Hi Fabrice, I responded directly to your e-mail asking for remote access and I’m wondering if it got lost in spam or something. Please let me know if you’re still interested in assisting with this issue.
Thanks! From: Oley, Ronald via PacketFence-users <packetfence-users@lists.sourceforge.net> Sent: Friday, October 9, 2020 3:20 PM To: Durand fabrice <fdur...@inverse.ca>; Graham Prentice <gprent...@rocketmail.com>; packetfence-users@lists.sourceforge.net Cc: Oley, Ronald <ronaldo...@kings.edu> Subject: Re: [PacketFence-users] Can't load Captive Portal with Ubiquiti Wireless - GET not supported Hi Fabrice, I responded directly to your e-mail asking for remote access and I’m wondering if it got lost in spam or something. Please let me know if you’re still interested in assisting with this issue. Thanks! From: Durand fabrice <mailto:fdur...@inverse.ca> Sent: Tuesday, October 6, 2020 8:53 PM To: Oley, Ronald <mailto:ronaldo...@kings.edu>; Graham Prentice <mailto:gprent...@rocketmail.com>; mailto:packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] Can't load Captive Portal with Ubiquiti Wireless - GET not supported Hello Ronald, sorry for the delay. Can you do that: bin/pfcmd cache switch_distributed dump Ubiquiti-f0:9f:c2:70:c3:6c And check if the ip returned by this command is defined as a switch in packetfence ? Regards Fabrice Le 20-10-06 à 15 h 59, Oley, Ronald a écrit : Update to this: If I manually add in the AP as another switch, the captive portal works. So the issue here seems to be with the pulling in of the APs from the Unifi controller. As I said before if I use the command pfcmd cache switch_distributed to list out the APs, they do all show up, but the captive portal doesn’t work. We have about 400 Ubiquiti APs, so manually creating an entry for each MAC address is not a great option. Has anyone gotten his working using the pfcmd pfmon ubiquiti_ap_mac_to_ip command? From: Oley, Ronald Sent: Monday, October 5, 2020 4:12 PM To: 'Graham Prentice' mailto:gprent...@rocketmail.com; mailto:packetfence-users@lists.sourceforge.net Cc: Fabrice Durand mailto:fdur...@inverse.ca Subject: RE: [PacketFence-users] Can't load Captive Portal with Ubiquiti Wireless - GET not supported When I run bin/pfcmd cache switch_distributed list I get a list of all of my Ubiquiti APs. The item for the AP in question displays as follows: Ubiquiti-f0:9f:c2:70:c3:6c My haproxy_portal.log shows this when I try to connect to the wifi: Oct 5 16:10:42 packetfence haproxy[1671]: 10.1.28.118:43156 [05/Oct/2020:16:10:42.076] portal-https-10.1.18.45~ 10.1.18.45-backend/127.0.0.1 0/0/0/43/43 501 445 - - ---- 2/1/0/0/0 0/0 {nac-pf01.DOMAIN.COM} "GET /guest/s/94mbh3bf/?ap=f0:9f:c2:70:c3:6c&id=e8:e8:b7:9b:5a:3f&t=1601928641&url=http://connectivitycheck.gstatic.com%2fgenerate_204&ssid=Dev+LeoNet HTTP/1.1" Oct 5 16:10:42 packetfence haproxy[1671]: 10.1.28.118:43158 [05/Oct/2020:16:10:42.302] portal-https-10.1.18.45~ static/<NOSRV> 0/0/0/1/1 200 15326 - - ---- 2/1/0/0/0 0/0 {nac-pf01.DOMAIN.COM} "GET /favicon.ico HTTP/1.1" Thanks! From: Graham Prentice <mailto:gprent...@rocketmail.com> Sent: Friday, October 2, 2020 4:53 PM To: Oley, Ronald <mailto:ronaldo...@kings.edu>; mailto:packetfence-users@lists.sourceforge.net Cc: Fabrice Durand <mailto:fdur...