Error decoding UniFi login response

[markhaines]

Hi, have been having exactly the same issue with phantom mac addresses as you and it's been driving me crazy for ages. I stumbled across your app and it looks really useful! I've had a go at building it on my Mac for testing, I've setup my .conf file however I'm running into the following error when I run it:

Error decoding UniFi login response: invalid character 'N' looking for beginning of value

I'm running this against a UDMP with network version 7.0.23. Was wondering if you might have any tips?

[rfpludwick]

Hi @markhaines! Unfortunately, UniFi removed support for the functionality to forget clients in one of the 6.* series of releases. So this utility doesn't work past that point. I've asked them to reintroduce the feature, or at least an API call for it, but as of yet they have not added the functionality back.

[rfpludwick]

@markhaines Good news! UniFi added back in the ability to forget clients from the network controller at least as of version 7.1.61. I have updated my repository here to account for the fact that they also added in a CSRF token. I've been running it at home for a day now without issues. Please let me know if upgrading to network controller 7.1.61+ works with the newest version of my repo here.

[markhaines]

@rfpludwick had a chance to play with this, I've configured json but am getting "api.err.NoSiteContext" as error. I'm running a UDMP, for some reason in v7 I can't find the site name anywhere in the UI!? I'm sure it was configured as "HomeNET" but all I can see now is a reference to "UDMP" - have tried both. Have you seen similar issue?

[rfpludwick]

@markhaines Yeah, I don't see the site name offhandedly either. For me, I can tell the site name from the URI, such as <hostname>/network/default/dashboard - that default in there is my site name (I never named it anything else).

[markhaines]

Bingo! That fixed it - thanks so much, this will save me masses of irritation going forward!

[rfpludwick]

Excellent! I remember the first time I finally got this to work, and it forgot a similar number of clients.

[markhaines]

Hmm, might have spoken too soon. It runs, and appears to successfully wipe the 'rogue' clients, but they're still listed in the UI and if I run it a second time it seems to 'find' the same ones again? A rough estimate of rogue entries on the UI would be broadly inline with what the script is reporting - approx 120. Have you seen similar behaviour or am I being thick?

[rfpludwick]

Hmm, that's strange. Can you debug output one or more HTTP responses from the Sta-forget calls, redacting sensitive information?

[markhaines]

Happy to help debug it but i'm not really a developer - what do I need to do to generate the debug? I had a look round to see if I could figure it out by myself - do I need to install delve or something similar?

Cheers

Mark

[rfpludwick]

You'd have to modify the Go code in order to dump the calls. Maybe that's an enhancement I can add in the future. Can you confirm that the same set of MAC addresses persist after running the application, or do you end up with a new set? If they're the same clients, does their "First Seen" get updated at all?

[rfpludwick]

@markhaines I just pushed a new commit with a lot of changes. Please look it over. It includes HTTP logging support in a new configuration format.

[markhaines]

Great, thanks! Was going to have another poke at the weekend to try the debugging but will install this instead!

[markhaines]

Update - downloaded and extracted latest version, setup the new .yaml style conf file. Build the app. Run the app, looks like it logs in ok as it can see clients / how many needed to forget, but then errors at next stage.

[rfpludwick]

What's the UniFi network controller version you're running?

[markhaines]

UDMP Pro with OS 1.11.4 and Network 7.1.65, both are 'current' non-beta I believe.

[markhaines]

Am just comparing the yaml vs json conf - should I switch to json so i can enable the http logging directory? EDIT: Oh it's present in yaml too i just missed it - ignore me!

[markhaines]

Log output:

Request

&{Method:POST URL:https://removed/proxy/network/api/s/default/cmd/stamgr Proto:HTTP/1.1 ProtoMajor:1 ProtoMinor:1 Header:map[Content-Type:[application/json] Cookie:[TOKEN=removed] X-Csrf-Token:[745cef73-39ac-4e4b-a985-359082b38f38]] Body:{Reader:} GetBody:0x64a560 ContentLength:529 TransferEncoding:[] Close:false Host:removed Form:map[] PostForm:map[] MultipartForm: Trailer:map[] RemoteAddr: RequestURI: TLS: Cancel: Response: ctx:0xc00001c630}

Request Body

{"Cmd":"forget-sta","Macs":["22:f4:df:3f:d5:3d","4e:96:5a:a8:6f:5b","64:1d:03:54:d8:3c","e4:1e:01:48:d0:30","00:37:2a:00:01:20","00:24:e4:b2:a2:5e","64:00:11:04:00:00","e4:20:04:31:b8:20","e4:20:04:30:b8:20","a8:12:9a:6b:5a:93","e4:20:01:33:b8:24","e4:20:05:31:b8:1c","e4:20:09:30:b8:2c","64:1f:01:32:b0:20","e4:20:01:34:b8:28","e2:23:07:32:c0:20","e4:20:04:2f:b8:20","e4:20:02:32:b8:24","e4:20:09:2c:b8:24","e4:20:03:32:b4:18","e4:20:01:35:b4:20","62:25:05:3a:d0:1c","e4:20:01:38:b8:1c","e4:20:02:33:b8:24","e4:20:03:31:b4:20"]}

Response

&{Status:400 Bad Request StatusCode:400 Proto:HTTP/1.1 ProtoMajor:1 ProtoMinor:1 Header:map[Accept-Ranges:[bytes] Connection:[keep-alive] Content-Length:[57] Content-Type:[application/json;charset=UTF-8] Date:[Fri, 20 May 2022 15:25:11 GMT] Set-Cookie:[TOKEN=removed; path=/; samesite=none; secure; httponly] Strict-Transport-Security:[max-age=15552000; includeSubDomains] Vary:[Origin] X-Content-Type-Options:[nosniff] X-Csrf-Token:[745cef73-39ac-4e4b-a985-359082b38f38] X-Dns-Prefetch-Control:[off] X-Download-Options:[noopen] X-Frame-Options:[DENY] X-Xss-Protection:[1; mode=block]] Body:0xc0004ac040 ContentLength:57 TransferEncoding:[] Close:false Uncompressed:false Trailer:map[] Request:0xc0000d2200 TLS:0xc00013c370}

Response Body

{"meta":{"rc":"error","msg":"api.err.Invalid"},"data":[]}

TLS

&{Version:772 HandshakeComplete:true DidResume:false CipherSuite:4866 NegotiatedProtocol: NegotiatedProtocolIsMutual:true ServerName: PeerCertificates:[0xc00014a580]

[rfpludwick]

Sorry about that @markhaines - I overlooked a test I needed to run when I was cleaning up JSON annotations. Latest commit should correct that error.

[markhaines]

Using latest version, program runs again, it logs in ok, identifies there are devices to kill and it thinks it removes them ok but still listed in Unifi UI :-(. Can I share some log files with you if useful?

[rfpludwick]

@markhaines Yeah, we should probably discuss this privately rather than in the GH issue. Please send me an email: robert {at} ludwick {dot} us

[markhaines]

Fwiw i finally got to the bottom of this recently; I found a post indicating the issue causing the rogue IPs is a bug on AC-Pro access points which has been present for ages. I replaced them both with Wifi6 models (but left an AC-Lite alone) and haven’t seen the problem reoccur since.

[rfpludwick]

Hmm, interesting. I have indeed noticed a drop in phantom clients since I too switched to the WiFi 6 models, but I still get some on occasion.