JJ, excellent, glad you got it working Regards Nick

If you want to import into freeradius from a file you could try something along these lines. `$file_handle = fopen("users.csv", "r"); while (!feof($file_handle) ) {         $line_of_text = fgets($file_handle);         $sStream .= $line_of_text; } fclose($file_handle); $arUsers = explode("\n", $sStream); $sUserCount = count($arUsers)-1 ; for ($i = 0;$i< $sUserCount; $i++){      $sTmp = $arUsers[$i];      $arAcct = explode(",",$sTmp);      if (  AddXML(false,$arAcct) ) AddDbUser ($arAcct);      if ( $i > $sUserCount ) break; } function AddDBUser($fDebug,$arAcct){ include "opendb.php";      $SQL = "INSERT INTO radcheck (UserName, Attribute, op, Value) VALUES ('$arAcct[0]', 'User-Password', ':=', '$arrAcct[0]');";      $QResult = mysql_query($SQL);      include "closedb.php"; }` users.csv is simply a list of username password pairs eg fred, apples\n tom, oranges opendb.php and closedb.php are included pages to handle the connection to the radius db Obviously thats ver simple only using the usename passwrod pair, it would be no hassle at all to extend it to add additional radius attributes Its a bit rough and ready and probably has some errors as I just jotted it down from memory of past stuff I've done. I do hope it helps some one Regards Nick

I see 1.2.3 is suitable for production.  Can anyone help me out my other questions?

How about using curl to squirt the data over to another box and storing it in a db?

Dear Cry Havok  thank you if I used a translator because I Alangelzip weak in the language, this is not a drawback to the present, but you are because you do not like you said you like irony and I love to be one of the users of this system of power in the network management And look for ways to learn what to do Thank you for all My question has been, however, I did not find a commentary on the style of translation No explanations of this video server Please intervene to solve the problem of determining the velocities of the Iozyrep

Implementing access control based on MAC addresses alone is a no no IMO. , you better use the simple user manager in the captive portal itself, assign each client a username and pass and thats it, preferably to be a https login page.. my 2cents.

Only in 2.0. In 1.2+ you have to change the order of pfil. Search the forums with "sysctl pfil".

My initial thought was to run a nightly cronjob for the guestrollpwd.sh script, update the config.xml file, and reload it - and finally post today´s password on our intranet page… Yes I did fear that…... if this php script does, which function actually reloads the config file? Well I guees require_once('guiconfig.inc'); could be replaced with require_once("config.inc"); require_once("functions.inc"); But then everyone can read it. Different account's and email service afaik will be in pfSense 2.0 edit (After a good night sleep): /var/run/clear.ip could be created in /usr/local/www/clear.ip so your intranet can access it's If the intranet ain't on the lan side a simple password can be used to read /var/run/clear.ip

You could make the VLAN separation on the switch itself. –> You have a single untagged interface to the switch. Traffic from the pfSense is allowed to both groups (wired, wireless). Traffic from the groups is only allowed to the pfSense and not to the other group.

As ipnet said : bind the Captive Portal to OPT1 (or whatever you named it), that's were it belongs anyway. I'm using pfSense with the CP on OPT1 (which is btw 192.168.2.1) and people do not need to type in this IP to get the portal login page. A simple www.i-wana-go-womewhere.com will do the job - and that what's it is all about. They will see my logging portal, if they want it or not. Ducktn, goto the Captive Portal settings page "services_captiveportal.php" and have a look at the bottom of that page : see the red note ! "Changing any settings on this page will disconnect all clients! Don't forget to enable the DHCP server on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the DNS forwarder needs to be enabled for DNS lookups by unauthenticated clients to work." You should know what to check now  :)

i've seen that if i enable dhcp server and i use it this problem disappear, however it doesn't really make much sense :\

This is fixed in 1.2.3 it seems, others have confirmed it. This thread is locked because it's old, but wanted to post here to notify those who may be following this thread. You can post your experiences in the 1.2.3 board.

No, I do not lock myself out because I've already added a rule to be able to access the WAN side before any changes I make.  I did run a few more installs and test.  got it to work essentially.  The steps are all the same but one key item I have not heard or seen is that during the time I am configuring the Wireless side (AP mode, Infrastructure Mode, Ad-Hoc), it asks for authentication method.  Well, I left it at NO AUTHNETICATION and then completed by pressing SAVE.  Well once you press SAVE that's it!  It doesn't work if you go back and want to use Local User Manager.  I tried this out on multiple new installs.  Same effect.  So the effect is this - BEFORE you hit that save button, make sure it is the settings you will be using or you WILL have to reinstall…I repeated this process so that's my conclusion.  If you have another fix which is faster, please tell me. Not sure if this was also part of it, but on the General Setup Page of this AP mode of pfSense, make sure you have the DNS also pointing to the DNS of your network segment and not one on the Internet like OpenDNS.  I made a clean install and change the DNS on an internal DNS which already has external DNS for referral, and the settings above I discussed pertaining to autneication and everything works fine.... with problems I had previously with FTP and now Captive Portal, I can concur and honestly say pf Sense works but if you do not choose the correct settings at first and go back to change them....you might as well reinstall to have correct settings at first!!  Just because you can change settings doesn't mean it will correctly do so in pfSense.

You can find the original CP file here : Open etc/inc/captiveportal.inc Look for lines 91 up untill 116 - everything including and between the html tags. You'll find the same concept for the default error page : line 134 - 147.

Yes that's the point of a captive portal. You need first to authenticate before you can browse the internet. Make sure you dont have an adblocker enabled that blocks the authentication popup.

you can try install freeradius package and set the captive portal to authenticate user using that radius server. Freeradius package has Expiration-date module.

@Docwyatt2001: A combination if RADIUS and vendor specific entries can do this… VLAN's based on SSID.. Then have them come into an intermediate network where they can access the portal. Cisco definately can. Linksys can't as far as I know. Its more a dot1x thing than pfSense. By choosing the SSID paired with AD credentials (PEAP), you can have it forced into the network you need, otherwise no access. Then give your users the private SSID, and the guests/visitors/etc the public SSID. Thanks for this..  I know my ASA can't help with this..