@inverse.ca> Subject: Re: [PacketFence-users] Can't load Captive Portal with Ubiquiti Wireless - GET not supported When I had mine working with Unifi, in the switches section, had the Unifi controller IP and each AP (MAC address) listed. (PF v10.1) Used latest firmware also for Unifi components. Regards, Graham On Friday, October 2, 2020, 03:40:04 PM EDT, Fabrice Durand via PacketFence-users <mailto:packetfence-users@lists.sourceforge.net> wrote: Hello Ronald, first you don't need to specify https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7Ccadec84576c044193f9908d86ec7c3ef%7C93faac0947da4186be23130043bb3418%7C0%7C0%7C637381151559963199&sdata=2Zt7zCYpWIJ2V3g0Pkwv4igu4MU0FXj0bJwPUUCk1eY%3D&reserved=0 , this is set on the controller side. Can you run this command (and paste the result): bin/pfcmd cache switch_distributed list This list is used by PacketFence to map the bssid (included in the http request) to the ip address of the controller. Also can you paste the content of haproxy_portal.log where you have something like: Oct 1 20:48:19 localhost haproxy[8970]: 10.255.1.142:46030 [01/Oct/2020:20:48:19.030] portal-http-172.20.20.86 172.20.20.86-backend/127.0.0.1 0/0/0/11/11 501 444 - - ---- 2/1/0/0/0 0/0 {172.20.20.86} "GET /guest/s/default/?ap=80:2a:a8:86:3d:5b&id=10:cd:b6:04:2c:d2&t=1601599506&url=http://connectivitycheck.gstatic.com%2fgenerate_204&ssid=loveapple HTTP/1.1" Regards Fabrice Le 20-10-02 à 14 h 04, Oley, Ronald a écrit : Sure, both are printed below. In the logs, the 10.1.28.123 address is my wired workstation I’m using to configure PF and view the portal, not a wireless client or AP. Also sanitized our domain to domain.com. SWITCH: [10.1.252.80] description=Ubqiuiti WiFi Controller group=default uplink_dynamic=0 wsPwd=REMOVED controllerIp=10.1.252.80 deauthMethod=HTTPS disconnectPort=0 type=Ubiquiti::Unifi wsUser=REMOVED wsTransport=https registrationVlan=28 registrationUrl=https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7Ccadec84576c044193f9908d86ec7c3ef%7C93faac0947da4186be23130043bb3418%7C0%7C0%7C637381151559973194&sdata=lsEUi75wfEL0M2o%2BzpZU6YISgzsuYqEEGLgUo6qtpsk%3D&reserved=0 UrlMap=Y WiNet_UsersUrl=https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7Ccadec84576c044193f9908d86ec7c3ef%7C93faac0947da4186be23130043bb3418%7C0%7C0%7C637381151559983188&sdata=g3rw55bgYherouoKsKZg7wmzbsS9A6N204I66WUsd3c%3D&reserved=0 WiNet_UsersVlan=28 guestUrl=https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7Ccadec84576c044193f9908d86ec7c3ef%7C93faac0947da4186be23130043bb3418%7C0%7C0%7C637381151559983188&sdata=g3rw55bgYherouoKsKZg7wmzbsS9A6N204I66WUsd3c%3D&reserved=0 WiNet_GeneralVlan=28 guestVlan=28 voiceUrl=https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7Ccadec84576c044193f9908d86ec7c3ef%7C93faac0947da4186be23130043bb3418%7C0%7C0%7C637381151559993186&sdata=OaYDwGAA65%2B9z89ic8p6tGu1MYcxk0n5Fy87LP3BB3w%3D&reserved=0 isolationUrl=https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7Ccadec84576c044193f9908d86ec7c3ef%7C93faac0947da4186be23130043bb3418%7C0%7C0%7C637381151560003184&sdata=C31liwfPLX8CPgNG0XfjhU30dWidh5iIwLlBqymDIwY%3D&reserved=0 WiNet_GeneralUrl=https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7Ccadec84576c044193f9908d86ec7c3ef%7C93faac0947da4186be23130043bb3418%7C0%7C0%7C637381151560003184&sdata=C31liwfPLX8CPgNG0XfjhU30dWidh5iIwLlBqymDIwY%3D&reserved=0 