Federico, Your config seems to be ok, and you follow the docs accordingly. I have tested erasing APs by MAC as switches, and only the controller seems to work for webauth, which is great and you are right, it is not necessary to add the APs.
First, try to get working the unifi external portal redirection, this is my actual config: [image: imagen.png] 10.100.0.2 is an ip of a portal enabled interface, and routable from the client perspective, if redirecting using hostname is used, hostname should also resolve the PF portal IP. And access control rule [image: imagen.png] I found that installing an HTTPS certificate for the portal is important to maintain valid connections when being redirected, and also to make the client's captive-portal mechanism detection work really well. Regarding roles, i think Unifi can't assign VLANS using webauth, and i have not tested with "Role mapping by Web Auth URL", I set both options by default on my test, PF will authorize the device if authenticates successfully on the portal, my advice is to use the null authentication source for testing Enrique El mar, 26 oct 2021 a las 15:22, Federico Alberto Sayd (< fs...@fca.uncu.edu.ar>) escribió: > Hi Enrique: > > I followed the docs and added Unifi Controller as a switch and configured > the web service credentials. PF automatically retrieves the APs managed by > Unifi Controller (I checked with the command "/usr/local/pf/bin/pfcmd > cache switch_distributed list". > > I don't know if there is some difference in adding every AP as a switch. > > What do you mean by "valid certificate"? An HTTPS certificate for the > captive portal? > > I don't know how to configure the roles tab for the Unifi Controller in > PF. I don't know how to construct the URL that goes in "Registration" in > "Role Mapping by WebAuth URL". > > Did you configure the roles tab in your setup? > > Thanks for your help > > > El mar, 26 oct 2021 a las 10:10, Enrique Gross (<egr...@jcc-advance.com.ar>) > escribió: > >> Hi Federico >> >> We don't use webauth with Unifi, but i remember there was a post about >> this issue >> >> After adding the Unifi Controller to PF, have you tried to add the unifi >> APs as a switch (by mac address)? Also, have you got a valid certificate on >> PF? >> >> On the unifi side i use "use secure portal option" and dns redirect >> option >> >> I have done a quick test on this, I'm redirected to the pf portal. >> >> >> Enrique >> >> >> >> El lun, 25 oct 2021 a las 2:33, Federico Alberto Sayd via >> PacketFence-users (<packetfence-users@lists.sourceforge.net>) escribió: >> >>> Hello: >>> >>> I am trying to configure Packetfence as a captive portal for a guest >>> wifi network managed with Unifi Controller (WebAuth Enforcement) >>> >>> I want to redirect my guest wifi users to the captive portal in >>> PacketFence and authenticate them with Google Workspace LDAP. >>> >>> I followed the Network Device Configuration Guide and I added Unifi >>> Controller as a switch in Packetfence config. The connection between Unifi >>> Contoller and PF is working fine, I can retrieve the list of AP's managed >>> by Unifi Controller with the command "/usr/local/pf/bin/pfcmd cache >>> switch_distributed list" >>> >>> I added a second interface in PF and enabled the portal service on it. I >>> configured the portal IP as an external guest portal on Unifi Controller. >>> >>> Also, I configured Google Workspace LDAP as auth source. I didn't >>> specify any rules because I want the same auth source for all users. >>> In "Standard Connections Profile" I changed the default profile to point >>> to Google-LDAP as auth source. When I preview the portal I can confirm the >>> Google LDAP authentication is working fine. >>> >>> But when I try to test the setup, the client's URL is rewritten to >>> http://<PF-IP-PORTAL>/guest/s/default and PF shows a 501 error as >>> follow: >>> >>> Not Implemented >>> GET Nos supported for current URL >>> >>> I don't know if I have to configure the roles tab in the switch config >>> and specify a webauth URL. What do I have to put in registration in "Role >>> mapping by Web Auth URL?? >>> Do I need to configure additional roles (by Vlan?? by switch role, etc.) >>> ?? >>> >>> To be frank, I don't understand the roles config and I can't infer from >>> the examples given in the installation guide. >>> >>> Can you help me o provide me with some hint? >>> >>> Thanks in advance. >>> >>> Federico. >>> >>> >>> Additional info: >>> PacketFence: 11.0 >>> SO: Debian 11 >>> Unifi Controller: 6.0.45 >>> >>> >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> PacketFence-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >> >> >> -- >> >> [image: Imágenes integradas 1] >> > -- [image: Imágenes integradas 1]
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
