When I run bin/pfcmd cache switch_distributed list I get a list of all of my Ubiquiti APs. The item for the AP in question displays as follows:
Ubiquiti-f0:9f:c2:70:c3:6c My haproxy_portal.log shows this when I try to connect to the wifi: Oct 5 16:10:42 packetfence haproxy[1671]: 10.1.28.118:43156 [05/Oct/2020:16:10:42.076] portal-https-10.1.18.45~ 10.1.18.45-backend/127.0.0.1 0/0/0/43/43 501 445 - - ---- 2/1/0/0/0 0/0 {nac-pf01.DOMAIN.COM} "GET /guest/s/94mbh3bf/?ap=f0:9f:c2:70:c3:6c&id=e8:e8:b7:9b:5a:3f&t=1601928641&url=http://connectivitycheck.gstatic.com%2fgenerate_204&ssid=Dev+LeoNet HTTP/1.1" Oct 5 16:10:42 packetfence haproxy[1671]: 10.1.28.118:43158 [05/Oct/2020:16:10:42.302] portal-https-10.1.18.45~ static/<NOSRV> 0/0/0/1/1 200 15326 - - ---- 2/1/0/0/0 0/0 {nac-pf01.DOMAIN.COM} "GET /favicon.ico HTTP/1.1" Thanks! From: Graham Prentice <gprent...@rocketmail.com> Sent: Friday, October 2, 2020 4:53 PM To: Oley, Ronald <ronaldo...@kings.edu>; packetfence-users@lists.sourceforge.net Cc: Fabrice Durand <fdur...@inverse.ca> Subject: Re: [PacketFence-users] Can't load Captive Portal with Ubiquiti Wireless - GET not supported When I had mine working with Unifi, in the switches section, had the Unifi controller IP and each AP (MAC address) listed. (PF v10.1) Used latest firmware also for Unifi components. Regards, Graham On Friday, October 2, 2020, 03:40:04 PM EDT, Fabrice Durand via PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> wrote: Hello Ronald, first you don't need to specify https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770419734&sdata=YQ99Su%2BHXs%2FSVgjGD0zIsK2vgyNOowUW0sK7Gz5oBiU%3D&reserved=0> , this is set on the controller side. Can you run this command (and paste the result): bin/pfcmd cache switch_distributed list This list is used by PacketFence to map the bssid (included in the http request) to the ip address of the controller. Also can you paste the content of haproxy_portal.log where you have something like: Oct 1 20:48:19 localhost haproxy[8970]: 10.255.1.142:46030 [01/Oct/2020:20:48:19.030] portal-http-172.20.20.86 172.20.20.86-backend/127.0.0.1 0/0/0/11/11 501 444 - - ---- 2/1/0/0/0 0/0 {172.20.20.86} "GET /guest/s/default/?ap=80:2a:a8:86:3d:5b&id=10:cd:b6:04:2c:d2&t=1601599506&url=http://connectivitycheck.gstatic.com%2fgenerate_204&ssid=loveapple HTTP/1.1" Regards Fabrice Le 20-10-02 à 14 h 04, Oley, Ronald a écrit : Sure, both are printed below. In the logs, the 10.1.28.123 address is my wired workstation I’m using to configure PF and view the portal, not a wireless client or AP. Also sanitized our domain to domain.com. SWITCH: [10.1.252.80] description=Ubqiuiti WiFi Controller group=default uplink_dynamic=0 wsPwd=REMOVED controllerIp=10.1.252.80 deauthMethod=HTTPS disconnectPort=0 type=Ubiquiti::Unifi wsUser=REMOVED wsTransport=https registrationVlan=28 registrationUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770419734&sdata=YQ99Su%2BHXs%2FSVgjGD0zIsK2vgyNOowUW0sK7Gz5oBiU%3D&reserved=0> UrlMap=Y WiNet_UsersUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770429729&sdata=ybql5Dsgoug8iUp5jmveujewssyzY%2F0fzDrVO%2Fb9OYg%3D&reserved=0> WiNet_UsersVlan=28 guestUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770429729&sdata=ybql5Dsgoug8iUp5jmveujewssyzY%2F0fzDrVO%2Fb9OYg%3D&reserved=0> WiNet_GeneralVlan=28 guestVlan=28 voiceUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770439728&sdata=hbhW4QRp0ch1iNEnSUfsOQPPWJZ0Cd6K0BsLz6G0LxQ%3D&reserved=0> isolationUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770449723&sdata=uPw5y56FFvsGXwcK%2BscE%2BAJcwNuWych3Kjyd0F21bwo%3D&reserved=0> WiNet_GeneralUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770449723&sdata=uPw5y56FFvsGXwcK%2BscE%2BAJcwNuWych3Kjyd0F21bwo%3D&reserved=0> gamingUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770459716&sdata=Yt800aBl%2FcnFA16ECoCZMxkWNcANzMEhNK4WFzBl3x4%3D&reserved=0> inlineUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770459716&sdata=Yt800aBl%2FcnFA16ECoCZMxkWNcANzMEhNK4WFzBl3x4%3D&reserved=0> defaultUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770469711&sdata=nQsKChtcq1x%2FIztTeOK4PCzOOaLfjV1U5DMVnaiOcZE%3D&reserved=0> REJECTUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770479707&sdata=A0grbWx7%2B%2BQtbDJKtzOhbgoFsnuURGH8PHLo3cU84xQ%3D&reserved=0> -------------------------------------------------------------------------------------- LOG: