I've been attempting to do a UniFi > PF integration for years, and the PF devs don't seem particularly motivated to improve/maintain it. Of course, the devs over at UI also don't treat it as any kind of a priority item. >From what I can tell, the logic used by PF to determine what kind of Network Application you're using (self-hosted, Cloud Key, UniFiOS Console) for the purpose of web authentication is broken. I got the same error against my UDM SE, which is a UniFiOS Console currently on 3.2.12 firmware. The documentation from PF is based on the old UI (which is no longer supported by Ubiquiti), and tested against firmware versions so old that the documentation is effectively worthless. The only method that works with any kind of reliability is the RADIUS-assigned VLANs; however, Ubiquiti no longer exposes the checkbox to enable RADIUS CoA in the new UI, so the CoA is less than graceful...effectively, once you auth to the PF captive portal, you get kicked from the SSID and have to wait for your client to re-associate - which can take a while depending on the client. However, once the client re-associates, they do end up on the target VLAN as assigned by RADIUS.
Mike On Sun, Feb 11, 2024 at 1:43 PM Lucas Guimaraes via PacketFence-users < [email protected]> wrote: > Hello everyone, > > During about a week I'm testing out PacketFence to implement a captive > portal in Unifi. > > So far, the captive portal seems to be working in Unifi but I'm quite > stuck really hard with the part when any device authorized by the Captive > Portal goes out to the internet very desperately. However, looking at the > logs, I'm seeing a part of the logs when it grabs my attention: > > Feb 11 15:55:59 packetfence httpd.portal-docker-wrapper[4900]: > httpd.portal(16) INFO: [mac:62:9a:e2:75:54:ce] VLAN reassignment is forced. > (pf::enforcement::_should_we_reassign_vlan) > Feb 11 15:55:59 packetfence httpd.portal-docker-wrapper[4900]: > httpd.portal(16) INFO: [mac:62:9a:e2:75:54:ce] switch port is > (192.168.20.11) ifIndex 0connection type: WiFi MAC Auth > (pf::enforcement::_vlan_reevaluation) > Feb 11 15:56:00 packetfence pfqueue[11815]: pfqueue(11815) INFO: > [mac:62:9a:e2:75:54:ce] [62:9a:e2:75:54:ce] DesAssociating mac on switch > (192.168.20.11) (pf::api::desAssociate) > Feb 11 15:56:01 packetfence pfqueue[11815]: pfqueue(11815) ERROR: > [mac:62:9a:e2:75:54:ce] Can't login on the Unifi controller: 404 Not Found > (pf::Switch::Ubiquiti::Unifi::_connect) > Feb 11 15:56:01 packetfence pfqueue[11815]: pfqueue(11815) ERROR: > [mac:62:9a:e2:75:54:ce] Error handling desAssociate : Died at > /usr/local/pf/lib/pf/Switch/Ubiquiti/Unifi.pm line 220. > > I've seen many posts in either the Unifi community, Github and here to > better understand this problem. But as far as I understood, like reading > posts from 6 years old until the latest ones I could find on Google, some > of them say it should have a funcional Unifi controller API set on the > Controller to get that sorted out. So, to solve this issue with the API > connection resolution shown is to disable pmksa_caching=1 to solve this > communication between pf and Unif. I've tried to follow the instructions > but I think it's quite different now than before looking at the Unifi > Controller UCK 2 Plus files. > > Well, following as many instructions as I could understand and also > official documentation, tutorials too but none of them I was able to solve > this of "Can't login on the Unifi controller: 404 Not Found". I don't know > where I'm doing wrong but it's been a while I'm not moving forward with > this Captive Portal Project . Here are some example: > > > https://community.ui.com/questions/Packetfence-7-1-Out-of-Band-Dynamic-VLAN-with-Unifi/556eba20-4c52-44bd-ac9e-cb548408ba12#answer/015d294f-1618-40a9-b379-75aa76aa5563 > > https://github.com/Art-of-WiFi/UniFi-API-client > > > https://www.mail-archive.com/[email protected]/msg14328.html > > > https://www.packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_ubiquiti_2 > > https://www.packetfence.org/doc/PacketFence_Installation_Guide.html > > Right now I've spent so much time on this project that sometimes with so > many different ways to solve this issue "Can't login on the Unifi > controller: 404 Not Found" that I don't even know what to do anymore. > > Please, could someone help? > > -- > Regards, > > > > > AVISO DE CONFIDENCIALIDAD > Este mensaje de correo electrónico y sus adjuntos pueden contener > información confidencial o legalmente privilegiada y está destinado > únicamente al uso de los destinatarios. Esta prohibido a las personas o > entidades que no sean los destinatarios de este correo cualquier tipo de > modificación, copia, distribución, divulgación, retención o uso de la > información que contiene. La divulgación no autorizada, difusión, > distribución, copia o la adopción de cualquier acción basada en la > información aquí contenida, está prohibida. No puede garantizarse que los > correos electrónicos estén libres de errores, ya que pueden ser interceptados, > enmendados o contener virus. Cualquier persona que se comunique con > nosotros por correo electrónico se considera que ha aceptado estos riesgos. > El Propietario de los datos no se hace responsable de errores u omisiones > en este mensaje y niega cualquier responsabilidad por cualquier daño que > surja del uso del correo electrónico y no se responsabiliza por su uso > abusivo, contrario a la moral, a las buenas costumbres o a la ley, o > realizado fuera de las competencias laborales del autor del mail. > CONFIDENTIALITY NOTICE > This e-mail message and any attachments may contain confidential or > legally privileged information and is intended only for the use of the > intended recipient(s). Any unauthorized disclosure, dissemination, > distribution, copying or any action in reliance on the information herein > is prohibited. It is prohibited to persons or entities that are not the > recipient(s) of this email any modification, copying, distribution, > disclosure, retention or use of the information contained therein. E-mails > are not secure and cannot be guaranteed to be error free as they can be > intercepted, amended, or contain viruses. Anyone who communicates with us > by e-mail is deemed to have accepted these risks. The Data Owner is not > responsible for errors or omissions in this message and denies any > responsibility for any damage arising from the use of e-mail. Any opinion > and other statement contained in this message and any attachment are solely > those of the author and do not necessarily represent those of the company. > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
