Good job, Chris and thanks for sharing your progress.
I dare asking my stupid question again ;)
Why users which associated to guest WiFi (Open with a redirect to PF captive
portal) can’t reach PF via HTTP ?
They receive IP address from the local DHCP server and then can ping PF but
there’s no way to go through self-registration
Eugene
From: "packetfence-users@lists.sourceforge.net"
Reply-To: "packetfence-users@lists.sourceforge.net"
Date: Thursday, February 15, 2018 at 8:00 AM
To: "packetfence-users@lists.sourceforge.net"
Cc: Chris Abel
Subject: Re: [PacketFence-users] Unifi APs and CoA
Hey All,
I was able to get deauth working with my Unifi APs and it seems everything
is working smoothly. Here is the configuration I used for the switch in
packetfence:
[Unifi AP IP Address or subnet]
description=Unifi Access Points
group=Unifi
radiusSecret=RaidusPassword
controllerIp=Unifi Controller IP Address
useCoA=N
wsTransport=HTTPS
deauthMethod=HTTPS
wsUser=Unifi Controller Username
wsPwd=Unifi Controller Password
Hope this helps someone. I hope Packetfence releases some documentation on
Unifi AP's because with the necessary applied patch and the unifi controller
changes to config.properties, everything seems to be working well. Actually
in my opinion, it seems to be working better than the hostapd setup in
packetfence and is way easier to setup.
On Wed, Feb 14, 2018 at 3:52 PM, Chris Abel
wrote:
> Hello all,
>
> I am also trying to get my Unifi APs working with packetfence. It seems that I
> am very close. I am able to get the portal to show up on the client when in
> the registration vlan, but after registering, the client never deauth's and
> disconnects from the access point. I can disable my wireless and enable it
> again and the client is assigned the correct role and put into the right vlan,
> so that part seems to be working. I have applied the patch in the following
> way:
>
> in /usr/local/pf I ran "curl
> https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/2735
> .diff | patch -p1"
>
> Is this the correct patch and the correct way to apply it? If so, why is this
> patch not disconnecting the client from the AP?
>
> I have also applied the following to my AP's in Unifi:
>
> /var/lib/unifi/sites//config.properties
> config.system_cfg.1=aaa.1.auth_cache=disabled
> config.system_cfg.2=aaa.2.auth_cache=disabled
> config.system_cfg.3=aaa.1.dynamic_vlan=1
> config.system_cfg.4=aaa.2.dynamic_vlan=1
> config.system_cfg.5=aaa.1.radius.acct.1.ip=
> config.system_cfg.6=aaa.1.radius.acct.1.port=
> config.system_cfg.7=aaa.1.radius.acct.1.secret= password>
> config.system_cfg.8=aaa.2.radius.acct.1.ip=
> config.system_cfg.9=aaa.2.radius.acct.1.port=
> config.system_cfg.10=aaa.2.radius.acct.1.secret= password>
>
>
> What should the configuration be in packetfence when setting up the switch?
> Should I use hostapd or Unifi Controller? Should I enable COA or not?
>
>
> Does anyone have a working setup of Unifi APs with an out of band setup of
> packetfence at this point? If so, could you shed some light and post your
> configurations?
>
> Thanks!
>
> On Sat, Feb 10, 2018 at 1:33 AM, E.P. via PacketFence-users
> wrote:
>> Yes, David, this is my plan to test the captive portal on wired connections
>> to rule out the unruly Unifi APs
>> Ideally I would love to make it also work with HP switches 1820/1920 model
>> because this is the majority of switches installed in our organization.
>> But will try it on Cisco switch as a beginning
>> Thanks again, for your sharing.
>> There’s apparently something wrong with mailing list for packetfence as
>> there’s nothing coming in and I don’t believe it’s only me who persists in
>> making things work and asking for advices
>>
>> Eugene
>>
>> From: David Harvey [mailto:da...@thoughtmachine.net]
>> Sent: Friday, February 09, 2018 4:37 AM
>> To: E.P. ; fdur...@inverse.ca
>> Subject: Re: [PacketFence-users] Unifi APs and CoA
>>
>>
>> Hi Eugene,
>>
>>
>>
>> I'm including Fabrice in case anything I have covered is misleading or plain
>> untrue! I don't want to give you bad advice..
>>
>>
>>
>> I'm running Unifi AP-AC Pros on 3.9.19.8123. I'm pretty sure most of my
>> functionality worked fine from 3.8.x, but bear in mind I'm running EAP-TLS
>> and so haven't had the same open SSID guest portal aspect (which might make
>> my advice less relevant).
>>
>> I've been fumbling through, so I'm sure Fabrice can offer better advice but I
>> would start by saying..
>>
>>
>>
>> My understanding of the additional functionality this patch affords, is
>> dealing with kicking the client off an AP so it will then re-auth and
>> hopefully get put onto the correct VLAN. So before