Strange and unexplained (at least to me) behavior. What could cause PF to start populating the list of switches with the vendor ID?
Just to clarify. I had all my Unifi AP initially added to switches list by IP address. Then I ran pfcron command pfcmd pfcron ubiquiti_ap_mac_to_ip Followed by pfcmd cache switch_distributed list Nothing in the output. Then I added one AP by its MAC address and added more lines like it is explained in the document [00:11:22:33:44:55] description=Ubiquiti AP ExternalPortalEnforcement=Y type=Ubiquiti::Unifi controllerIp=1.2.3.4 wsTransport=HTTPS wsUser=admin wsPwd=admin Ran the above commands and still no output. Then after more than 24 hours after taking a break from this monster I returned to PF and tried to connect the guest SSID and voila, no error with 0 MAC address as I showed it earlier The endpoint was able to go through the normal guest singup procedure as configured by the corresponding connection profile And immediately, suspecting that the above mentioned missing list of devices is the culprit I checked it again and to my surprise it is now populated with ALL access points! Why is that ? What is going with pfcron ? I checked the pfcron.conf file, it is empty. But pfcron.conf.defaults has a lot of lines and sections. Which one of them is relevant? What parameter in GUI is configurable and responsible for this interval? And finally, do I really need to add all APs by their MAC address or I could rely on IP to MAC binding ? Eugene From: Enrique Gross via PacketFence-users <packetfence-users@lists.sourceforge.net> Sent: Wednesday, December 21, 2022 11:16 AM To: packetfence-users@lists.sourceforge.net Cc: Enrique Gross <egr...@jcc-advance.com.ar> Subject: Re: [PacketFence-users] 502 Bad Gateway on Captive Portal Hi I'm using PF with Unifi APs for VLAN Enforcement on routed networks, works really well, but I have not tried Web auth, i can run a lab with the last PF version and UAPs firmware and controller version. I will set up the lab and configure it with web auth following the wiki I will post the results. Enrique. El mié, 21 dic 2022 a las 0:25, ypefti--- via PacketFence-users (<packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> >) escribió: Did you check haproxy_portal.log for any telltale clues ? In you connection profile what is the redirection URL ? I set it to our company website and initially the connection to guest SSID ended up with fetching this page. But then it all was broken Eugene From: Dale Riley <dri...@pinerichland.org <mailto:dri...@pinerichland.org> > Sent: Tuesday, December 20, 2022 5:28 PM To: ype...@gmail.com <mailto:ype...@gmail.com> Cc: packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Subject: Re: [PacketFence-users] 502 Bad Gateway on Captive Portal I had it as the IP address only, but changed to redirect using hostname as you pictured as part of this troubleshooting. One thing I noticed on initial setup is that you NEED to reboot your APs after setting everything up before it will work properly. Currently, my clients are able to get to the initial portal pages, enter in the email address or SMS phone number, but get the 502 bad gateway about 20 seconds after clicking continue button on the entry screen. On Tue, Dec 20, 2022 at 8:24 PM <ype...@gmail.com <mailto:ype...@gmail.com> > wrote: And what I’m mad about right now is that with Unifi configured for an external gateway pointing to PF all endpoints previously registered with PF and were subsequently manually unregistered connect to the SSID without any redirection as if it an open SSID. I also ran tcpdump on Unifi controller when they connect and silence, no traffic. It seems they are cached somehow within Unifi and it allows them without any redirect Eugene From: Dale Riley <dri...@pinerichland.org <mailto:dri...@pinerichland.org> > Sent: Tuesday, December 20, 2022 4:48 PM To: ype...@gmail.com <mailto:ype...@gmail.com> Cc: packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Subject: Re: [PacketFence-users] 502 Bad Gateway on Captive Portal I just made sure today that PF was updated. Active directory auth seems to work, further testing on that tomorrow. Both SMS and Email guest registration give the same result. This is out of band. Unifi is redirecting the captive portal to the DNS name of the packetfence install, which is on the server network. Portal is enabled on the management interface. I may need to go through and reinstall PF. I had a lot of trouble getting it working initially, and rebuilt everything from scratch to get it to work. I've just been updating using apt up until now. On Tue, Dec 20, 2022 at 7:37 PM <ype...@gmail.com <mailto:ype...@gmail.com> > wrote: It looks and sounds we need to create a sub-group of those integrating Unifi with PF. Are you on the latest version of PF, Dale ? How do you register the device with the phone number? I believe it is via SMS ? Is your deployment in-band or out-of-band ? I followed the instructions described in the PF latest deployment guide https://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Installation_Guide.pdf And it seems to work but it is not consistent and I keep running into newly discovered problems that I described in the previous email Eugene From: Dale Riley via PacketFence-users <packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> > Sent: Tuesday, December 20, 2022 5:02 AM To: packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Cc: Dale Riley <dri...@pinerichland.org <mailto:dri...@pinerichland.org> > Subject: [PacketFence-users] 502 Bad Gateway on Captive Portal I have an install of PacketFence and it's been working fine for months. Using the captive portal with Unifi APs and a controller. On new registrations, the captive portal comes up fine, but when entering an email or phone number for registration and clicking continue, you get a 502 Bad Gateway. I can't find any relevant logs. Any help would be appreciated. _____ <https://www.pinerichland.org/cms/lib/PA01001138/Centricity/Domain/2/PRSD.jpg> _____ <https://www.pinerichland.org/cms/lib/PA01001138/Centricity/Domain/2/PRSD.jpg> _____ <https://www.pinerichland.org/cms/lib/PA01001138/Centricity/Domain/2/PRSD.jpg> _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net <mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users --
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