gamingUrl=https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7Ccadec84576c044193f9908d86ec7c3ef%7C93faac0947da4186be23130043bb3418%7C0%7C0%7C637381151560013175&sdata=EL%2FARJh9WcnTyQzU7r7FVoluswcXgpCqBypZb%2FY4Nb0%3D&reserved=0 inlineUrl=https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7Ccadec84576c044193f9908d86ec7c3ef%7C93faac0947da4186be23130043bb3418%7C0%7C0%7C637381151560023176&sdata=mG50jd0qOqQrZObnYQXHJO%2FT1cQkPpLICOEjm7gxfWU%3D&reserved=0 defaultUrl=https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7Ccadec84576c044193f9908d86ec7c3ef%7C93faac0947da4186be23130043bb3418%7C0%7C0%7C637381151560023176&sdata=mG50jd0qOqQrZObnYQXHJO%2FT1cQkPpLICOEjm7gxfWU%3D&reserved=0 REJECTUrl=https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnac-pf01.domain.com%2Fguest%2Fs%2F94mbh3bf%2F&data=02%7C01%7Cronaldoley%40kings.edu%7Ccadec84576c044193f9908d86ec7c3ef%7C93faac0947da4186be23130043bb3418%7C0%7C0%7C637381151560033165&sdata=jWcN5oWwLnAPJPxNu7og0i9BsyKCKy8bgStYoGqZArk%3D&reserved=0 -------------------------------------------------------------------------------------- LOG: Oct 2 03:43:30 packetfence packetfence_httpd.portal: httpd.portal(1971) WARN: [mac:unknown] Unable to match MAC address to IP '10.1.28.123' (pf::ip4log::ip2mac) Oct 2 03:43:30 packetfence packetfence_httpd.portal: httpd.portal(1971) WARN: [mac:00:11:22:33:44:55] Unable to match MAC address to IP '10.1.28.123' (pf::ip4log::ip2mac) Oct 2 03:43:30 packetfence packetfence_httpd.portal: httpd.portal(1971) ERROR: [mac:00:11:22:33:44:55] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::endpoint_attributes) Oct 2 03:43:30 packetfence packetfence_httpd.portal: httpd.portal(1971) WARN: [mac:00:11:22:33:44:55] Use of uninitialized value in string ne at /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line 140. (captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank) Oct 2 03:43:30 packetfence packetfence_httpd.portal: httpd.portal(1971) ERROR: [mac:00:11:22:33:44:55] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::update_collector_endpoint_data) Oct 2 03:44:00 packetfence packetfence_httpd.portal: httpd.portal(2260) WARN: [mac:unknown] Unable to match MAC address to IP '10.1.28.123' (pf::ip4log::ip2mac) Oct 2 03:44:00 packetfence packetfence_httpd.portal: httpd.portal(2260) WARN: [mac:00:11:22:33:44:55] Unable to match MAC address to IP '10.1.28.123' (pf::ip4log::ip2mac) Oct 2 03:44:00 packetfence packetfence_httpd.portal: httpd.portal(2260) ERROR: [mac:00:11:22:33:44:55] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::endpoint_attributes) Oct 2 03:44:00 packetfence packetfence_httpd.portal: httpd.portal(2260) WARN: [mac:00:11:22:33:44:55] Use of uninitialized value in string ne at /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line 140. (captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank) Oct 2 03:44:00 packetfence packetfence_httpd.portal: httpd.portal(2260) ERROR: [mac:00:11:22:33:44:55] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::update_collector_endpoint_data) Oct 2 03:44:30 packetfence packetfence_httpd.portal: httpd.portal(875) WARN: [mac:unknown] Unable to match MAC address to IP '10.1.28.123' (pf::ip4log::ip2mac) Oct 2 03:44:30 packetfence packetfence_httpd.portal: httpd.portal(875) WARN: [mac:00:11:22:33:44:55] Unable