Skip to content

Setting up Ubiquiti Wifi (UAP-AC-Lite) on Linux Ubuntu 16.04


installing the Unifi controller on Ubuntu 16.04. It will be used to control the Ubiquiti wifi model: UAP-AC-LITE

Caution: Post Setup note on possible insecurity

NOTE: After logging out of unifi at the browser level, I later found a nest of unifi processes still running, and blocking other processes from using port 8080. I also found this post claiming unifi setup on linux is very insecure. Indeed, some of hte unifi processes are running as root.

Show unifi processes

ps -aux | grep unifi
root     28116  0.0  0.0  17072    12 ?        Ss   Jun10   0:00 unifi -cwd /usr/lib/unifi -home /us
root     28117  0.0  0.0  17072    20 ?        S    Jun10   0:00 unifi -cwd /usr/lib/unifi -home /us
unifi    28119  0.0  0.6 3343864 53068 ?       Sl   Jun10   1:12 unifi -cwd /usr/lib/unifi -home /us
unifi    28135  0.1  5.7 4442860 461816 ?      Sl   Jun10   3:16 /usr/lib/jvm/java-8-openjdk-amd64/j
unifi    28968  0.1  0.9 1045124 78456 ?       Sl   Jun10   5:08 /usr/bin/mongod --dbpath /usr/lib/u

Report the status of the systemd unifi service

sudo systemctl status unifi
● unifi.service - unifi
   Loaded: loaded (/lib/systemd/system/unifi.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2018-06-10 19:01:40 PDT; 2 days ago
  Process: 27877 ExecStop=/usr/lib/unifi/bin/unifi.init stop (code=exited, status=0/SUCCESS)
  Process: 28057 ExecStart=/usr/lib/unifi/bin/unifi.init start (code=exited, status=0/SUCCESS)
 Main PID: 28116 (jsvc)
    Tasks: 910
   Memory: 653.6M
      CPU: 9min 38.339s
   CGroup: /system.slice/unifi.service
           ├─28116 unifi -cwd /usr/lib/unifi -home /usr/lib/jvm/java-8-openjdk-amd64 -cp /usr/share/           ├─28117 unifi -cwd /usr/lib/unifi -home /usr/lib/jvm/java-8-openjdk-amd64 -cp /usr/share/           ├─28119 unifi -cwd /usr/lib/unifi -home /usr/lib/jvm/java-8-openjdk-amd64 -cp /usr/share/           ├─28135 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java -Xmx1024M -XX:ErrorFile=/usr/lib/u           └─28968 /usr/bin/mongod --dbpath /usr/lib/unifi/data/db --port 27117 --unixSocketPrefix /
Jun 10 19:01:39 user-desktop systemd[1]: Starting unifi...
Jun 10 19:01:39 user-desktop unifi.init[28057]:  * Starting Ubiquiti UniFi Controller unifi
Jun 10 19:01:40 user-desktop unifi.init[28057]:    ...done.
Jun 10 19:01:40 user-desktop systemd[1]: Started unifi.

Stop the unifi service:

sudo systemctl stop unifi
ps -aux | grep unifi
<empty result>

So stopping the unifi service has temporarily solved the problem. Of course the unifi browser program will not run, but that doesn't affect the operation of the wifi once it has been set up.

Getting to the correct URL

The right place to start is UniFi - How to Install & Update via APT on Debian or Ubuntu.

FYI, It's three link-hops from from the quick-start guide to that page: - quickstart guide - "UniFi 5.7.23 Controller for Debian/Ubuntu Linux". - Ignore the download button on the right hand side, instead open up the release notes. - See the line with a link "HERE": "For Debian/Ubuntu users, please update your APT source see HERE".


It's best to start by installing/confirming the MongoDB version you want to use, and then install Ubiquiti's unifi software. The reason for that is that unifi will create start running and create a mongo database immediately with whatever MongoDB version is already installed or installs automatically with unifi. Then, when updating the MongoDB in the next step, that database might be incompatible and you might have to remove it.

Installing MongoDB

We are following MongoBD instructions which succesfully installed version 3.6.5.

