I have a UDM/Pro, and just tried to configure the integration into HA, but stumbled upon this issue
2020-04-29 21:47:17 ERROR (MainThread) [homeassistant.components.unifi] Unknown UniFi communication error occurred
Traceback (most recent call last):
File "/usr/src/homeassistant/homeassistant/components/unifi/controller.py", line 367, in get_controller
await controller.login()
File "/usr/local/lib/python3.7/site-packages/aiounifi/controller.py", line 89, in login
await self.request("post", url=url, json=auth)
File "/usr/local/lib/python3.7/site-packages/aiounifi/controller.py", line 201, in request
_raise_on_error(response)
File "/usr/local/lib/python3.7/site-packages/aiounifi/controller.py", line 222, in _raise_on_error
raise_error(data["errors"][0])
File "/usr/local/lib/python3.7/site-packages/aiounifi/errors.py", line 40, in raise_error
raise cls("{}".format(type))
aiounifi.errors.AiounifiException: 2fa token required to authenticate to SSO
I disabled 2FA on my account, and then it worked. As I rather would like to have 2FA enabled, is there any possibility to solve this issue?
This is not supported, I donāt have my own UDM Pro and all work relating to UniFi APIs is reverse engineered. Im not sure Iād be willing to put in the time to support 2FA. Create a local account and leave it at that. But thanks for verifying that it works.
I found your post while looking for a solution to the same problem, here you go.
Some older versions of Ubiquiti services are not 2FA-ready; and when you enable 2FA it will be enabled for all Ubiquiti services. In these cases, when you are not asked for the 2FA token and you are using your ui.com account, you must provide it anyway by typing in your password, a vertical bar (|), and the 2FA token in the password field. For example, for an account with the following:
password: 2931utkyu
2FA token: 987 099
You would type the following in the password field: 2931utkyu|987099
For any future google travellers who run into the same problem that I had (UDM Pro as UniFi controller) theyāve made it confusing but not impossible to create local accounts.
Click on the device you want to add your local user to.
Click āManage Usersā at the bottom of the screen.
Click Add User ā Add User (not admin!) in the top right
Give your user an appropriate name, mine is Hassio Hassio. Leave the role as āUserā.
Add the user.
Hover over the newly created user and hit Edit ā Profile
Change the Role to āLimited Adminā and now you should see the dropdown appear for āUbiquiti Accountā or āLocal Accountā. Select Local Account.
Give it an appropriate username/password.
Save it, then drop that username/password into the Hass UniFi configuration.
This worked for me, the integration now no longer needs 2FA on every reboot.
The only real fix Iād like to see is the ability to modify the connection configuration after the integration has been set up. Having to delete it entirely to update the credentials is the only annoying bit.
EDIT FOR 2022
The UI has changed again for me here. Thereās now a user management screen thatās a little easier to deal with:
Thanks for the tip guys. I do not see any devices on unifi.ui.com, just my controller. I do not see where you see manage users. I can see how to add an admin when Iām logged into the controller but I do not see a spot to change the role to a limited admin or to change to a local account. Do you have to be running a UDM to see those options? I just have unifi switches and APs.
On the page where the admin accounts are listed, top right corner there is an add user button. For local access on your admin account. Click on the admin account there is a drop down for add local credentials.
At unifi.ui.com. I see my controller under Controllers with options to Launch and Forget. If I use the left navigation to go to Devices it says there are no discovered devices yet. So I donāt see where to add a user.
@Mikefila Could you share a screenshot? I do not see a page where admin accounts are listed on unifi.ui.com. I can see admins if I launch my controller (version 6.2.25) and go to settings ā system settings ā administration ā admins. But, I do not see a place to add regular users (just a place to add admins).
@Robban What does that mean specifically to start a new configuration? Could you clarify?
edit
Got it to work on controller version 6.2.25. Hopefully these instructions help someone else.
Set up a local mail server: Controller ā settings ā System settings ā Controller Configuration ā Mail server.
Check box for Mail server (will result in unchecking cloud email). Read here for settings on gmail as mail server.
Once mail server is set up, a new user can be set up on the Admins section: Go to Went to Controller ā settings ā system settings ā administration ā admins and added a new user with role āview onlyā
The mail server will now send a verification email to the email address you specified. Click on that (I opened in an incognito window to keep things clean).
Go back to the Admins section and click on the new user you set up. You can now specify a username and password. This is the username/password to enter into home assistant.
You also dont need to set up mailserver if you log in locally and set up a user without remote checked, then use this user for the integration. With the forced 2fa coming in June I suspect many people will be caught off guard and searching for a solution.
Iām not sure what Iām doing wrong here but I canāt get this to work. Iāve created a āLocal Access Onlyā user with Super Admin priveleges but when I to initialize the integration with 2FA turned on, it is unable to log in. Iāve tried both the plain password as well as the vertical bar/pipe + 2FA code in the password and itās not working. What am I missing here?