UDMP Authentication failure

[FlyingDiver]

Testing on UDMP running 1.8.1-rc3

Started plugin "miniUniFi 0.0.3"
   miniUniFi Error                 Error in plugin execution runConcurrentThread:

Traceback (most recent call last):
  File "plugin.py", line 85, in runConcurrentThread
  File "plugin.py", line 186, in updateUniFiController
  File "/Library/Application Support/Perceptive Automation/Indigo 7.4/IndigoPluginHost.app/Contents/Resources/PlugIns/requests/sessions.py", line 520, in post
  File "/Library/Application Support/Perceptive Automation/Indigo 7.4/IndigoPluginHost.app/Contents/Resources/PlugIns/requests/sessions.py", line 477, in request
  File "/Library/Application Support/Perceptive Automation/Indigo 7.4/IndigoPluginHost.app/Contents/Resources/PlugIns/requests/sessions.py", line 587, in send
  File "/Library/Application Support/Perceptive Automation/Indigo 7.4/IndigoPluginHost.app/Contents/Resources/PlugIns/requests/adapters.py", line 481, in send
ConnectionError: HTTPSConnectionPool(host='192.168.0.254', port=8443): Max retries exceeded with url: /proxy/network/api/auth/login (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x10ac92fd0>: Failed to establish a new connection: [Errno 61] Connection refused',))

   miniUniFi Error                 plugin runConcurrentThread function returned or failed (will attempt again in 10 seconds)

[FlyingDiver]

That IP address seems very suspect. The UDMP is actually on .254?

[DoctorQ991]

My IP is 10.0.1.1 and I get the same error. UDMP running 1.8.0 FW, controller 5.14.22 build 13865.

[FlyingDiver]

What's the URL you end up at when connecting to the web interface?

[DoctorQ991]

https://10.0.1.1/network/site/default/dashboard

[Koreysherwin]

Yes that is the correct IP.

https://192.168.0.254/network/site/default/dashboard

[FlyingDiver]

OK, I'm researching the difference in the API URLs for the UDMP. I thought I had the right code based on my original source, but I'm looking at more now. This is all undocumented API, so it's a little tricky.

[Koreysherwin]

if you need access to the unit, let me know I can setup an account for you.

I had Karl snooping around for awhile. 😆

[FlyingDiver]

Both of you are getting the exact same error?

Do me a favor and pick the non-Pro controller type and see what errors you get.

[DoctorQ991]

Last line of error is slightly different

Traceback (most recent call last): File "plugin.py", line 85, in runConcurrentThread File "plugin.py", line 186, in updateUniFiController File "/Library/Application Support/Perceptive Automation/Indigo 7.4/IndigoPluginHost.app/Contents/Resources/PlugIns/requests/sessions.py", line 520, in post File "/Library/Application Support/Perceptive Automation/Indigo 7.4/IndigoPluginHost.app/Contents/Resources/PlugIns/requests/sessions.py", line 477, in request File "/Library/Application Support/Perceptive Automation/Indigo 7.4/IndigoPluginHost.app/Contents/Resources/PlugIns/requests/sessions.py", line 587, in send File "/Library/Application Support/Perceptive Automation/Indigo 7.4/IndigoPluginHost.app/Contents/Resources/PlugIns/requests/adapters.py", line 481, in send ConnectionError: HTTPSConnectionPool(host='10.0.1.1', port=8443): Max retries exceeded with url: /api/login (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x105cdd590>: Failed to establish a new connection: [Errno 61] Connection refused',))

miniUniFi Error plugin runConcurrentThread function returned or failed (will attempt again in 10 seconds)

[FlyingDiver]

Honestly, this is looking like a firewall or similar error. Connection refused means it's not even getting the connection to make the HTTP request.

Does the UDMP have a configuration section where you can specify which IP addresses or networks can connect?

[DoctorQ991]

That was for the UDM. This is for SW:

Traceback (most recent call last): File "plugin.py", line 85, in runConcurrentThread File "plugin.py", line 186, in updateUniFiController File "/Library/Application Support/Perceptive Automation/Indigo 7.4/IndigoPluginHost.app/Contents/Resources/PlugIns/requests/sessions.py", line 520, in post File "/Library/Application Support/Perceptive Automation/Indigo 7.4/IndigoPluginHost.app/Contents/Resources/PlugIns/requests/sessions.py", line 477, in request File "/Library/Application Support/Perceptive Automation/Indigo 7.4/IndigoPluginHost.app/Contents/Resources/PlugIns/requests/sessions.py", line 587, in send File "/Library/Application Support/Perceptive Automation/Indigo 7.4/IndigoPluginHost.app/Contents/Resources/PlugIns/requests/adapters.py", line 481, in send ConnectionError: HTTPSConnectionPool(host='10.0.1.1', port=8443): Max retries exceeded with url: /api/login (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x105cdd290>: Failed to establish a new connection: [Errno 61] Connection refused',))

miniUniFi Error plugin runConcurrentThread function returned or failed (will attempt again in 10 seconds)

[FlyingDiver]

Yeah, so same error. Before it even processed the HTTP request. Something is blocking the connection.