to match MAC address to IP '10.1.28.123' (pf::ip4log::ip2mac) Oct 2 03:44:30 packetfence packetfence_httpd.portal: httpd.portal(875) ERROR: [mac:00:11:22:33:44:55] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::endpoint_attributes) Oct 2 03:44:30 packetfence packetfence_httpd.portal: httpd.portal(875) WARN: [mac:00:11:22:33:44:55] Use of uninitialized value in string ne at /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line 140. (captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank) Oct 2 03:44:30 packetfence packetfence_httpd.portal: httpd.portal(875) ERROR: [mac:00:11:22:33:44:55] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::update_collector_endpoint_data) Oct 2 03:45:01 packetfence packetfence_httpd.portal: httpd.portal(1971) WARN: [mac:unknown] Unable to match MAC address to IP '10.1.28.123' (pf::ip4log::ip2mac) Oct 2 03:45:01 packetfence packetfence_httpd.portal: httpd.portal(1971) WARN: [mac:00:11:22:33:44:55] Unable to match MAC address to IP '10.1.28.123' (pf::ip4log::ip2mac) Oct 2 03:45:01 packetfence packetfence_httpd.portal: httpd.portal(1971) ERROR: [mac:00:11:22:33:44:55] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::endpoint_attributes) Oct 2 03:45:01 packetfence packetfence_httpd.portal: httpd.portal(1971) WARN: [mac:00:11:22:33:44:55] Use of uninitialized value in string ne at /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line 140. (captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank) Oct 2 03:45:01 packetfence packetfence_httpd.portal: httpd.portal(1971) ERROR: [mac:00:11:22:33:44:55] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::update_collector_endpoint_data) Oct 2 03:45:28 packetfence pfipset[1481]: t=2020-10-02T03:45:28-0400 lvl=info msg="No Inline Network bypass ipsets reload" pid=1481 Oct 2 03:45:31 packetfence packetfence_httpd.portal: httpd.portal(2260) WARN: [mac:unknown] Unable to match MAC address to IP '10.1.28.123' (pf::ip4log::ip2mac) Oct 2 03:45:31 packetfence packetfence_httpd.portal: httpd.portal(2260) WARN: [mac:00:11:22:33:44:55] Unable to match MAC address to IP '10.1.28.123' (pf::ip4log::ip2mac) Oct 2 03:45:31 packetfence packetfence_httpd.portal: httpd.portal(2260) ERROR: [mac:00:11:22:33:44:55] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::endpoint_attributes) From: Durand fabrice via PacketFence-users mailto:packetfence-users@lists.sourceforge.net Sent: Thursday, October 1, 2020 7:21 PM To: mailto:packetfence-users@lists.sourceforge.net Cc: Durand fabrice mailto:fdur...@inverse.ca Subject: Re: [PacketFence-users] Can't load Captive Portal with Ubiquiti Wireless - GET not supported Hello Ronald, can you provide the switches.conf and the packetfence.log file ? Regards Fabrice Le 20-10-01 à 16 h 19, Oley, Ronald via PacketFence-users a écrit : Unfortunately we’ve already run that command. It does build the AP list properly, but it doesn’t resolve my issue. Can I ask how you configured the Roles for unifi switch in PF? From: Graham Prentice mailto:gprent...@rocketmail.com Sent: Thursday, October 1, 2020 3:06 PM To: mailto:packetfence-users@lists.sourceforge.net Cc: Oley, Ronald mailto:ronaldo...