another thing to check: if your external database is on a hosted server, make sure that you are allowing connections from your pfsense IP address. e.g. in Control Panel (on your hosted server) go to Databases -> RemoteMySQL and enter the allowed host IP or domain name
Yes, you have to manually edit the values in /etc/inc/radius.inc. They're easy enough to spot - if you're not comfortable with command-line just use Diagnostics > Edit file.
Look for a line like the following…
function addServer($servername = 'localhost', $port = 0, $sharedSecret = 'testing123', $timeout = 3, $maxtries = 2)
I've not yet got to the bottom of my problem - increasing the timeouts has not fixed it for me. Unfortunately I've had little time to look into it further, and it's always in use so access is tricky.
Hello,
We are currently running version pfSense-2.0.1-RELASE (which does have the "no authentication" radio button),,,,but more,,, wanted a "TOS" or "disclaimer" to be displayed to our likeing, which wallabybob,,supplied.
thanks,
Barry
My initial thought is that, with some careful firewall rules, you might be able to use the same IP address for all your CP instances since they are differentiated by port numbers.
I do know the ipfw rules initially fwd's CP traffic to 127.0.0.1:8XXX. There would probably need to be some customization to make the httpd always use the same source address for all CP instances in its replies.
That or forget about the DNS forwarder and put ISC BIND up instead. You could easily make it return the correct A record based on the IP address of the resolver making the query.
Or a wildcard cert.
Or separate FQDNs/certificates for each CP instance. Check out www.startssl.com.
Your pre-auth page needs a button or link to redirect -back to- the CP page, http://x.x.x.x:8000/index.php
At that point they login to the CP auth page as normal.
Hello All,
Replying to my own post. After looking at the CP log I did see an error being thrown in regards to "unable to determine mac filter". The error did suppest to "Disable mac filtering in the pfSense GUI,which I did. CP works fine after making this change.
Thank You,
Barry
I finally got this sorted, and to help anyone else out here is what worked for me (i am writing this from home mostly from memory, but you will get the idea), most of what i have done is based on this link http://forum.pfsense.org/index.php/topic,57260.msg305604.html#msg305604
Get the basic captive portal and freeradius setup and make sure it works with local users.
Install php-mysql support as detailed at the above link
Edit the file /usr/local/etc/raddb/sql/mysql/counter.conf and replace with the contents of the one attached to this post.
Edit /usr/local/pkg/freeradius.inc and add the counters from the counter.conf (DailyDataCounter, MonthlyDataCounter & NoResetCounter) to the "Instantiation" section of raddb.conf and sites-enabled default.conf. I removed the references to the other time based counters i.e. daily, weekly & monthly. This file needs to be modified otherwise any changes to the raddb.conf file will reset on a reboot
Modify the default captive portal and error page with the one attached to this post and add the other attachents through captive file manager.
Enable sql otherwise it will not be used
Run the sql in the attached "SQL-Groups.txt" to create groups to assign amount of traffic.
make sure the captive portal is set to auto authenticate every minute.
In theory any one who connects through the captive portal will be asked to register, and they will by default have 30mb of daily download.
This may not be the best way but and if anyone wants to correct me go for it as i just want to learn.
(captiveportal-cp.css).txt
(captiveportal-error.htm).txt
(captiveportal-initial.php).txt
(captiveportal-register.php).txt
(counter.conf).txt
(SQL-Setup.sql).txt
pfSense 2.2 will actually be gaining a "global MAC ban" tab in CP that will redirect certain users to a special CP page if their MAC is "banned" – that might get you partway there, but the code does not exist yet (it's sponsored, in the queue to be added)
