When I run bin/pfcmd cache switch_distributed list I get a list of all of my 
Ubiquiti APs.  The item for the AP in question displays as follows:

Ubiquiti-f0:9f:c2:70:c3:6c



My haproxy_portal.log shows this when I try to connect to the wifi:

Oct  5 16:10:42 packetfence haproxy[1671]: 10.1.28.118:43156 
[05/Oct/2020:16:10:42.076] portal-https-10.1.18.45~ 
10.1.18.45-backend/127.0.0.1 0/0/0/43/43 501 445 - - ---- 2/1/0/0/0 0/0 
{nac-pf01.DOMAIN.COM} "GET 
/guest/s/94mbh3bf/?ap=f0:9f:c2:70:c3:6c&id=e8:e8:b7:9b:5a:3f&t=1601928641&url=http://connectivitycheck.gstatic.com%2fgenerate_204&ssid=Dev+LeoNet
 HTTP/1.1"

Oct  5 16:10:42 packetfence haproxy[1671]: 10.1.28.118:43158 
[05/Oct/2020:16:10:42.302] portal-https-10.1.18.45~ static/<NOSRV> 0/0/0/1/1 
200 15326 - - ---- 2/1/0/0/0 0/0 {nac-pf01.DOMAIN.COM} "GET /favicon.ico 
HTTP/1.1"

Thanks!


From: Graham Prentice <gprent...@rocketmail.com>
Sent: Friday, October 2, 2020 4:53 PM
To: Oley, Ronald <ronaldo...@kings.edu>; packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand <fdur...@inverse.ca>
Subject: Re: [PacketFence-users] Can't load Captive Portal with Ubiquiti 
Wireless - GET not supported

When I had mine working with Unifi, in the switches section, had the Unifi 
controller IP and each AP (MAC address) listed. (PF v10.1)
Used latest firmware also for Unifi components.

Regards,

Graham

On Friday, October 2, 2020, 03:40:04 PM EDT, Fabrice Durand via 
PacketFence-users 
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>>
 wrote:



Hello Ronald,

first you don't need to specify 
https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770419734&sdata=YQ99Su%2BHXs%2FSVgjGD0zIsK2vgyNOowUW0sK7Gz5oBiU%3D&reserved=0>
 , this is set on the controller side.

Can you run this command (and paste the result):

bin/pfcmd cache switch_distributed list

This list is used by  PacketFence to map the bssid (included in the http 
request) to the ip address of the controller.

Also can you paste the content of haproxy_portal.log where you have something 
like:

Oct  1 20:48:19 localhost haproxy[8970]: 10.255.1.142:46030 
[01/Oct/2020:20:48:19.030] portal-http-172.20.20.86 
172.20.20.86-backend/127.0.0.1 0/0/0/11/11 501 444 - - ---- 2/1/0/0/0 0/0 
{172.20.20.86} "GET 
/guest/s/default/?ap=80:2a:a8:86:3d:5b&id=10:cd:b6:04:2c:d2&t=1601599506&url=http://connectivitycheck.gstatic.com%2fgenerate_204&ssid=loveapple
 HTTP/1.1"

Regards

Fabrice


Le 20-10-02 à 14 h 04, Oley, Ronald a écrit :

Sure, both are printed below.  In the logs, the 10.1.28.123 address is my wired 
workstation I’m using to configure PF and view the portal, not a wireless 
client or AP.  Also sanitized our domain to domain.com.