@kings.edu Subject: Re: [PacketFence-users] Can't load Captive Portal with Ubiquiti Wireless - GET not supported Had the same error on a Unifi AP. Was fixed by running: /usr/local/pf/bin/pfcmd pfmon ubiquiti_ap_mac_to_ip Graham On Thursday, October 1, 2020, 02:28:40 PM EDT, Oley, Ronald via PacketFence-users <mailto:packetfence-users@lists.sourceforge.net> wrote: Running the latest version of Unifi controller and PacketFence. Followed the PF setup guide exactly for the Ubiquiti setup (but some confusion on how to handle Roles config for the Unifi Switch). When users connect to Unifi instead of getting the captive poral page they get the error ""Not Implemented - GET to /guest/s/94mbh3bf/ not supported" from PacketFence. I did run the command per the guide to list out all the APs after they were pulled in from the controller as a Switch, and the AP MAC is in the list. I'm guessing the issue is somewhere in the Role config for the switch. We aren't doing any VLAN flipping; I'm fine if they keep the same VLAN since Unifi will trap them until they auth through the portal. So I tried no VLAN config, as well as filling in the current VLAN for the registration and authed user Roles. I also tried Web Auth URL with the URL Ubiquiti is trying to access. No luck. Anybody have this working with a Unifi controller? _______________________________________________ PacketFence-users mailing list mailto:PacketFence-users@lists.sourceforge.net https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=02%7C01%7Cronaldoley%40kings.edu%7Ccadec84576c044193f9908d86ec7c3ef%7C93faac0947da4186be23130043bb3418%7C0%7C0%7C637381151560043164&sdata=3xrwLPhcs060NWWEMXzDXT6dOjP5f1xN2YeXqke3uKI%3D&reserved=0 _______________________________________________ PacketFence-users mailing list mailto:PacketFence-users@lists.sourceforge.net https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=02%7C01%7Cronaldoley%40kings.edu%7Ccadec84576c044193f9908d86ec7c3ef%7C93faac0947da4186be23130043bb3418%7C0%7C0%7C637381151560043164&sdata=3xrwLPhcs060NWWEMXzDXT6dOjP5f1xN2YeXqke3uKI%3D&reserved=0 -- Fabrice Durand mailto:fdur...@inverse.ca :: +1.514.447.4918 (x135) :: https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.inverse.ca%2F&data=02%7C01%7Cronaldoley%40kings.edu%7Ccadec84576c044193f9908d86ec7c3ef%7C93faac0947da4186be23130043bb3418%7C0%7C0%7C637381151560053158&sdata=MsLGK0BpJtBzFeTYetVxbKioq4EkatfcjMYJO0aVgUs%3D&reserved=0 Inverse inc. :: Leaders behind SOGo (https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sogo.nu%2F&data=02%7C01%7Cronaldoley%40kings.edu%7Ccadec84576c044193f9908d86ec7c3ef%7C93faac0947da4186be23130043bb3418%7C0%7C0%7C637381151560063158&sdata=lFzY2B%2BtNRU9h%2FporocF7JXUsZQm7kqu5oF7ym%2FZFf4%3D&reserved=0) and PacketFence (https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpacketfence.org%2F&data=02%7C01%7Cronaldoley%40kings.edu%7Ccadec84576c044193f9908d86ec7c3ef%7C93faac0947da4186be23130043bb3418%7C0%7C0%7C637381151560063158&sdata=BfXf8d9PW9Wrq28v0Ransyhim1z9%2FWqbmJl1kuivtNQ%3D&reserved=0) _______________________________________________ PacketFence-users mailing list mailto:PacketFence-users@lists.sourceforge.net https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=02%7C01%7Cronaldoley%40kings.edu%7Ccadec84576c044193f9908d86ec7c3ef%7C93faac0947da4186be23130043bb3418%7C0%7C0%7C637381151560073148&sdata=UNydozY4IKiT48BU%2FnvZeLOBUQ%2BqCotFIArSjYNIpPA%3D&reserved=0 _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
