802.1x Wifi Random Disconnection from Apple devices



  • I have Ubiquiti Unifi AP's that all use my pfsense box as a Radius server (so FreeRadius package). I'm not sure why but only Apple devices are having random disconnections (mostly when they are idle) and these need to re-authenticate (input username and password) again to be able to connect. This does not happen to Android devices at all. Not sure if these logs mean something but here's what I got:

    Aug 5 21:21:28 	radiusd 	16220 	Signalled to terminate
    Aug 5 21:21:28 	radiusd 	16220 	Exiting normally
    Aug 5 21:21:29 	radiusd 	81314 	Debugger not attached
    Aug 5 21:21:29 	radiusd 	82004 	[/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
    Aug 5 21:21:29 	radiusd 	82004 	[/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
    Aug 5 21:21:29 	radiusd 	82004 	Loaded virtual server <default>
    Aug 5 21:21:29 	radiusd 	82004 	Loaded virtual server default
    Aug 5 21:21:29 	radiusd 	82004 	Ignoring "sql" (see raddb/mods-available/README.rst)
    Aug 5 21:21:29 	radiusd 	82004 	Ignoring "ldap" (see raddb/mods-available/README.rst)
    Aug 5 21:21:29 	radiusd 	82004 	Loaded virtual server inner-tunnel-ttls
    Aug 5 21:21:29 	radiusd 	82004 	Loaded virtual server inner-tunnel-peap
    Aug 5 21:21:29 	radiusd 	82004 	Ready to process requests
    Aug 5 21:21:35 	radiusd 	82004 	Signalled to terminate
    Aug 5 21:21:35 	radiusd 	82004 	Exiting normally
    Aug 5 21:21:35 	radiusd 	26856 	Debugger not attached
    Aug 5 21:21:35 	radiusd 	27181 	[/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
    Aug 5 21:21:35 	radiusd 	27181 	[/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
    Aug 5 21:21:35 	radiusd 	27181 	Loaded virtual server <default>
    Aug 5 21:21:35 	radiusd 	27181 	Loaded virtual server default
    Aug 5 21:21:35 	radiusd 	27181 	Ignoring "sql" (see raddb/mods-available/README.rst)
    Aug 5 21:21:35 	radiusd 	27181 	Ignoring "ldap" (see raddb/mods-available/README.rst)
    Aug 5 21:21:35 	radiusd 	27181 	Loaded virtual server inner-tunnel-ttls
    Aug 5 21:21:35 	radiusd 	27181 	Loaded virtual server inner-tunnel-peap
    Aug 5 21:21:35 	radiusd 	27181 	Ready to process requests 
    

    Can anyone point me to the right direction here? Thanks.



  • Can anyone help me with this please?



  • What versions are the Apple devices running on?
    How long has this been an issue btw?



  • They're running at iOS 11.4.1 and this started happening when I switched to using RADIUS authentication with pfsense being the FreeRADIUS server.



  • You are using the pfSense's Captive Portal ?


  • Galactic Empire

    I doubt its a pfSense / FreeRadius issue, I have exactly the same setup and everything works fine.

    You don't have Fast Roaming enabled on the Wireless Networks page do you ?

    I'm also running 11.4.1.



  • @gertjan said in 802.1x Wifi Random Disconnection from Apple devices:

    You are using the pfSense's Captive Portal ?

    No. I'm using Ubiquiti's captive portal.

    @nogbadthebad said in 802.1x Wifi Random Disconnection from Apple devices:

    I doubt its a pfSense / FreeRadius issue, I have exactly the same setup and everything works fine.

    You don't have Fast Roaming enabled on the Wireless Networks page do you ?

    I'm also running 11.4.1.

    Right, so I'm at a loss here. And no, I'm not using Fast Roaming for all my three wireless networks. Any more ideas?


  • Galactic Empire

    @kevindd992002

    Do you use the Ubiquity Captive portal and WPA2 Enterprise on the same SSID ?



  • @nogbadthebad

    No. I have three networks:

    1. Guest - with captive portal and open authentication.
    2. Main - with WPA2 enterprise authentication
    3. Legacy - with WAP2 personal authentication

  • Galactic Empire

    @kevindd992002 said in 802.1x Wifi Random Disconnection from Apple devices:

    @nogbadthebad

    No. I have three networks:

    1. Guest - with captive portal and open authentication.
    2. Main - with WPA2 enterprise authentication
    3. Legacy - with WAP2 personal authentication

    I'm at a loss too.

    Anything in the logs on the UCK ?



  • Don't know anything about "Ubiquiti". (although I heard a lot of good about these devices - have to try one ones)
    I do know that the FreeRadius package has some extended log capabilities.
    Put them on all, locate them, look at them.
    Tell us also how you setup FreeRadius.

    I'm not aware of the fact that FreeRadius filters out Apple devices to give them a special treatment.

    Btw : what do you mean by "Disconnection" : the get disconnected radio-wise (the Wifi carrier) - the portal throws away the firewall rules related to the Apple device ?

    Note : not that it matters, and just a slightly helpful : I'm using FreeRaduis and the pfSense captive portal, and some pretty dumb "wire to radio converters" (== stupid no brain AP's that is)
    It works soooooooooooooooooooooooooo good ;)


  • Galactic Empire



  • @nogbadthebad said in 802.1x Wifi Random Disconnection from Apple devices:

    https://community.ubnt.com/t5/UniFi-Wireless/Random-disconnects-Apple-devices-on-802-1x/td-p/2456271

    Thank you for this!!! I feel stupid I didn't find this discussion :)

    EDIT: In my defense, it's a new thread, lol.