[DoctorQ991]

I just tried opening all local IPs to the UDMPs MAC address in the firewall, something that seems redundant, no joy. I've been unable to access Security Spy outside of the LAN since I installed the UDMP, so I'm still fumbling around with learning Ubiquiti's software.

[FlyingDiver]

It might be worth installing this software and seeing if it can connect to the UDMP.

https://github.com/Art-of-WiFi/UniFi-API-client

[DoctorQ991]

Er, you must have mistaken me for a programmer ;-)

[FlyingDiver]

Yeah, OK, maybe not.

[FlyingDiver]

if you need access to the unit, let me know I can setup an account for you.

Yeah, maybe that would be best. Send me the info in a PM on the Indigo forums.

[FlyingDiver]

@Koreysherwin - Can you download the most recent commit and try it? I did a minor tweak to the UDMP login URL.

[Koreysherwin]

Starting plugin "miniUniFi 0.0.5" (pid 81915) Started plugin "miniUniFi 0.0.5" miniUniFi Error UniFi Controller Login Connection Error: HTTPSConnectionPool(host='192.168.0.254', port=8443): Max retries exceeded with url: /api/auth/login (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x110057650>: Failed to establish a new connection: [Errno 61] Connection refused',))

[FlyingDiver]

Yeah, it's not the URL. It's the HTTPS connection isn't happening at all. Something is blocking the TCP connection to that port. Does the same thing happen in a terminal window?

curl -k "https://192.168.0.254:8443/api/auth/login

[Koreysherwin]

its the port. 8443 is not used on the UDMP it seems

[FlyingDiver]

What does it use? 80? 8080?

[Koreysherwin]

it hits it with 80, or no port specified

[FlyingDiver]

That makes sense, 80 is the default for HTTP if not specified. But 443 is the default for HTTPS. Try that one.

[Koreysherwin]

in terminal? like this?

curl -k "http://192.168.0.254:443/api/auth/login

[FlyingDiver]

Yes. Did you try 80 in the plugin?

[Koreysherwin]

this is 443:

miniUniFi Error UniFi Controller Login Error: 404

This is 80:

miniUniFi Error UniFi Controller Login Connection Error: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:727)

[Koreysherwin]

you want access to the machine via iMessage screen sharing?

[FlyingDiver]

OK, that all makes sense. 443 is correct for HTTPS, but there's no login info provided so you get that error.

80 is HTTP, and it fails on the HTTPS connection.

Give me a minute.

[Koreysherwin]

I see why you use GitHub instead of the Indigo forms, this is handy!

[FlyingDiver]

Edit the controller device and put 443 in the port field, then restart.

[Koreysherwin]

Oct 25, 2020 at 10:56:02 AM Reloading plugin "miniUniFi 0.0.5" Stopping plugin "miniUniFi 0.0.5" (pid 87906) Stopped plugin "miniUniFi 0.0.5" Starting plugin "miniUniFi 0.0.5" (pid 88569) Started plugin "miniUniFi 0.0.5" miniUniFi Error UniFi Controller Login Error: 404

[Koreysherwin]

Starting plugin "miniUniFi 0.0.5" (pid 89218) Started plugin "miniUniFi 0.0.5" miniUniFi Starting miniUniFi miniUniFi Debug updateFrequency = 60.0 miniUniFi UDMP: Starting Device miniUniFi Debug Starting runConcurrentThread miniUniFi Debug UDMP: Updating controller miniUniFi Debug UniFi Controller Test response: 200 miniUniFi Debug UniFi Controller Login response: 404 miniUniFi Error UniFi Controller Login Error: 404 miniUniFi Debug Updating UniFi Clients miniUniFi Debug Updating UniFi Devices

[FlyingDiver]

OK, now we're getting somewhere. The HTTPs requests are connecting. 404 is "not found", which generally means a bad URL.

[Koreysherwin]

https://192.168.0.254/api/auth/login in safari, results in: Method Not Allowed

[FlyingDiver]

Yeah, the login is a POST not GET. And you need the auth credentials in the POST body.

I just pushed another commit to GitHub. Won't fix the problem, but might give more info to debug. Please try it.

[Koreysherwin]

seems to be the same version ?

I trashed the old plugin and replaced with this incase it was just versioning issue, but no more info in the debug.

[FlyingDiver]

Yes, I did not bump the version number yet. Please restart the plugin and show the output. There should be several more lines of output.

