Ahiya, Share how you configured your connection profile. I remember having success with PF on the older versions and Unifi controller for the similar task. And it is on my short-term plans to reproduce it on the latest version of PF
Eugene -----Original Message----- From: Ahiya Zadok via PacketFence-users <packetfence-users@lists.sourceforge.net> Sent: Wednesday, December 14, 2022 8:05 AM To: packetfence-users@lists.sourceforge.net Cc: Ahiya Zadok <ah...@younity.io> Subject: [PacketFence-users] WiFi captive portal users get "Your computer was not found in the PacketFence database" error Hello community I'm still struggling to set up my PF captive portal with my Unifi controller. I have a PF server (ZEN v12.1.0) and an Unifi controller (V6.5.55). Both servers are installed remotely from the actual site (APs and clients). And, of course, this is an out-of-band wireless-web-auth setup. All PF/Unifi controllers/WAPs/clients are behind NAT (I wonder if this architecture is supported?). All configurations are according to the online guides. When a client tries to access the guest WLAN, its redirected to the portal (my PF server) but gets the below error message: "Your computer was not found in the PacketFence database. Please reboot to solve this issue." I did run the "/usr/local/pf/bin/pfcmd pfmon ubiquiti_ap_mac_to_ip" command, but when running "/usr/local/pf/bin/pfcmd cache switch_distributed list" I get no output. when I run "/usr/local/pf/bin/pfcmd cache switch_distributed dump Ubiquiti-68:d7:9a:16:07:2a" i get this output “$VAR1 = undef;” I notice that the "allowed_device_oui.txt" contain oui only of gaming consoles, is this ok? I've attached below some logs and configuration files. Appreciate any help! Thanks pf.conf ================== # Copyright (C) Inverse inc. [general] # # general.domain # # Domain name of PacketFence system. domain=my.domain # # general.hostname # # Hostname of PacketFence system. This is concatenated with the domain in Apache rewriting rules and therefore must be resolvable by clients. hostname=my.host # # general.timezone # # System's timezone in string format. List generated from Perl library DateTime::TimeZone # When left empty, it will use the timezone of the server timezone=UTC [database] # # database.db # # Name of the MySQL database used by PacketFence. db=pf # # database.user # # Username of the account with access to the MySQL database used by PacketFence. Changing this parameter after the initial configuration will *not* change it in the database it self, only in the configuration. user=pf # # database.pass # # Password for the mysql database used by PacketFence. Changing this parameter after the initial configuration will *not* change it in the database it self, only in the configuration. pass=XXXXXXXXXXXX [captive_portal] # # captive_portal.secure_redirect # # If secure_redirect is enabled, the captive portal uses HTTPS when redirecting # captured clients. This is the default behavior. secure_redirect=disabled # # captive_portal.rate_limiting # # Temporarily deny access to a user that performs too many requests on the captive portal on invalid URLs rate_limiting=disabled [advanced] # advanced.configurator # # Enable the Configurator and the Configurator API configurator=disabled # advanced.openid_attributes # # List of known OpenID Attributes openid_attributes= [interface eth0] ip=1x.x.x.x type=management,portal mask=255.255.252.0 roles.conf =================================================== [guest] inherit_web_auth_url=disabled inherit_vlan=disabled inherit_role=disabled auth source ===================== [null-source] type=Null description=null-source set_access_durations_action= [null-source rule catchall] status=enabled action1=set_access_duration=12h match=all action0=set_role=guest class=authentication switch.conf ================================================ [my unifi controller IP] SNMPCommunityRead=XXXXXXXX SNMPVersion=2c wsUser=XXXXXXXXX wsPwd=xxxxxxxxxxx isolationVlan=1 guestVlan=1 registrationVlan=1 group=Unifi ExternalPortalEnforcement=Y # Copyright (C) Inverse inc. # # # # See the enclosed file COPYING for license information (GPL). # If you did not receive this file, see # http://www.fsf.org/licensing/licenses/gpl.html [192.168.0.1] description=Test Switch type=Cisco::Catalyst_2960 mode=production uplink=23,24 VoIPLLDPDetect=N #SNMPVersion = 3 #SNMPEngineID = 0000000000000 #SNMPUserNameRead = readUser #SNMPAuthProtocolRead = MD5 #SNMPAuthPasswordRead = authpwdread #SNMPPrivProtocolRead = DES #SNMPPrivPasswordRead = privpwdread #SNMPUserNameWrite = writeUser #SNMPAuthProtocolWrite = MD5 #SNMPAuthPasswordWrite = authpwdwrite #SNMPPrivProtocolWrite = DES #SNMPPrivPasswordWrite = privpwdwrite #SNMPVersionTrap = 3 #SNMPUserNameTrap = readUser #SNMPAuthProtocolTrap = MD5 #SNMPAuthPasswordTrap = authpwdread #SNMPPrivProtocolTrap = DES #SNMPPrivPasswordTrap = privpwdread [192.168.1.0/24] description=Test Range WLC type=Cisco::WLC mode=production uplink_dynamic=0 VoIPLLDPDetect=N [group Unifi] type=Ubiquiti::Unifi description=unifi VoIPDHCPDetect=N deauthMethod=HTTPS VlanMap=N wsTransport=https haproxy_portal.log ====================================================== .aspx?replaceCurrent=1&url=https://x.x.x.x/ecp HTTP/1.1" Dec 14 14:51:57 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51313 [14/Dec/2022:14:51:56.145] portal-http-1x.x.x.x proxy/proxy 0/0/1/933/934 200 1039 - - ---- 2/1/0/0/0 0/0 {x.x.x.x:80} "GET /guest/s/6qca4zw5/?ap=68:d7:9a:16:07:2a&id=4a:7f:54:ab:28:f2&t=1671029515&url=http://captive.apple.com%2Fhotspot-detect.html&ssid=test HTTP/1.0" Dec 14 14:51:57 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51061 [14/Dec/2022:14:51:57.617] portal-http-1x.x.x.x proxy/proxy 0/0/0/2/2 200 1030 - - ---- 2/1/0/0/0 0/0 {x.x.x.x} "GET /guest/s/6qca4zw5/?ap=68:d7:9a:16:07:2a&id=4a:7f:54:ab:28:f2&t=1671029517&url=http://captive.apple.com%2Fhotspot-detect.html&ssid=test HTTP/1.1" Dec 14 14:51:57 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51315 [14/Dec/2022:14:51:57.924] portal-http-1x.x.x.x proxy/proxy 0/0/0/3/3 200 1039 - - ---- 3/2/0/0/0 0/0 {x.x.x.x:80} "GET /guest/s/6qca4zw5/?ap=68:d7:9a:16:07:2a&id=4a:7f:54:ab:28:f2&t=1671029517&url=http://captive.apple.com%2Fhotspot-detect.html&ssid=test HTTP/1.0" Dec 14 14:51:58 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51063 [14/Dec/2022:14:51:58.162] portal-http-1x.x.x.x 1x.x.x.x-backend/containers-gateway.internal:8080 0/0/0/40/40 200 4933 - - ---- 3/2/0/0/0 0/0 {my.fqdn} "GET /captive-portal?destination_url=http://x.x.x.x/guest/s/6qca4zw5/?ap=68:d7:9a:16:07:2a&id=4a:7f:54:ab:28:f2&t=1671029517&url=http://captive.apple.com%2Fhotspot-detect.html&ssid=test HTTP/1.1" Dec 14 14:51:58 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51065 [14/Dec/2022:14:51:58.942] portal-http-1x.x.x.x static/static 0/0/0/1/1 200 6157 - - ---- 5/4/1/1/0 0/0 {my.fqdn} "GET /common/pf.js HTTP/1.1" Dec 14 14:51:58 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51064 [14/Dec/2022:14:51:58.942] portal-http-1x.x.x.x static/static 0/0/0/1/1 200 42006 - - ---- 5/4/0/0/0 0/0 {my.fqdn} "GET /common/styles.css HTTP/1.1" Dec 14 14:51:58 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51066 [14/Dec/2022:14:51:58.944] portal-http-1x.x.x.x static/static 0/0/0/0/0 200 8239 - - ---- 6/5/0/0/0 0/0 {my.fqdn} "GET /content/captiveportal.js HTTP/1.1" Dec 14 14:51:58 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51068 [14/Dec/2022:14:51:58.952] portal-http-1x.x.x.x static/static 0/0/0/1/1 200 1506 - - ---- 8/7/1/1/0 0/0 {my.fqdn} "GET /common/jquery-shim.js HTTP/1.1" Dec 14 14:51:58 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51067 [14/Dec/2022:14:51:58.952] portal-http-1x.x.x.x static/static 0/0/0/1/1 200 20248 - - ---- 8/7/0/0/0 0/0 {my.fqdn} "GET /common/qrcode.min.js HTTP/1.1" Dec 14 14:51:59 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51063 [14/Dec/2022:14:51:59.224] portal-http-1x.x.x.x static/static 0/0/0/0/0 200 4480 - - ---- 8/7/0/0/0 0/0 {my.fqdn} "GET /common/packetfence-cp.png HTTP/1.1" Dec 14 14:51:59 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51065 [14/Dec/2022:14:51:59.254] portal-http-1x.x.x.x static/static 0/0/0/0/0 200 39912 - - ---- 8/7/0/0/0 0/0 {my.fqdn} "GET /common/img/sprite.svg HTTP/1.1" Dec 14 14:51:59 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51064 [14/Dec/2022:14:51:59.252] portal-http-1x.x.x.x 1x.x.x.x-backend/containers-gateway.internal:8080 0/0/0/35/35 200 789 - - ---- 8/7/0/0/0 0/0 {my.fqdn} "POST /record_destination_url HTTP/1.1" Dec 14 14:52:01 packetfence haproxy-portal-docker-wrapper[1466]: x.x.x.x:51317 [14/Dec/2022:14:51:59.561] portal-http-1x.x.x.x proxy/proxy 0/0/0/1522/1522 200 1039 - - ---- 9/8/0/0/0 0/0 {x.x.x.x:80} "GET /guest/s/6qca4zw5/?ap=68:d7:9a:16:07:2a&id=4a:7f:54:ab:28:f2&t=1671029519&url=http://captive.apple.com%2Fhotspot-detect.html&ssid=test HTTP/1.0" packetfence.log ============================================================= Dec 