Oct 2 03:43:30 packetfence packetfence_httpd.portal: httpd.portal(1971) WARN: [mac:unknown] Unable to match MAC address to IP '10.1.28.123' (pf::ip4log::ip2mac) Oct 2 03:43:30 packetfence packetfence_httpd.portal: httpd.portal(1971) WARN: [mac:00:11:22:33:44:55] Unable to match MAC address to IP '10.1.28.123' (pf::ip4log::ip2mac) Oct 2 03:43:30 packetfence packetfence_httpd.portal: httpd.portal(1971) ERROR: [mac:00:11:22:33:44:55] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::endpoint_attributes) Oct 2 03:43:30 packetfence packetfence_httpd.portal: httpd.portal(1971) WARN: [mac:00:11:22:33:44:55] Use of uninitialized value in string ne at /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line 140. (captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank) Oct 2 03:43:30 packetfence packetfence_httpd.portal: httpd.portal(1971) ERROR: [mac:00:11:22:33:44:55] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::update_collector_endpoint_data) Oct 2 03:44:00 packetfence packetfence_httpd.portal: httpd.portal(2260) WARN: [mac:unknown] Unable to match MAC address to IP '10.1.28.123' (pf::ip4log::ip2mac) Oct 2 03:44:00 packetfence packetfence_httpd.portal: httpd.portal(2260) WARN: [mac:00:11:22:33:44:55] Unable to match MAC address to IP '10.1.28.123' (pf::ip4log::ip2mac) Oct 2 03:44:00 packetfence packetfence_httpd.portal: httpd.portal(2260) ERROR: [mac:00:11:22:33:44:55] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::endpoint_attributes) Oct 2 03:44:00 packetfence packetfence_httpd.portal: httpd.portal(2260) WARN: [mac:00:11:22:33:44:55] Use of uninitialized value in string ne at /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line 140. (captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank) Oct 2 03:44:00 packetfence packetfence_httpd.portal: httpd.portal(2260) ERROR: [mac:00:11:22:33:44:55] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::update_collector_endpoint_data) Oct 2 03:44:30 packetfence packetfence_httpd.portal: httpd.portal(875) WARN: [mac:unknown] Unable to match MAC address to IP '10.1.28.123' (pf::ip4log::ip2mac) Oct 2 03:44:30 packetfence packetfence_httpd.portal: httpd.portal(875) WARN: [mac:00:11:22:33:44:55] Unable to match MAC address to IP '10.1.28.123' (pf::ip4log::ip2mac) Oct 2 03:44:30 packetfence packetfence_httpd.portal: httpd.portal(875) ERROR: [mac:00:11:22:33:44:55] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::endpoint_attributes) Oct 2 03:44:30 packetfence packetfence_httpd.portal: httpd.portal(875) WARN: [mac:00:11:22:33:44:55] Use of uninitialized value in string ne at /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line 140. (captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank) Oct 2 03:44:30 packetfence packetfence_httpd.portal: httpd.portal(875) ERROR: [mac:00:11:22:33:44:55] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::update_collector_endpoint_data) Oct 2 03:45:01 packetfence packetfence_httpd.portal: httpd.portal(1971) WARN: [mac:unknown] Unable to match MAC address to IP '10.1.28.123' (pf::ip4log::ip2mac) Oct 2 03:45:01 packetfence packetfence_httpd.portal: httpd.portal(1971) WARN: [mac:00:11:22:33:44:55] Unable to match MAC address to IP '10.1.28.123' (pf::ip4log::ip2mac) Oct 2 03:45:01 packetfence packetfence_httpd.portal: httpd.portal(1971) ERROR: [mac:00:11:22:33:44:55] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::endpoint_attributes) Oct 2 03:45:01 packetfence packetfence_httpd.portal: httpd.portal(1971) WARN: [mac:00:11:22:33:44:55] Use of uninitialized value in string ne at /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line 140. (captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank) Oct 2 03:45:01 packetfence packetfence_httpd.portal: httpd.portal(1971) ERROR: [mac:00:11:22:33:44:55] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::update_collector_endpoint_data) Oct 