Reply
New Member
Posts: 33
Registered: ‎09-13-2012
Kudos: 35
Solutions: 1

Suggestion to allow guest portal to be used for 'registering' devices

We were hoping to use the guest portal to register devices on our network which can't authenticate using WPA2-Enterprise. This now (since 5.6) almost works as we want it, but falls short in one respect:

 

1) Set up a separate Open or WPA2-PSK SSID with guest control 

2) Users authenticate in the portal with the same radius credentials as they have for our primary SSID

3) User's login is valid for a day before they need to reauthenticate.

 

Where our plan falls over is step 3. Usually the devices which don't support WPA2-Enterprise are exactly the type of device where you can authenticate through a portal, but it is painful (eg. an Amazon Echo), and 'painful every day' is not a solution.

 

What we would like to see is either/or:

a) A way to permanently authorise a device or set an arbitrary expiry/renewal period

b) A configurable expiry/renewal period per auhtorization mechanism in Hotspot settings (ie. 1 day for Facebook, 3 days for Google+, 100 days or 'unlimted' for RADIUS.

 

 I hope this seems like a reasonable feature request, in the meantime however, can anyone suggest a script that might be able to autorenew authorized devices?

 

Veteran Member
Posts: 4,827
Registered: ‎06-13-2015
Kudos: 1306
Solutions: 228

Re: Suggestion to allow guest portal to be used for 'registering' devices

@st-edmunds This can be achieved in several ways through a custom script using the controller API. Either you check for the latest device authorizations and authorize the device for a given time period (can be multiple years if you want) or you can extend the authorization for another day and run the script on a daily basis.

 

See my signature for links to some development tools which may come in handy if you have some PHP skills.

Art of WiFi
Check out our UniFi API browser tool on GitHub. The PHP API client which it uses, can be found here on GitHub.
The thread on our UniFi Device Search tool can be found here, also check out our Captive Portal solutions for UniFi.
New Member
Posts: 22
Registered: ‎03-16-2017
Kudos: 1

Re: Suggestion to allow guest portal to be used for 'registering' devices

[ Edited ]

Although I think this should be a unifi controller setting I'm not adverse to working up a temporary solution given other tools. From a bit of poking around I see there is a extend_guest_validity function on the php library you link to, but all it seems to do it is replicate the functionality of adding 24h to the validity period. That may be as good as it gets (it just has to be looped programatically), but it would be nice to be able to set an 'end' time (or am I being blinded by the extend_guest_auth.php example?)

Veteran Member
Posts: 4,827
Registered: ‎06-13-2015
Kudos: 1306
Solutions: 228

Re: Suggestion to allow guest portal to be used for 'registering' devices


@st-edmunds-it wrote:

Although I think this should be a unifi controller setting I'm not adverse to working up a temporary solution given other tools. From a bit of poking around I see there is a extend_guest_validity function on the php library you link to, but all it seems to do it is replicate the functionality of adding 24h to the validity period. That may be as good as it gets (it just has to be looped programatically), but it would be nice to be able to set an 'end' time (or am I being blinded by the extend_guest_auth.php example?)


I also mentioned the other option which allows you to authorise a guest for a custom period. Can easily be achieved with the authorize_guest() method/function.

Art of WiFi
Check out our UniFi API browser tool on GitHub. The PHP API client which it uses, can be found here on GitHub.
The thread on our UniFi Device Search tool can be found here, also check out our Captive Portal solutions for UniFi.
Regular Member
Posts: 372
Registered: ‎04-24-2014
Kudos: 185
Solutions: 13

Re: Suggestion to allow guest portal to be used for 'registering' devices

You could also use an external portal server to handle registration.  I'm using PacketFence to allow user device registration.  If a user has AD creds for my network, they get a profile package that directs their devices to a hidden SSID that uses EAP-TLS.  If they're guests, they get a profile package that puts them on another hidden SSID that uses standard WPA2-PSK, and they have Internet-only access.

New Member
Posts: 33
Registered: ‎09-13-2012
Kudos: 35
Solutions: 1

Re: Suggestion to allow guest portal to be used for 'registering' devices

Interesting idea. I've been looking at packetfence off and on over the years and it seems quite a bit of work to set up but maybe worth the effort in the end. 

 

I'm digging a bit deeper in the API and php to work around this, but still think it would be nice to be able to do it without third-party involvement. 

Regular Member
Posts: 372
Registered: ‎04-24-2014
Kudos: 185
Solutions: 13

Re: Suggestion to allow guest portal to be used for 'registering' devices

It is a lot of work, and especially now with HSTS causing issues when using a secure captive portal, it's even more of a pain.  But considering all the features you get out of PF, it's pretty awesome.  They even officially have support for guest authorization/revocation for UniFi, though it's kinda weird to set up.  They don't yet officially support dynamic VLAN assignment (I think PF uses CoA from RADIUS whereas UniFI relies on hard-coded VLAN per account in RADIUS and a specific RADIUS attribute).  I imagine it'll all get worked out at some point.

New Member
Posts: 33
Registered: ‎09-13-2012
Kudos: 35
Solutions: 1

Re: Suggestion to allow guest portal to be used for 'registering' devices

Got the gist of this working with a simple script using the API client to enumerates guests who haven't already expired and set a new duration for them, which is a starting point,.It should be easy to split by auth type too.
Veteran Member
Posts: 4,827
Registered: ‎06-13-2015
Kudos: 1306
Solutions: 228

Re: Suggestion to allow guest portal to be used for 'registering' devices

@st-edmunds Good to hear and thanks for the feedback!

Art of WiFi
Check out our UniFi API browser tool on GitHub. The PHP API client which it uses, can be found here on GitHub.
The thread on our UniFi Device Search tool can be found here, also check out our Captive Portal solutions for UniFi.
Reply