14 14:54:33 packetfence httpd.dispatcher-docker-wrapper[2727]: httpd.dispatcher: Ip2Mac mac for x.x.x.x not found sql: no rows in result set Dec 14 14:54:33 packetfence httpd.dispatcher-docker-wrapper[2727]: httpd.dispatcher: Ip2Mac mac for x.x.x.x not found sql: no rows in result set Dec 14 14:54:34 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(87) WARN: [mac:unknown] Unable to match MAC address to IP 'x.x.x.x' (pf::ip4log::ip2mac) Dec 14 14:54:34 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(87) WARN: [mac:0] Unable to match MAC address to IP 'x.x.x.x' (pf::ip4log::ip2mac) Dec 14 14:54:34 packetfence httpd.dispatcher-docker-wrapper[2727]: httpd.dispatcher: Ip2Mac mac for x.x.x.x not found sql: no rows in result set Dec 14 14:54:34 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(87) WARN: [mac:unknown] Unable to match MAC address to IP 'x.x.x.x' (pf::ip4log::ip2mac) Dec 14 14:54:34 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(87) WARN: [mac:0] Unable to match MAC address to IP 'x.x.x.x' (pf::ip4log::ip2mac) Dec 14 14:54:37 packetfence httpd.dispatcher-docker-wrapper[2727]: httpd.dispatcher: Ip2Mac mac for x.x.x.x not found sql: no rows in result set Dec 14 14:54:42 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(89) INFO: [mac:00:11:22:33:44:55] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Dec 14 14:54:52 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(90) INFO: [mac:00:11:22:33:44:55] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Dec 14 14:55:03 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(89) INFO: [mac:00:11:22:33:44:55] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Dec 14 14:55:09 packetfence pfperl-api-docker-wrapper[1734]: pfperl-api(17) INFO: [mac:[undef]] Using 300 resolution threshold (pf::pfcron::task::cluster_check::run) Dec 14 14:55:09 packetfence pfperl-api-docker-wrapper[1734]: pfperl-api(17) INFO: [mac:[undef]] All cluster members are running the same configuration version (pf::pfcron::task::cluster_check::run) Dec 14 14:55:09 packetfence pfperl-api-docker-wrapper[1734]: pfperl-api(14) INFO: [mac:[undef]] getting security_events triggers for accounting cleanup (pf::accounting::acct_maintenance) Dec 14 14:55:09 packetfence pfperl-api-docker-wrapper[1734]: pfperl-api(11) INFO: [mac:[undef]] processed 0 security_events during security_event maintenance (1671029709.13696 1671029709.14665) (pf::security_event::security_event_maintenance) Dec 14 14:55:09 packetfence httpd.dispatcher-docker-wrapper[2727]: httpd.dispatcher: Ip2Mac mac for x.x.x.x not found sql: no rows in result set Dec 14 14:55:09 packetfence httpd.dispatcher-docker-wrapper[2727]: httpd.dispatcher: Ip2Mac mac for x.x.x.x not found sql: no rows in result set Dec 14 14:55:10 packetfence httpd.dispatcher-docker-wrapper[2727]: httpd.dispatcher: Ip2Mac mac for x.x.x.x not found sql: no rows in result set Dec 14 14:55:10 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(88) WARN: [mac:unknown] Unable to match MAC address to IP 'x.x.x.x' (pf::ip4log::ip2mac) Dec 14 14:55:10 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(88) WARN: [mac:0] Unable to match MAC address to IP 'x.x.x.x' (pf::ip4log::ip2mac) Dec 14 14:55:10 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(90) WARN: [mac:unknown] Unable to match MAC address to IP 'x.x.x.x' (pf::ip4log::ip2mac) Dec 14 14:55:10 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(90) WARN: [mac:0] Unable to match MAC address to IP 'x.x.x.x' (pf::ip4log::ip2mac) Dec 14 14:55:13 packetfence httpd.dispatcher-docker-wrapper[2727]: httpd.dispatcher: Ip2Mac mac for x.x.x.x not found sql: no rows in result set Dec 14 14:55:13 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(90) INFO: [mac:00:11:22:33:44:55] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Dec 14 14:55:23 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(89) INFO: [mac:00:11:22:33:44:55] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Dec 14 14:55:33 packetfence httpd.portal-docker-wrapper[4130]: httpd.portal(88) INFO: [mac:00:11:22:33:44:55] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Dec 14 14:55:41 packetfence httpd.dispatcher-docker-wrapper[2727]: httpd.dispatcher: Ip2Mac mac for 179.60.149.71 not found sql: no rows in result set Dec 14 14:55:41 packetfence httpd.dispatcher-docker-wrapper[2727]: httpd.dispatcher: Ip2Mac mac for 179.60.149.71 not found sql: no rows in result set _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
