPw5y56FFvsGXwcK%2BscE%2BAJcwNuWych3Kjyd0F21bwo%3D&reserved=0>
gamingUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770459716&sdata=Yt800aBl%2FcnFA16ECoCZMxkWNcANzMEhNK4WFzBl3x4%3D&reserved=0>
inlineUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770459716&sdata=Yt800aBl%2FcnFA16ECoCZMxkWNcANzMEhNK4WFzBl3x4%3D&reserved=0>
defaultUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770469711&sdata=nQsKChtcq1x%2FIztTeOK4PCzOOaLfjV1U5DMVnaiOcZE%3D&reserved=0>
REJECTUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770479707&sdata=A0grbWx7%2B%2BQtbDJKtzOhbgoFsnuURGH8PHLo3cU84xQ%3D&reserved=0>
--------------------------------------------------------------------------------------
LOG:
Oct 2 03:43:30 packetfence packetfence_httpd.portal:
httpd.portal(1971) WARN: [mac:unknown] Unable to match MAC address to
IP '10.1.28.123' (pf::ip4log::ip2mac)
Oct 2 03:43:30 packetfence packetfence_httpd.portal:
httpd.portal(1971) WARN: [mac:00:11:22:33:44:55] Unable to match MAC
address to IP '10.1.28.123' (pf::ip4log::ip2mac)
Oct 2 03:43:30 packetfence packetfence_httpd.portal:
httpd.portal(1971) ERROR: [mac:00:11:22:33:44:55] Error while
communicating with the Fingerbank collector. 500 Can't connect to
127.0.0.1:4723 (pf::fingerbank::endpoint_attributes)
Oct 2 03:43:30 packetfence packetfence_httpd.portal:
httpd.portal(1971) WARN: [mac:00:11:22:33:44:55] Use of uninitialized
value in string ne at
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm
line 140.
(captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank)
Oct 2 03:43:30 packetfence packetfence_httpd.portal:
httpd.portal(1971) ERROR: [mac:00:11:22:33:44:55] Error while
communicating with the Fingerbank collector. 500 Can't connect to
127.0.0.1:4723 (pf::fingerbank::update_collector_endpoint_data)
Oct 2 03:44:00 packetfence packetfence_httpd.portal:
httpd.portal(2260) WARN: [mac:unknown] Unable to match MAC address to
IP '10.1.28.123' (pf::ip4log::ip2mac)
Oct 2 03:44:00 packetfence packetfence_httpd.portal:
httpd.portal(2260) WARN: [mac:00:11:22:33:44:55] Unable to match MAC
address to IP '10.1.28.123' (pf::ip4log::ip2mac)
Oct 2 03:44:00 packetfence packetfence_httpd.portal:
httpd.portal(2260) ERROR: [mac:00:11:22:33:44:55] Error while
communicating with the Fingerbank collector. 500 Can't connect to
127.0.0.1:4723 (pf::fingerbank::endpoint_attributes)
Oct 2 03:44:00 packetfence packetfence_httpd.portal:
httpd.portal(2260) WARN: [mac:00:11:22:33:44:55] Use of uninitialized
value in string ne at
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm
line 140.
(captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank)
Oct 2 03:44:00 packetfence packetfence_httpd.portal:
httpd.portal(2260) ERROR: [mac:00:11:22:33:44:55] Error while
communicating with the Fingerbank collector. 500 Can't connect to
127.0.0.1:4723 (pf::fingerbank::update_collector_endpoint_data)
Oct 2 03:44:30 packetfence packetfence_httpd.portal: httpd.portal(875)
WARN: [mac:unknown] Unable to match MAC address to IP '10.1.28.123'
(pf::ip4log::ip2mac)
Oct 2 03:44:30 packetfence packetfence_httpd.portal: httpd.portal(875)
WARN: [mac:00:11:22:33:44:55] Unable to match MAC address to IP
'10.1.28.123' (pf::ip4log::ip2mac)
Oct 2 03:44:30 packetfence packetfence_httpd.portal: httpd.portal(875)
ERROR: [mac:00:11:22:33:44:55] Error while communicating with the
Fingerbank collector. 500 Can't connect to 127.0.0.1:4723
(pf::fingerbank::endpoint_attributes)
Oct 2 03:44:30 packetfence packetfence_httpd.portal: httpd.portal(875)
WARN: [mac:00:11:22:33:44:55] Use of uninitialized value in string ne
at
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm
line 140.
(captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank)
Oct 2 03:44:30 packetfence packetfence_httpd.portal: httpd.portal(875)
ERROR: [mac:00:11:22:33:44:55] Error while communicating with the
Fingerbank collector. 500 Can't connect to 127.0.0.1:4723
(pf::fingerbank::update_collector_endpoint_data)
Oct 2 03:45:01 packetfence packetfence_httpd.portal:
httpd.portal(1971) WARN: [mac:unknown] Unable to match MAC address to
IP '10.1.28.123' (pf::ip4log::ip2mac)
Oct 2 03:45:01 packetfence packetfence_httpd.portal:
httpd.portal(1971) WARN: [mac:00:11:22:33:44:55] Unable to match MAC
address to IP '10.1.28.123' (pf::ip4log::ip2mac)
Oct 2 03:45:01 packetfence packetfence_httpd.portal:
httpd.portal(1971) ERROR: [mac:00:11:22:33:44:55] Error while
communicating with the Fingerbank collector. 500 Can't connect to
127.0.0.1:4723 (pf::fingerbank::endpoint_attributes)
Oct 2 03:45:01 packetfence packetfence_httpd.portal:
httpd.portal(1971) WARN: [mac:00:11:22:33:44:55] Use of uninitialized
value in string ne at
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm
line 140.
(captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank)
Oct 2 03:45:01 packetfence packetfence_httpd.portal:
httpd.portal(1971) ERROR: [mac:00:11:22:33:44:55] Error while
communicating with the Fingerbank collector. 500 Can't connect to
127.0.0.1:4723 (pf::fingerbank::update_collector_endpoint_data)
Oct 2 03:45:28 packetfence pfipset[1481]: t=2020-10-02T03:45:28-0400
lvl=info msg="No Inline Network bypass ipsets reload" pid=1481
Oct 2 03:45:31 packetfence packetfence_httpd.portal:
httpd.portal(2260) WARN: [mac:unknown] Unable to match MAC address to
IP '10.1.28.123' (pf::ip4log::ip2mac)
Oct 2 03:45:31 packetfence packetfence_httpd.portal:
httpd.portal(2260) WARN: [mac:00:11:22:33:44:55] Unable to match MAC
address to IP '10.1.28.123' (pf::ip4log::ip2mac)
Oct 2 03:45:31 packetfence packetfence_httpd.portal:
httpd.portal(2260) ERROR: [mac:00:11:22:33:44:55] Error while
communicating with the Fingerbank collector. 500 Can't connect to
127.0.0.1:4723 (pf::fingerbank::endpoint_attributes)
*From:*Durand fabrice via PacketFence-users
<[email protected]>
<mailto:[email protected]>
*Sent:* Thursday, October 1, 2020 7:21 PM
*To:* [email protected]
<mailto:[email protected]>
*Cc:* Durand fabrice <[email protected]> <mailto:[email protected]>
*Subject:* Re: [PacketFence-users] Can't load Captive Portal with
Ubiquiti Wireless - GET not supported
Hello Ronald,
can you provide the switches.conf and the packetfence.log file ?
Regards
Fabrice
Le 20-10-01 à 16 h 19, Oley, Ronald via PacketFence-users a écrit :
Unfortunately we’ve already run that command. It does build the
AP list properly, but it doesn’t resolve my issue.
Can I ask how you configured the Roles for unifi switch in PF?
*From:*Graham Prentice <[email protected]>
<mailto:[email protected]>
*Sent:* Thursday, October 1, 2020 3:06 PM
*To:* [email protected]
<mailto:[email protected]>
*Cc:* Oley, Ronald <[email protected]>
<mailto:[email protected]>
*Subject:* Re: [PacketFence-users] Can't load Captive Portal with
Ubiquiti Wireless - GET not supported
Had the same error on a Unifi AP.
Was fixed by running:
/usr/local/pf/bin/pfcmd pfmon ubiquiti_ap_mac_to_ip
Graham
On Thursday, October 1, 2020, 02:28:40 PM EDT, Oley, Ronald via
PacketFence-users <[email protected]
<mailto:[email protected]>> wrote:
Running the latest version of Unifi controller and PacketFence.
Followed the PF setup guide exactly for the Ubiquiti setup (but
some confusion on how to handle Roles config for the Unifi
Switch). When users connect to Unifi instead of getting the
captive poral page they get the error ""Not Implemented - GET to
/guest/s/94mbh3bf/ not supported" from PacketFence.
I did run the command per the guide to list out all the APs after
they were pulled in from the controller as a Switch, and the AP
MAC is in the list.
I'm guessing the issue is somewhere in the Role config for the
switch. We aren't doing any VLAN flipping; I'm fine if they keep
the same VLAN since Unifi will trap them until they auth through
the portal. So I tried no VLAN config, as well as filling in the
current VLAN for the registration and authed user Roles. I also
tried Web Auth URL with the URL Ubiquiti is trying to access. No luck.
Anybody have this working with a Unifi controller?
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770479707&sdata=McZMDdgrwDBiMsRyme%2B%2BRXCxof51bLohUbgYdvel7XE%3D&reserved=0>
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770489705&sdata=oMxjpeavVeXvni3PGcQ7TS2ENPBPg8AW8XFtIhklG1E%3D&reserved=0>
--
Fabrice Durand
[email protected] <mailto:[email protected]> :: +1.514.447.4918
(x135) :: www.inverse.ca
<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.inverse.ca%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770499701&sdata=kb1fQ%2BLnqkpU3YBnE3oa4tC0ebY56HVE0JgYsI59fOo%3D&reserved=0>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu
<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sogo.nu%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770499701&sdata=HxEiE8Avomugp59yaQ4kJhnVuanoKGK64eUH%2FEIedpE%3D&reserved=0>)
and PacketFence (http://packetfence.org
<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpacketfence.org%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770509690&sdata=xKZ%2BZBLJC6G094ekXtRFo81bbLVBCZUPr%2FJkicPYc2Y%3D&reserved=0>)
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770519686&sdata=j3D1eL8X%2BT2v%2FeqklAuafTbl4Kv2%2BFWnO1a8fToaFDQ%3D&reserved=0>
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