2 03:45:28 packetfence pfipset[1481]: t=2020-10-02T03:45:28-0400 lvl=info msg="No Inline Network bypass ipsets reload" pid=1481 Oct 2 03:45:31 packetfence packetfence_httpd.portal: httpd.portal(2260) WARN: [mac:unknown] Unable to match MAC address to IP '10.1.28.123' (pf::ip4log::ip2mac) Oct 2 03:45:31 packetfence packetfence_httpd.portal: httpd.portal(2260) WARN: [mac:00:11:22:33:44:55] Unable to match MAC address to IP '10.1.28.123' (pf::ip4log::ip2mac) Oct 2 03:45:31 packetfence packetfence_httpd.portal: httpd.portal(2260) ERROR: [mac:00:11:22:33:44:55] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::endpoint_attributes) From: Durand fabrice via PacketFence-users <packetfence-users@lists.sourceforge.net><mailto:packetfence-users@lists.sourceforge.net> Sent: Thursday, October 1, 2020 7:21 PM To: packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> Cc: Durand fabrice <fdur...@inverse.ca><mailto:fdur...@inverse.ca> Subject: Re: [PacketFence-users] Can't load Captive Portal with Ubiquiti Wireless - GET not supported Hello Ronald, can you provide the switches.conf and the packetfence.log file ? Regards Fabrice Le 20-10-01 à 16 h 19, Oley, Ronald via PacketFence-users a écrit : Unfortunately we’ve already run that command. It does build the AP list properly, but it doesn’t resolve my issue. Can I ask how you configured the Roles for unifi switch in PF? From: Graham Prentice <gprent...@rocketmail.com><mailto:gprent...@rocketmail.com> Sent: Thursday, October 1, 2020 3:06 PM To: packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> Cc: Oley, Ronald <ronaldo...@kings.edu><mailto:ronaldo...@kings.edu> Subject: Re: [PacketFence-users] Can't load Captive Portal with Ubiquiti Wireless - GET not supported Had the same error on a Unifi AP. Was fixed by running: /usr/local/pf/bin/pfcmd pfmon ubiquiti_ap_mac_to_ip Graham On Thursday, October 1, 2020, 02:28:40 PM EDT, Oley, Ronald via PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> wrote: Running the latest version of Unifi controller and PacketFence. Followed the PF setup guide exactly for the Ubiquiti setup (but some confusion on how to handle Roles config for the Unifi Switch). When users connect to Unifi instead of getting the captive poral page they get the error ""Not Implemented - GET to /guest/s/94mbh3bf/ not supported" from PacketFence. I did run the command per the guide to list out all the APs after they were pulled in from the controller as a Switch, and the AP MAC is in the list. I'm guessing the issue is somewhere in the Role config for the switch. We aren't doing any VLAN flipping; I'm fine if they keep the same VLAN since Unifi will trap them until they auth through the portal. So I tried no VLAN config, as well as filling in the current VLAN for the registration and authed user Roles. I also tried Web Auth URL with the URL Ubiquiti is trying to access. No luck. Anybody have this working with a Unifi controller? _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770479707&sdata=McZMDdgrwDBiMsRyme%2B%2BRXCxof51bLohUbgYdvel7XE%3D&reserved=0> _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770489705&sdata=oMxjpeavVeXvni3PGcQ7TS2ENPBPg8AW8XFtIhklG1E%3D&reserved=0> -- Fabrice Durand fdur...@inverse.ca<mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) :: www.inverse.ca<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.inverse.ca%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770499701&sdata=kb1fQ%2BLnqkpU3YBnE3oa4tC0ebY56HVE0JgYsI59fOo%3D&reserved=0> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sogo.nu%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770499701&sdata=HxEiE8Avomugp59yaQ4kJhnVuanoKGK64eUH%2FEIedpE%3D&reserved=0>) and PacketFence (http://packetfence.org<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpacketfence.org%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770509690&sdata=xKZ%2BZBLJC6G094ekXtRFo81bbLVBCZUPr%2FJkicPYc2Y%3D&reserved=0>) _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770519686&sdata=j3D1eL8X%2BT2v%2FeqklAuafTbl4Kv2%2BFWnO1a8fToaFDQ%3D&reserved=0>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users