SWITCH:

[10.1.252.80]

description=Ubqiuiti WiFi Controller

group=default

uplink_dynamic=0

wsPwd=REMOVED

controllerIp=10.1.252.80

deauthMethod=HTTPS

disconnectPort=0

type=Ubiquiti::Unifi

wsUser=REMOVED

wsTransport=https

registrationVlan=28

registrationUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770419734&sdata=YQ99Su%2BHXs%2FSVgjGD0zIsK2vgyNOowUW0sK7Gz5oBiU%3D&reserved=0>

UrlMap=Y

WiNet_UsersUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770429729&sdata=ybql5Dsgoug8iUp5jmveujewssyzY%2F0fzDrVO%2Fb9OYg%3D&reserved=0>

WiNet_UsersVlan=28

guestUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770429729&sdata=ybql5Dsgoug8iUp5jmveujewssyzY%2F0fzDrVO%2Fb9OYg%3D&reserved=0>

WiNet_GeneralVlan=28

guestVlan=28

voiceUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770439728&sdata=hbhW4QRp0ch1iNEnSUfsOQPPWJZ0Cd6K0BsLz6G0LxQ%3D&reserved=0>

isolationUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770449723&sdata=uPw5y56FFvsGXwcK%2BscE%2BAJcwNuWych3Kjyd0F21bwo%3D&reserved=0>

WiNet_GeneralUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770449723&sdata=uPw5y56FFvsGXwcK%2BscE%2BAJcwNuWych3Kjyd0F21bwo%3D&reserved=0>

gamingUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770459716&sdata=Yt800aBl%2FcnFA16ECoCZMxkWNcANzMEhNK4WFzBl3x4%3D&reserved=0>

inlineUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770459716&sdata=Yt800aBl%2FcnFA16ECoCZMxkWNcANzMEhNK4WFzBl3x4%3D&reserved=0>

defaultUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770469711&sdata=nQsKChtcq1x%2FIztTeOK4PCzOOaLfjV1U5DMVnaiOcZE%3D&reserved=0>

REJECTUrl=https://nac-pf01.domain.com/guest/s/94mbh3bf/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770479707&sdata=A0grbWx7%2B%2BQtbDJKtzOhbgoFsnuURGH8PHLo3cU84xQ%3D&reserved=0>



--------------------------------------------------------------------------------------

LOG:



Oct  2 03:43:30 packetfence packetfence_httpd.portal: httpd.portal(1971) WARN: 
[mac:unknown] Unable to match MAC address to IP '10.1.28.123' 
(pf::ip4log::ip2mac)

Oct  2 03:43:30 packetfence packetfence_httpd.portal: httpd.portal(1971) WARN: 
[mac:00:11:22:33:44:55] Unable to match MAC address to IP '10.1.28.123' 
(pf::ip4log::ip2mac)

Oct  2 03:43:30 packetfence packetfence_httpd.portal: httpd.portal(1971) ERROR: 
[mac:00:11:22:33:44:55] Error while communicating with the Fingerbank 
collector. 500 Can't connect to 127.0.0.1:4723 
(pf::fingerbank::endpoint_attributes)

Oct  2 03:43:30 packetfence packetfence_httpd.portal: httpd.portal(1971) WARN: 
[mac:00:11:22:33:44:55] Use of uninitialized value in string ne at 
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line 
140.

(captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank)

Oct  2 03:43:30 packetfence packetfence_httpd.portal: httpd.portal(1971) ERROR: 
[mac:00:11:22:33:44:55] Error while communicating with the Fingerbank 
collector. 500 Can't connect to 127.0.0.1:4723 
(pf::fingerbank::update_collector_endpoint_data)

Oct  2 03:44:00 packetfence packetfence_httpd.portal: httpd.portal(2260) WARN: 
[mac:unknown] Unable to match MAC address to IP '10.1.28.123' 
(pf::ip4log::ip2mac)

Oct  2 03:44:00 packetfence packetfence_httpd.portal: httpd.portal(2260) WARN: 
[mac:00:11:22:33:44:55] Unable to match MAC address to IP '10.1.28.123' 
(pf::ip4log::ip2mac)

Oct  2 03:44:00 packetfence packetfence_httpd.portal: httpd.portal(2260) ERROR: 
[mac:00:11:22:33:44:55] Error while communicating with the Fingerbank 
collector. 500 Can't connect to 127.0.0.1:4723 
(pf::fingerbank::endpoint_attributes)

Oct  2 03:44:00 packetfence packetfence_httpd.portal: httpd.portal(2260) WARN: 
[mac:00:11:22:33:44:55] Use of uninitialized value in string ne at 
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line 
140.

(captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank)

Oct  2 03:44:00 packetfence packetfence_httpd.portal: httpd.portal(2260) ERROR: 
[mac:00:11:22:33:44:55] Error while communicating with the Fingerbank 
collector. 500 Can't connect to 127.0.0.1:4723 
(pf::fingerbank::update_collector_endpoint_data)

Oct  2 03:44:30 packetfence packetfence_httpd.portal: httpd.portal(875) WARN: 
[mac:unknown] Unable to match MAC address to IP '10.1.28.123' 
(pf::ip4log::ip2mac)

Oct  2 03:44:30 packetfence packetfence_httpd.portal: httpd.portal(875) WARN: 
[mac:00:11:22:33:44:55] Unable to match MAC address to IP '10.1.28.123' 
(pf::ip4log::ip2mac)

Oct  2 03:44:30 packetfence packetfence_httpd.portal: httpd.portal(875) ERROR: 
[mac:00:11:22:33:44:55] Error while communicating with the Fingerbank 
collector. 500 Can't connect to 127.0.0.1:4723 
(pf::fingerbank::endpoint_attributes)

Oct  2 03:44:30 packetfence packetfence_httpd.portal: httpd.portal(875) WARN: 
[mac:00:11:22:33:44:55] Use of uninitialized value in string ne at 
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line 
140.

(captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank)

Oct  2 03:44:30 packetfence packetfence_httpd.portal: httpd.portal(875) ERROR: 
[mac:00:11:22:33:44:55] Error while communicating with the Fingerbank 
collector. 500 Can't connect to 127.0.0.1:4723 
(pf::fingerbank::update_collector_endpoint_data)

Oct  2 03:45:01 packetfence packetfence_httpd.portal: httpd.portal(1971) WARN: 
[mac:unknown] Unable to match MAC address to IP '10.1.28.123' 
(pf::ip4log::ip2mac)

Oct  2 03:45:01 packetfence packetfence_httpd.portal: httpd.portal(1971) WARN: 
[mac:00:11:22:33:44:55] Unable to match MAC address to IP '10.1.28.123' 
(pf::ip4log::ip2mac)

Oct  2 03:45:01 packetfence packetfence_httpd.portal: httpd.portal(1971) ERROR: 
[mac:00:11:22:33:44:55] Error while communicating with the Fingerbank 
collector. 500 Can't connect to 127.0.0.1:4723 
(pf::fingerbank::endpoint_attributes)

Oct  2 03:45:01 packetfence packetfence_httpd.portal: httpd.portal(1971) WARN: 
[mac:00:11:22:33:44:55] Use of uninitialized value in string ne at 
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line 
140.

(captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank)

Oct  2 03:45:01 packetfence packetfence_httpd.portal: httpd.portal(1971) ERROR: 
[mac:00:11:22:33:44:55] Error while communicating with the Fingerbank 
collector. 500 Can't connect to 127.0.0.1:4723 
(pf::fingerbank::update_collector_endpoint_data)

Oct  2 03:45:28 packetfence pfipset[1481]: t=2020-10-02T03:45:28-0400 lvl=info 
msg="No Inline Network bypass ipsets reload" pid=1481

Oct  2 03:45:31 packetfence packetfence_httpd.portal: httpd.portal(2260) WARN: 
[mac:unknown] Unable to match MAC address to IP '10.1.28.123' 
(pf::ip4log::ip2mac)

Oct  2 03:45:31 packetfence packetfence_httpd.portal: httpd.portal(2260) WARN: 
[mac:00:11:22:33:44:55] Unable to match MAC address to IP '10.1.28.123' 
(pf::ip4log::ip2mac)

Oct  2 03:45:31 packetfence packetfence_httpd.portal: httpd.portal(2260) ERROR: 
[mac:00:11:22:33:44:55] Error while communicating with the Fingerbank 
collector. 500 Can't connect to 127.0.0.1:4723 
(pf::fingerbank::endpoint_attributes)







From: Durand fabrice via PacketFence-users 
<packetfence-users@lists.sourceforge.net><mailto:packetfence-users@lists.sourceforge.net>
Sent: Thursday, October 1, 2020 7:21 PM
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Durand fabrice <fdur...@inverse.ca><mailto:fdur...@inverse.ca>
Subject: Re: [PacketFence-users] Can't load Captive Portal with Ubiquiti 
Wireless - GET not supported



Hello Ronald,

can you provide the switches.conf and the packetfence.log file ?

