I’m jumping into this thread as it got my interest as well because we are with Unifi and planning to deploy guest WiFi with WebAuth via the portal.
In the URL that Fabrice advised to configure I believe “s” is for the site name ? http:// <http://%3cPF-IP-PORTAL%3e/guest/s/default/> <PF-IP-PORTAL>/guest/s/default/ which is normally a random alphanumeric string ? Also, the output of “usr/local/pf/bin/pfcmd cache switch_distributed list” doesn’t show me any lists of APs. Is it supposed to be empty ? I have few AP already serving users and acting as RADIUS clients. I have them added by IP address. I ran this one as well before: /usr/local/pf/bin/pfcmd pfcron ubiquiti_ap_mac_to_ip For the certificates I understand it has to be placed into this folder, am I correct ? Captive portal = /usr/local/pf/conf/ssl/server.pem (Private Key + Cert + intermediate) Eugene From: Federico Alberto Sayd via PacketFence-users <packetfence-users@lists.sourceforge.net> Sent: Monday, November 01, 2021 9:59 AM To: Fabrice Durand <oeufd...@gmail.com> Cc: Federico Alberto Sayd <fs...@fca.uncu.edu.ar>; egr...@jcc.com.ar; packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] Trouble trying to enable captive portal with Unifi Controller (WebAuth) Hi Fabrice: I am running Unifi Controller 6.4.54 I reworked my setup from scratch following Enrique's directions and it worked ok, then I rebooted the server and it didn't work anymore. Now the packetfence.log shows this error when I want to authenticate clients using APs managed by Unifi Controller: Nov 1 13:39:33 srv-packetfence packetfence_httpd.portal[1512]: httpd.portal(1512) ERROR: [mac:XX:XX:XX:XX:XX:XX] Can not load perl module for switch f0:9f:c2:f0:07:42, type: Ubiquiti::Unifi . The type is unknown or the perl module has compilation errors. (pf::SwitchFactory::instantiate) Nov 1 13:39:33 srv-packetfence packetfence_httpd.portal[1512]: httpd.portal(1512) ERROR: [mac:XX:XX:XX:XX:XX:XX] Unable to instantiate switch object using switch_id 'f0:9f:c2:f0:07:42' (pf::web::externalportal::handle) Can you help me with this error? Thank you Federico El vie, 29 oct 2021 a las 9:31, Fabrice Durand (<oeufd...@gmail.com <mailto:oeufd...@gmail.com> >) escribió: Hello Frederico, what version of the ubiquiti controller are you running ? Also did you define the switch in the packetfence configuration (like by ip or mac ?) Last thing, can you try that http:// <http://%3cPF-IP-PORTAL%3e/guest/s/default/> <PF-IP-PORTAL>/guest/s/default/ (notice the / at the end). Regards Fabrice Le mer. 27 oct. 2021 à 02:27, Federico Alberto Sayd via PacketFence-users <packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> > a écrit : Hi Enrique: I followed the docs and added Unifi Controller as a switch and configured the web service credentials. PF automatically retrieves the APs managed by Unifi Controller (I checked with the command "/usr/local/pf/bin/pfcmd cache switch_distributed list". I don't know if there is some difference in adding every AP as a switch. What do you mean by "valid certificate"? An HTTPS certificate for the captive portal? I don't know how to configure the roles tab for the Unifi Controller in PF. I don't know how to construct the URL that goes in "Registration" in "Role Mapping by WebAuth URL". Did you configure the roles tab in your setup? Thanks for your help El mar, 26 oct 2021 a las 10:10, Enrique Gross (<egr...@jcc-advance.com.ar <mailto:egr...@jcc-advance.com.ar> >) escribió: Hi Federico We don't use webauth with Unifi, but i remember there was a post about this issue After adding the Unifi Controller to PF, have you tried to add the unifi APs as a switch (by mac address)? Also, have you got a valid certificate on PF? On the unifi side i use "use secure portal option" and dns redirect option I have done a quick test on this, I'm redirected to the pf portal. Enrique El lun, 25 oct 2021 a las 2:33, Federico Alberto Sayd via PacketFence-users (<packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> >) escribió: Hello: I am trying to configure Packetfence as a captive portal for a guest wifi network managed with Unifi Controller (WebAuth Enforcement) I want to redirect my guest wifi users to the captive portal in PacketFence and authenticate them with Google Workspace LDAP. I followed the Network Device Configuration Guide and I added Unifi Controller as a switch in Packetfence config. The connection between Unifi Contoller and PF is working fine, I can retrieve the list of AP's managed by Unifi Controller with the command "/usr/local/pf/bin/pfcmd cache switch_distributed list" I added a second interface in PF and enabled the portal service on it. I configured the portal IP as an external guest portal on Unifi Controller. Also, I configured Google Workspace LDAP as auth source. I didn't specify any rules because I want the same auth source for all users. In "Standard Connections Profile" I changed the default profile to point to Google-LDAP as auth source. When I preview the portal I can confirm the Google LDAP authentication is working fine. But when I try to test the setup, the client's URL is rewritten to http:// <http://%3cPF-IP-PORTAL%3e/guest/s/default> <PF-IP-PORTAL>/guest/s/default and PF shows a 501 error as follow: Not Implemented GET Nos supported for current URL I don't know if I have to configure the roles tab in the switch config and specify a webauth URL. What do I have to put in registration in "Role mapping by Web Auth URL?? Do I need to configure additional roles (by Vlan?? by switch role, etc.) ?? To be frank, I don't understand the roles config and I can't infer from the examples given in the installation guide. Can you help me o provide me with some hint? Thanks in advance. Federico. Additional info: PacketFence: 11.0 SO: Debian 11 Unifi Controller: 6.0.45 _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net <mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net <mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