[Koreysherwin]

Started plugin "miniUniFi 0.0.5" miniUniFi Starting miniUniFi miniUniFi Debug updateFrequency = 60.0 miniUniFi UDMP: Starting Device miniUniFi Debug Starting runConcurrentThread miniUniFi Debug UDMP: Updating controller miniUniFi Debug UniFi Controller Test response: 200 miniUniFi Debug UniFi Controller Login response: 404 miniUniFi Error UniFi Controller Login Error: 404 miniUniFi Debug Updating UniFi Clients miniUniFi Debug Updating UniFi Devices miniUniFi Debug UDMP: Updating controller miniUniFi Error UniFi Controller Get Sites Error: 401 miniUniFi Debug Updating UniFi Clients miniUniFi Debug Updating UniFi Devices

[FlyingDiver]

That is not the latest version. I'll tag it with a release number.

https://github.com/FlyingDiver/Indigo-miniUniFi/releases/tag/0.0.6

[Koreysherwin]

Started plugin "miniUniFi 0.0.6" miniUniFi Starting miniUniFi miniUniFi Debug updateFrequency = 60.0 miniUniFi UDMP: Starting Device miniUniFi Debug Starting runConcurrentThread miniUniFi Debug UDMP: Updating controller miniUniFi Debug UniFi Controller Test response: 200 miniUniFi Error UniFi Controller Login Status: 404 miniUniFi Error UniFi Controller Login URL: https://192.168.0.254:443/api/auth/login miniUniFi Error UniFi Controller Login Headers: {'X-Response-Time': '8ms', 'Content-Length': '9', 'X-XSS-Protection': '1; mode=block', 'X-Download-Options': 'noopen', 'X-Content-Type-Options': 'nosniff', 'Content-Type': 'text/plain; charset=utf-8', 'Accept-Ranges': 'bytes', 'Strict-Transport-Security': 'max-age=15552000; includeSubDomains', 'Vary': 'Origin', 'Connection': 'keep-alive', 'Date': 'Sun, 25 Oct 2020 20:18:45 GMT', 'X-Frame-Options': 'SAMEORIGIN', 'X-DNS-Prefetch-Control': 'off', 'X-CSRF-Token': 'bc2ef874-ba14-4dd3-adf7-0d41487d4016'} miniUniFi Debug Updating UniFi Clients miniUniFi Debug Updating UniFi Devices

[FlyingDiver]

https://github.com/FlyingDiver/Indigo-miniUniFi/releases/tag/0.0.7

[Koreysherwin]

Loading plugin "miniUniFi 0.0.7" Starting plugin "miniUniFi 0.0.7" (pid 27392) Started plugin "miniUniFi 0.0.7" miniUniFi Starting miniUniFi miniUniFi Debug updateFrequency = 60.0 miniUniFi UDMP: Starting Device miniUniFi Debug Starting runConcurrentThread miniUniFi Debug UDMP: Updating controller miniUniFi UniFi Controller Test Status: 200 miniUniFi UniFi Controller Test URL: https://192.168.0.254:443/ miniUniFi UniFi Controller Test Headers: {'X-Response-Time': '2ms', 'Content-Length': '357', 'X-XSS-Protection': '1; mode=block', 'X-Download-Options': 'noopen', 'X-Content-Type-Options': 'nosniff', 'Content-Type': 'text/html; charset=utf-8', 'Accept-Ranges': 'bytes', 'Strict-Transport-Security': 'max-age=15552000; includeSubDomains', 'Vary': 'Origin', 'Connection': 'keep-alive', 'Set-Cookie': 'TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjc3JmVG9rZW4iOiIzNDM0ZjkxOC1kMWY4LTRhNWUtOGU4OC04MjY3Y2ZmZTcyOWIiLCJpYXQiOjE2MDM2NjAxNjksImV4cCI6MTYwMzY2Mzc2OX0.zSwEzsdA_Ix3InG8lJKYRg5kdGZVFPy8UUBcPggy6hI; path=/; secure; httponly', 'Date': 'Sun, 25 Oct 2020 21:09:29 GMT', 'X-Frame-Options': 'SAMEORIGIN', 'X-DNS-Prefetch-Control': 'off', 'X-CSRF-Token': '3434f918-d1f8-4a5e-8e88-8267cffe729b'} miniUniFi UniFi Controller Test Content: <!doctype html>

miniUniFi UniFi Controller Login Status: 404 miniUniFi UniFi Controller Login URL: https://192.168.0.254:443/api/auth/login miniUniFi UniFi Controller Login Headers: {'X-Response-Time': '4ms', 'Content-Length': '9', 'X-XSS-Protection': '1; mode=block', 'X-Download-Options': 'noopen', 'X-Content-Type-Options': 'nosniff', 'Content-Type': 'text/plain; charset=utf-8', 'Accept-Ranges': 'bytes', 'Strict-Transport-Security': 'max-age=15552000; includeSubDomains', 'Vary': 'Origin', 'Connection': 'keep-alive', 'Date': 'Sun, 25 Oct 2020 21:09:29 GMT', 'X-Frame-Options': 'SAMEORIGIN', 'X-DNS-Prefetch-Control': 'off', 'X-CSRF-Token': '3434f918-d1f8-4a5e-8e88-8267cffe729b'} miniUniFi UniFi Controller Login Content: Not Found miniUniFi Debug Updating UniFi Clients miniUniFi Debug Updating UniFi Devices

[FlyingDiver]

Sigh. No content on the 404 reply. I was hoping for something to help track down the error.

[FlyingDiver]

Any chance you could set up a port forward and local account on the UDMP so that I can try to connect to it directly?

[Koreysherwin]

Sent email.

[FlyingDiver]

Fixed in https://github.com/FlyingDiver/Indigo-miniUniFi/releases/tag/0.0.10