Probably a client connection to a '443' (https) not using a https 'talk'.

As describe in this post : https://forum.pfsense.org/index.php?topic=43675.msg515428#msg515428 there seems to be an issue in the Freeradius2 Implementation in pfsense.
I solved the problem as follows :
1. in Freeradius-LDAP enabled Authentication and Authorization.
2. Set Group Membership Filter for AD : (|(&(objectClass=group)(member=%{control:Ldap-UserDn})))
Saved Configuration
3. Inserted in radius Users File first line : DEFAULT LDAP-Group == "AD-Group Users have Access", Auth-Type := LDAP
4. in freeradius sites-enabled/default authorize-section disabled the ldap part ( here  line 207-210 : #redundant {

#}
You have to disable this everytime the freeradius configuration changes and is saved !
5. restart freeradius  :)

@Derelict:

I don't think the portal cares how many users are using the same credentials.  All my users show as "unauthenticated" and it works fine.

Who honestly cares if passers-by use the network? Toss a limiter on it to curtail torrenting and help keep one device from being able to hurt you.

The nasty stuff like DHCP pool exhaustion can be done without going through the portal anyway. A better answer is a WPA2 passphrase.

Thank you and you are right.
I might end up using a WPA2 passphrase and an unauthenticated captive portal to display the AUP upon login and make use of the limiter.

@Derelict:

…. It works great. 2.1.5.

Same thing for 2.2.4.
I just generated some vouchers, activates auto-add-mac support etc and started authenticating using vouchers.
Everything works as advertised.

I saw lines like:
Oct 28 08:39:43 logportalauth[38194]: Zone: cpzone1 - Voucher login good for 120 min.: SNWfCebPBQS, 0c:77:1a:xx:13:35, 192.168.2.40
….
Oct 28 10:39:44 logportalauth[33421]: Zone: cpzone1 - EXPIRED SNWfCebPBQS LOGIN - TERMINATING SESSION: SNWfCebPBQS, 0c:77:1a:xx:13:35, 192.168.2.40

The device "0c:77:1a:xx:13:35" was disconnected and removed from the MAC white list.

Nice  :)

I hope you can read English.

You shouldn't add an executable (who would use an undefined executable, found on the net ??) but at least share the source code and the steps how to build the program.

(je pourrais te répondre en Français s'il le faut, car j'y habite  ;))

Check out this subject - posted just a couple of hours before : https://forum.pfsense.org/index.php?topic=85695.0

Ah ….
I remember that one  ;)
But was was a year (two ?) ago.

Hi,

I also using an OPT1 interface for my Portal. I didn't use any 'limiters' on my Portal, so accessing the net, one authenticated, is as fast as accessing the net using the LAN interface.

I also tend to say : I'm using the default settings.

So, the question is : what did YOU change (without telling us) ? How did you set it up ? Undo your changes …

If you're asking what I think you're asking (You might want to rephrase your question otherwise), then this has been asked numerous times and almost always with the same answer. Searching the forum will give you pretty much all the replies you need.

https://forum.pfsense.org/index.php?topic=100963.0

The NTop or NTopNG packages can give you detailed historical traffic information, if that's what you're after. You can get the IP address and sometimes the machine name and even OS type, depending on circumstances. You could match the IP against the authentication logs to find out who your hog is.

I think this is not possible, nearest you can do is non transparent proxy setup with authentication , on providing profile to various users with squidguard (if you require filtration), may be in this mode even captive portal can be used (not sure but worth trying).

@Gertjan:

then this guy:

(ie: http://www.google.com/)

told me who to do it.

Btw : are you letting the visitor authenticate to the portal ?

Bringing people to ie www.google.com - a page they can not leave, seems awkward to me.
Bringing people to a host (a server on a host) so they can authenticate seems complicated to me.
Any, I guess you didn't tell us everything ;)

Gertjan i am not sure what you meant to say exactly with the rest of your post, anyway, it was not Google that "told me HOW to do it", i did try it, yes, but i couldn't find exactly what i was looking for, so i just went to some other place on the web, where i was able to find someone that answered that request without too many turnings around, leave alone the need that some users here (DoktorNotor & co) have to just criticize and put evilness all around them, instead to contribute positively on something, why ohh why some people have to feel and behave that way toward others it's really beyond me, don't you think that someone posting a request for help maybe has already enough stuff to deal with? Honestly, what it's wrong with people like these ??

In regard of the system i did choose, a picture which once clicked forward to the next page, which in my specific case it would be a site hosted locally, not accessible from the web and which require local users wishing to access the www, to be first identified, so in case someone eventually do bad stuff around, it can very easily be pin pointed (as we do).
This first initial page will serve to give the users, most of them with very little experience on a pc, an introduction on what to expect if they wish to make use of this long range wi-fi spot (maybe 5-10km?), it's a local community based project.

@SmartCodar:

Facebook keeps on adding URL's and when ever there is new URL in backgroud Facebook will try to open URL and since there is no Internet Connectivity facebook page will keep trying opening URL unless timeout. Upon timeout Login page is shown.

and finally, the FB server detected that 'you' (your users) have aceBook access problems and the 'blacklist' you (your IP) altogether for a while.

@SmartCodar:

It seems that the list is not complete.

and they keep doing so - this list http://bgp.he.net/search?search[search]=facebook&commit=Search never ends, and is still growing.
Which is under stable: a 'good - final' solution after years of doing so will give the impression that 'it is always the same' and FB will LOOSE clients. CLienst/users want NEW things every day ….
Their is only ONE solution : sign up with FB, some kind of contract that YOU, as a third party person, will use THEIR authenticity system that fires a signal (call-back) to your server (== Captive Portal).
Go to one of their offices.
Bring along a coding specialist (the public API won't lett you do what you need - you will have aces to another API (which also is evolving)
Bring along a lawyer
Bring along a huge amount of cash (Hey, you thought FB was free like 0 $ ? - they DO make money)

You'll be having your FB authenticate pint with fixed URL's and IP's (never ever tell somebody about them, because if they become public, a simple ddoss will blackout these points, having big clients (who paid FB) leaving in the dark ..... and they will yell, because they paid for it)

Etc etc.

The secret of why FB works for everybody (well, they do go down, globally) is that works VERY distributed. If one FB host isn't available, another one. If one is overloaded, another one pops up. Capture this behavior with a what a

Btw : tis question has been asked many times.
It will be asked again next day, or tomorrow.

To answer it, you should know what a "Captive Portal" is.
How FB works (API).
Mix up the to together and your have a real "Misssion Impossible 8" (the exception might be : be friends with the owner or your bank).

I will NOT exclude the fact that a solution MIGHT exist.
Maybe something like this: redirect the visitor to a local page that EXPLAINS:
That the visitor should authenticate with FB in ONE minute. You open up your pfSEnse Captive portal for ONE minute for every new IP/MAC.
After that, if it had NO FB call-back that says : Ok, this user (IP/MAC) logged in, your shut down the connection for X hours.

Asking for help with 2.0.1 is going to receive little feedback other than "upgrade then ask again."

Nobody has a test environment for 2.0.1 to try things to help you.

If you want to pay me US$2500 to setup and US$500/yr to maintain a 2.0.1 test environment plus US$100 per ticket, for which the accepted, billable answer might very well be "that's broken in 2.0.1. Upgrade."  PM me.

Sorted, here is the solution for future users looking to do the same….sorry to differ by the rest, but i find no pleasure in putting more misery into other people struggles, much better to write nothing at all than follow their truly horrible attitude....