@bloodsside14:

test

Can you list what you have here : Services -> Captive Portal -> [ZONE] -> File Manager ?
A file called "captiveportal-test.jpg" should be there (exactly the same).

i've re-installed PfSENSE and it solved.

You cannot assign IP addresses based on RADIUS results with captive portal.

For that you'd need something like 802.1x on the switch, NOT captive portal.

For the user to load the captive portal page they already have to have an IP address, and it's too late to move them to a different one.

Ok Tks Gertjan,
i'll retry and feedback

@mbutz89:

I do not have control on what version we run in the field.

Then perhaps you should advise those who have the control that they are running unsupported firewall version affected by many security issue long fixed in the versions that are supported. You are also missing tons of non-security bugfixes.

https://doc.pfsense.org/index.php/Versions_of_pfSense_and_FreeBSD

If i hadn't looked at your previous posts i would have taken you for a spam bot and banned you.
You really could run your post at least through some basic spell-checking…

As for your problem: There is no way to prevent someone from cloning your MAC address and using it to circumvent your MAC-lock.
That's mainly the reason why MAC-based ACLs are not considered useful.

This :
@technobiz:

…. still redirection to login page does not work.

as a description of your problem will not help us to find out what you forget to mention (and we should know so we can tell you what is wrong).

Tell us more if not everything about your interfaces.
How you set up DNS.
How you set up the portal (configure page).

Start using the default built in login page - and make the portal should work.

You should read : https://en.wikipedia.org/wiki/HTTP_404

Btw : you can not change  http://x.x.x.x:8002/index.php?zone to http://wireless.hotspot
This : http://x.x.x.x:8002/index.php?zone is already incorrect. The "zone" parameter should contains value so pfSense knows WHAT captive zone it's handling (more then one can exist)
This : "8002" is hard coded , and the first web server instance that is running to handle your first instance.
When you use something like "http://wireless.hotspot" it implies "http://wireless.hotspot:80" so you will get redirected …. see instruction here https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting to see what's really going on.

2.0.x is far too old to expect anyone to assist in diagnosing. Even if you were on the latest 2.0.x release that's still 3.5+ years out of date.

I seem to recall a similar problem back then that was fixed, also a long time ago. I didn't see any specific references in any of the release notes, though.

From 2.3.x on it's even a completely different web server running captive portal connectivity (nginx now, was lighttpd back then)

The best path forward is to upgrade.

Sweet!!!!
Thank you again…

I modified the line containing the regex so that it only matches lowercase a-f....
it's working like a charm...

/* MACs input validation */ function freeradius_validate_macs($post, &$input_errors) { // MAC Address if (!empty($post['varmacsaddress'])) { if (!preg_match('/([a-f0-9]{2}[-]?){6}/', $post['varmacsaddress'])) { $input_errors[] = "The 'MAC Address' field must contain a valid MAC address, delimited with '-' character."; } }

Just set "No authentication" in the portal and make a button that says proceeed.

No magic there.

You could run it by the Professional Services crew but I don't think we've gone so far as setting up external auth servers of that nature before.

I am sorry I know this is not a answer you are really looking for but I am just giving my 2 cents,  with pfsense I do not know of a way to view bandwidth by CP login info but if you like there is a other firewall called Untangle that can do exactly as you wish, and the good thing is you can keep pfsense as firewall and use UT in bridge mode

On mobile, are you waiting for the authentication page to appear automatically, or are you opening an http page for redirection?

@doktornotor:

Alternatively, you might just use the banana.  8)

hahahahaha… BANANA POWER!!!  ;D ;D