Beware! Don't use this page, it is out of date!

sudo apt-key adv --keyserver hkp:// --recv 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5
echo "deb [ arch=amd64,arm64 ] xenial/mongodb-org/3.6 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.6.list
sudo apt-get update
sudo apt-get install -y mongodb-org

Optionally a specific version can pinned, but we skip that:

echo "mongodb-org hold" | sudo dpkg --set-selections
echo "mongodb-org-server hold" | sudo dpkg --set-selections
echo "mongodb-org-shell hold" | sudo dpkg --set-selections
echo "mongodb-org-mongos hold" | sudo dpkg --set-selections
echo "mongodb-org-tools hold" | sudo dpkg --set-selections

Start the systemd service mongod. Note that is is mongod without a b at the end! Confirm it's status:

systemctl start mongod
systemctl status mongod
● mongod.service - High-performance, schema-free document-oriented database
   Loaded: loaded (/lib/systemd/system/mongod.service; disabled; vendor preset: enabled)
   Active: active (running) since Sun 2018-06-10 10:47:09 PDT; 10s ago
 Main PID: 27814 (mongod)
    Tasks: 23
   Memory: 38.9M
      CPU: 636ms
   CGroup: /system.slice/mongod.service
           └─27814 /usr/bin/mongod --config /etc/mongod.conf

There is compatibility problem between mongodb 3.6 and unifi 5.7. The latter is issues mongo commands that use a flag only found in mongodb 3.4. It is discussed here.

Although it might be possible to use the mongodb setFeatureCompatibilityVersion function, we used a different workaround instead:

sudo mv /usr/lib/unifi/bin/mongodb /usr/lib/unifi/bin/mongodb.old
cat << _EOF > /usr/lib/unifi/bin/mongodb
echo "[ $date ]: ${*}" >> /usr/lib/unifi/logs/mongod-call-args.log
exec /usr/bin/mongod ${*//--nohttpinterface/}
chmod 755 /usr/lib/unifi/bin/mongodb

The line

echo "[ $date ]: ${*}" >> /usr/lib/unifi/logs/mongod-call-args.log

writes the arguments passed by unifi to mongod into a log file for veiwing.

The line:

exec /usr/bin/mongod ${*//--nohttpinterface/}

removes the offending mongodb 3.6" incompatible argument from the arguments passed by *unifi.

Installing the Ubiquiti software

WARNING - installing the desired *MongoDB version first is recommended.*

UniFi - How to Install & Update via APT on Debian or Ubuntu

echo 'deb stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list
sudo wget -O /etc/apt/trusted.gpg.d/unifi-repo.gpg 
sudo apt-get update
sudo apt-get install unifi

Log files

  • /usr/lib/unifi/logs/server.log
  • /usr/lib/unifi/logs/mongod.log
sudo cat /usr/lib/unifi/logs/server.log
[2018-06-10 09:32:36,020] <main> WARN  system - reload failed: file not found
[2018-06-10 09:32:36,478] <main> WARN  system - reload failed: file not found
[2018-06-10 09:32:37,806] <launcher> INFO  system - *** Running for the first time, creating identity ***
[2018-06-10 09:32:37,808] <launcher> INFO  system - UUID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[2018-06-10 09:32:37,808] <launcher> WARN  system - reload failed: file not found
[2018-06-10 09:32:37,810] <launcher> INFO  system - ======================================================================
[2018-06-10 09:32:37,810] <launcher> INFO  system - UniFi 5.7.23 (build atag_5.7.23_10670 - release) is started
[2018-06-10 09:32:37,810] <launcher> INFO  system - ======================================================================
[2018-06-10 09:32:37,818] <launcher> INFO  system - BASE dir:/usr/lib/unifi
[2018-06-10 09:32:37,832] <launcher> INFO  system - Current System IP:
[2018-06-10 09:32:37,847] <launcher> INFO  system - Hostname: user-desktop
[2018-06-10 09:32:38,195] <launcher> INFO  system - Valid keystore is missing. Generating one ...
[2018-06-10 09:32:38,196] <launcher> INFO  system - Generating Certificate[UniFi]... please wait...
[2018-06-10 09:32:38,930] <launcher> INFO  system - Certificate[UniFi] generated!
[2018-06-10 09:32:40,224] <launcher> INFO  db     - waiting for db connection...
[2018-06-10 09:32:40,724] <launcher> INFO  db     - Connecting to mongodb://
[2018-06-10 09:32:42,645] <launcher> INFO  db     - Connecting to mongodb://
sudo cat /usr/lib/unifi/logs/monodb.log
systemctl -a | grep unifi
  unifi.service   loaded    active     running         unifi
systemctl -a | grep mongod
  mongod.service  loaded    active     running         High-performance, schema-free document-oriented database
● mongodb.service masked    inactive   dead            mongodb.service