Regards

Fabrice



Le 20-10-01 à 16 h 19, Oley, Ronald via PacketFence-users a écrit :

Unfortunately we’ve already run that command.  It does build the AP list 
properly, but it doesn’t resolve my issue.



Can I ask how you configured the Roles for unifi switch in PF?



From: Graham Prentice 
<gprent...@rocketmail.com><mailto:gprent...@rocketmail.com>
Sent: Thursday, October 1, 2020 3:06 PM
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Oley, Ronald <ronaldo...@kings.edu><mailto:ronaldo...@kings.edu>
Subject: Re: [PacketFence-users] Can't load Captive Portal with Ubiquiti 
Wireless - GET not supported



Had the same error on a Unifi AP.

Was fixed by running:



/usr/local/pf/bin/pfcmd pfmon ubiquiti_ap_mac_to_ip



Graham



On Thursday, October 1, 2020, 02:28:40 PM EDT, Oley, Ronald via 
PacketFence-users 
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>>
 wrote:





Running the latest version of Unifi controller and PacketFence.  Followed the 
PF setup guide exactly for the Ubiquiti setup (but some confusion on how to 
handle Roles config for the Unifi Switch).  When users connect to Unifi instead 
of getting the captive poral page they get the error ""Not Implemented - GET to 
/guest/s/94mbh3bf/ not supported" from PacketFence.



I did run the command per the guide to list out all the APs after they were 
pulled in from the controller as a Switch, and the AP MAC is in the list.



I'm guessing the issue is somewhere in the Role config for the switch.  We 
aren't doing any VLAN flipping; I'm fine if they keep the same VLAN since Unifi 
will trap them until they auth through the portal.  So I tried no VLAN config, 
as well as filling in the current VLAN for the registration and authed user 
Roles.  I also tried Web Auth URL with the URL Ubiquiti is trying to access.  
No luck.



Anybody have this working with a Unifi controller?





_______________________________________________

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770479707&sdata=McZMDdgrwDBiMsRyme%2B%2BRXCxof51bLohUbgYdvel7XE%3D&reserved=0>



_______________________________________________

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770489705&sdata=oMxjpeavVeXvni3PGcQ7TS2ENPBPg8AW8XFtIhklG1E%3D&reserved=0>

--

Fabrice Durand

fdur...@inverse.ca<mailto:fdur...@inverse.ca> ::  +1.514.447.4918 (x135) ::  
www.inverse.ca<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.inverse.ca%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770499701&sdata=kb1fQ%2BLnqkpU3YBnE3oa4tC0ebY56HVE0JgYsI59fOo%3D&reserved=0>

Inverse inc. :: Leaders behind SOGo 
(http://www.sogo.nu<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sogo.nu%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770499701&sdata=HxEiE8Avomugp59yaQ4kJhnVuanoKGK64eUH%2FEIedpE%3D&reserved=0>)
 and PacketFence 
(http://packetfence.org<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpacketfence.org%2F&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770509690&sdata=xKZ%2BZBLJC6G094ekXtRFo81bbLVBCZUPr%2FJkicPYc2Y%3D&reserved=0>)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=02%7C01%7Cronaldoley%40kings.edu%7C93e4ff62c819421f9b1f08d8671522cc%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637372687770519686&sdata=j3D1eL8X%2BT2v%2FeqklAuafTbl4Kv2%2BFWnO1a8fToaFDQ%3D&reserved=0>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to