Hey ho,

okay - got it!
The Vouchers are generated "ont he fly" with the file "usr/local/bin/voucher". As written in the documentation the vouchers are generated based on an RSA Key.
That means there is NO Database in wich the NOT USED Vouchers are stored!!

So i manipulated the config.xml file and did an import of this config. I needed some trials because monowall and pfsense have a slightly different format but figured it out. After "importing" the Vouchers i still had to mark the already used Vouchers within the function in the portal section but everything is working fine :)

So anybody having the same problem try this method!

Hey ho,

okay - got it!
The Vouchers are generated "ont he fly" with the file "usr/local/bin/voucher". As written in the documentation the vouchers are generated based on an RSA Key.
That means there is NO Database in wich the NOT USED Vouchers are stored!!

So i manipulated the config.xml file and did an import of this config. I needed some trials because monowall and pfsense have a slightly different format but figured it out. After "importing" the Vouchers i still had to mark the already used Vouchers within the function in the portal section but everything is working fine :)

So anybody having the same problem try this method!

There should only be one file manager.  Either only a file manager tab page on the first portal, or every portal showing all the files.  The way it is now is stupid.

Glad to be of help. You can PM anyone in the forum - myself included -  but if you have any further questions, please direct them to the forum only. Your questions may go some way towards helping someone else looking for answers and queries that go via PM aren't generally seen.

Awesome, I might need this (not exactly, but same code area), because I want to present a after login page but also a clickable link to the initially requested page, or even open it in a new tab (with JS). Thanks a bunch.

Any news on this?

Sorted, many thanks

Removing the cookies resolved the problem and I now get the box back again.
When I click to disconnect the connection does actual now disconnect.

change_password.php

<form action="captiveportal-cmd.php" method="post" name="frm_data" class="login"> Captivportal Change Password. **cmd.php**

if(!isset($_POST['auth_user']) ||
($_POST['auth_user'])==null ||
($_POST['auth_pass'])==null||
($_POST['new_pass'])==null||
($_POST['conf_pass'])==null

){
exit();
  }

$user = $_POST['auth_user'];
$old_pwd = $_POST['auth_pass'];
$new_pwd = $_POST['new_pass'];
$conf_pwd = $_POST['conf_pass'];

echo '

if($_POST['from']=="first_login"){
echo shell_exec("sh captiveportal-first_login.sh '$user' '$old_pwd' '$new_pwd'");
}
else{
echo shell_exec("sh captiveportal-password.sh '$user' '$old_pwd' '$new_pwd'");
}
echo '
  ';
?>

**password.sh**

#!/bin/bash

base_users="/usr/pbi/freeradius-amd64/local/etc/raddb/users"
username=$1
next_changepassword=date -v +90d +%Y-%m-%d
input=$1" "$2
oldpassmd5=md5 -s $2 | awk -F ' ' '{print $4}'
newpassmd5=md5 -s $3 | awk -F ' ' '{print $4}'
#newpassword=$3
result=$(grep -i '"'$1'" Cleartext-Password := "'$2'"' $base_users | awk -F '"' '{print $2" "$4}')
size=${#result}

#echo "Input : $input"

if [ "$size" == "0" ]

then

echo ''

else

if [ "$result" == "$input" ]
        then

## Check Old Password check_allpwd=`cat /home/log/pwd.log | grep -w $1| wc -l | awk -F ' ' '{print $1}'` first_oldpwd=`grep -w $1 /home/log/pwd.log | tail -1` check_oldpwd=`cat /home/log/pwd.log | grep -w $1:$newpassmd5 | wc -l | awk -F ' ' '{print $1}'` if [ "$check_oldpwd" != "0" ] then echo '' else sed -i ''  s'/"'$1'" Cleartext-Password := "'$2'"/"'$1'" Cleartext-Password := "'$3'"/g' $base_users echo $1:$newpassmd5 >> /home/log/pwd.log grep -wiv $username /home/log/log_changepassword > /home/log/tmp ; mv /home/log/tmp /home/log/log_changepassword echo $1:$next_changepassword >> /home/log/log_changepassword #delete first_oldpwd if [ "$check_allpwd" -lt 5 ] then sh captiveportal-av.sh > /dev/null else sed -i"$1" '1d' /home/log/pwd.log rm /home/log/pwd.log$1 sh av.sh > /dev/null fi #echo `date` User [ $1 ] Change password from [ $2 ] ==\> [ $3 ] with no error. >> /home/log/success.log

echo '
';
fi

else

echo `date` User [ $1 ] Change password from [ $2 ] ==\> [ $3 ] with error. >> /home/log/error.log echo ''

fi

fi

**av.sh **``` #!/bin/sh readStatus(){ x=$(cat /home/log/Status) } readStatus while [ $x != "Ready" ] do sleep 2 readStatus done echo Busy > /home/log/Status sh /usr/local/etc/rc.d/radiusd.sh restart > /dev/null sleep 1.5 echo Ready > /home/log/Status ```****</form>

OK tHANK YOU  ;D

Why should I take a look I know how it works.

NO PHP WILL BE EXECUTED ON THE SERVER until the client makes an http request. Whatever is in that php script it is completely up to the client what is done with it.

What is so hard to understand? I'm out.

@The:

I tend to put www.apple.com in as a host name passthrough. Works fine then.

This could be one of the ten or hundred different URL's hard-coded in iOS.
When you have the change the random "www.apple.com" is used, the iOS thinks it is connected to the net …. and the pfSense Captive portal will still block the portal client to visit any other site

Just wire-shark your portal connection, you probably will not even find a "www.apple.com" (DNS) request .... so why allowing it ?

Thanks Gertjan… I've been to busy lately....

What I'm doing now... I'm just making sure the config file is actually getting written... that's until I get an SSD...

Ill do as doktornotor says...

I was actually trying to thank Gertjan not Doktornotor...

@Gertjan:

@Chrisiesmit93:

.
Can I kick users authenticated through RADIUS (MS Active Directory) from CLI or a .php script on another host and/or webserver?

'kicking' means 'disconnecting' means the Captive Portal firewall rules should be modified. So something has to execute on pfSense to 'kick'.
Putting a script on another system won't do 'the job'.

Btw : Userid's are stored into a SQLLIGHT3 database on the pfSense file syem (see source for the "how to access and retrieve").

Thank you! This is wat I searched for! :)

People have devices that constantly request web pages and they just sit there and run and run and run before the user navigates the portal. It could be hours or days.

What does this output when run from behind the portal?

openssl s_client -connect wifi.cityofaltonil.com:8003 -showcerts

Good advice ^^.

Also, sometimes clients get confused and simply reload the portal page. After they hit login is there a CP entry created (Status > Captive Portal. Also check the Portal Auth log).  After they hit login did you try manually navigating to other sites?

i check this now it is working thanks all