Make Wifi unit and Unifi talk to each other

  1. find local lan ip addresses of wifi and PC
  2. ssh into wifi unit and and tell it the address of the PC to initiate handshake
  3. open unifi program in PC browser to return handshake with Wifi unit
  4. again ssh into wifi unit for final acknowledge of handshake.

find local lan ip addresses of wifi and PC

The Wifi unit, just by being plugged in to the LAN, should have started up and the light should be solid blue. It will have received an IP address via DHCP.

Find the ipaddresses of - the Linux PC hosting unifi - the Wifi unit.

Use ifconfig to see the PC address. Below it follows inet addr:

enp2s0    Link encap:Ethernet  HWaddr xxxxxxxxxxxxxx  
          inet addr:  Bcast:  Mask:

Use nmap to see the Wifi address. nmap -sP will ping all the addresses over a given range, and gather information about the responses. The range is determined by the Mask: result returned by ifconfig above. In this example case, the last first 24 bits of the address are masked. Translating that into CIDR format we get, which is passed to nmap. As shown below, the Wifi is identifiable by it's name 'Ubiquiti Networks'.

sudo nmap -sP
Nmap scan report for unknownF09FC273B889 (
Host is up (-0.100s latency).
MAC Address: xx:xx:xx:xx:xx:xx (Ubiquiti Networks)

In the above example we found:

PC addr Wifi Addr

ssh into wifi unit, set PC address

ssh into the device as user ubnt with the password shown here.

ssh ubnt@
ubnt@'s password: ....
BusyBox v1.19.4 (2016-01-19 22:59:59 PST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
BZ.v3.4.14# help
UniFi Command Line Interface - Ubiquiti Networks

   info                      display device information
   set-default               restore to factory default
   set-inform <inform_url>   attempt inform URL (e.g. set-inform
   upgrade <firmware_url>    upgrade firmware (e.g. upgrade
   reboot                    reboot the device
BZ.v3.4.14# set-inform

As can be seen, in addition to the address of the PC, a port must also be specified. Ther default is 8080, but if that port is being used for something else on the PC, another port can be shosen.

open unifi program in PC browser to return handshake with Wifi unit

** firewall **

The PC might have a firewall blocking communications from the Wifi address. If ufw is the fireall, then communication from the Wifi can be allowed as follows:

sudo ufw allow from

View the rule:

sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] Anywhere                   ALLOW IN 

NOTE: During normal operation of the Wifi after setup it is not necessary to leave that hole in the firewall open. It can be closed like this:

sudo ufw status numbered
[ 1] Anywhere                   ALLOW IN 
sudo ufw delete 1
 allow from
Proceed with operation (y|n)? y
Rule deleted

Enter in browser address bar:


** untrusted certificate The browser will probably refuse to connect because of an untrusted certificate. Using the advanced options button, enable an exception for that certificate. Then the setup can continue.

You should see the unit appear ready to connect.

Enter a lot of ID's and passwords:

  • SSID and password: To be used from devices, e.g. smart phones, to connect to the Wifi
  • admin and password: To log into the unifi program
  • device authentication and password: To ssh into the Wifi

again ssh into wifi unit and set-inform

Login with new id/password given for device authentification, and enter the same set-inform command as before.

ssh <device-auth-id>@
<device-auth-id>@'s password: <device-auth-id password>
BusyBox v1.19.4 (2016-01-19 22:59:59 PST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
BZ.v3.4.14# set-inform

End of post