Hi Leoshen, same issue as mine,  ;D waiting for the fix at 2.1.1 http://forum.pfsense.org/index.php/topic,67203.0.html https://redmine.pfsense.org/issues/3216

Thanks Bro onlineph for the clear explanation. :) So I think we have to manually add new Roll, everytime the tickets runs out.

thanks heper for reply its not work.  its working just with Google Chrome and Mobiles.  Internet Explorer And Mozilla are dead. any idea ?

Solved by http://forum.pfsense.org/index.php/topic,67677.0.html

Thanks for the reply. I don't have pfSense installed yet. Just trying to see what I can do with it. I'll be using WHMCS and their FreeRadius module to control access.

An other PFSense user's having this trouble https://redmine.pfsense.org/issues/3226 and I solved my problem with this fix. This is due to Radius Protocol Option, which was reset to no authentication during the upgrade. I select the protocol that I use with my 2K8 and now the system work ! :)

Perhaps something like this: http://wiki.freeradius.org/modules/Rlm_smsotp pfsense CaptivePortal which is using freeradius as backend.

Thanks everyone for the help. It appears it was two issues. One was I did not allow my DNS server out and the other is I had fastforwarding turned on. Thanks again!

Hi, this is the wiki for the pfsense freeradius2 package and the documentation how to do self registration with freeradius + CP + MySQL. Perhaps it could help you. https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#CaptivePortal_Self-Registration:FreeRADIUS.2B_MySQL Out of the box it will not work with pfsense CP nor with freeradius2 package. The "problem" is the self registration and password change.

Hi jjeff1, when you go to DIAGNOSTICS –> CaptivePortal you can see the users which are connected. You see the start time when the first successfull authentication was made by the user and you can see a column which shows you the last activity of this user. If a user turn off its computer the this MAC address is still authenticated on CP. It will first disconnect after idle or hard timeout. I recognized some problems with idle/hard timeout on my CP. It does not work and I can see users still authenticated even if their last activity was days ago. So you could check this first to make sure if you really have 750 concurrent connections or if it consists old ones. (Restarting CP will kick all connected/authenticated users). If a user enters a wrong password can be seen on DIAGNOSTICS --> System Logs --> Portal auth. There you can see all successfull and wrong authentication attempts. I would suggest you some other things or possibilities: Give every teacher its own username/password to find out what teacher gives out its credentials. Further disable "allow concurrent connection". This will make sure that only the last recent user will be authenticated so only one connection per username/password is possible. The teacher will contact you if he will be kicked always because a student connects with its iphone. Another possibility could be to use vouchers. Create vouchers for 1 week and disable "allow concurrent connections" on CP. Every teacher will get his own voucher so if one teacher gives out his voucher to students then only on concurrent connection is possible and you can find out what teacher hands out his credentials. The third possibility could be to install freeradius2 package on pfsense and connect CP with freeradius2. Then create username/password and if you don't want to give every teacher his own credentials then freeradius2 offers you the possibility to set a number of concurrent connections for this username. So if you have 20 teachers then set this numer to 20 and you will make sure that not more than 20 students can use these credentials concurrently. This will unfortunately not tell you the teacher who gives the credentials out. Hint: If you are using the simultaneous connections option of freeradius2 then you need to disable the option on CP of course. Another possibility to stop iphones and so on could be to use squid and block the user agent of these devices. Every browser uses its own user agent string. So if you are using IE and your computers and firefox then just allow these user agents or check out what user agent the safari browser on iphone users and then block this user agent. This could be an custom setting on squid to block Internet Explorer 8: ##### Create the ACL which blocks user agent of Internet Explorer 8 with ACL name "block_internet_explorer" acl block_internet_explorer browser MSIE 8.; ## deny web access for the ACL "block_internet_explorer" # http_access deny block_internet_explorer;

No. Lusca is based on squid2. Squid3-dev use latest 3.3.8 stable version.