@hardy_rafael17:

So newbie question is…  Is there any way.. to direct or redirect trafic to port 80 from unauthenticated IPs to the captive portal...

That's precisely how captive portal works. The problem is those apps aren't web browsers so when you intercept their traffic and serve them a portal page, the app just flakes out. Have to open a browser. People should be used to that. Gertjan's explanation provides more detail.

I AM a newb.  I had never actually entered invalid credentials.  I would click the 'View current page" and when it worked for the portal page contents and not for the authentication error page contents, I assumed it wasn't working.  When I actually try to log in and deliberately enter bad credentials, it notifies me… with the logo and all.  Thanks everyone for the help.

Thanks for the info Gertjan!  I will give it a go.

Pulling the plug would be the ultimate solution; unfortunatly they are home while I am at work.  This should be good incentive to get them to help out around the house a bit.

The plan is:

Give each of them a chore or two to do each day Once they have completed said chore, the can text me with photo evidence I will then text them the appropriate voucher number to allow them access to the internet

Is there any way to schedule the portal to be active only during specific hours of the day?  All other hours are free for all use?

Ditch Radius.
Get Vouchers.
Done  ;)

(Or: try to put vouchers into Radius)
(Or: Radius hasn't the possibility to give a account xx seconds 'usage' ?)

@ptt:

You can start with this guide

https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package

https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#HOW-TO_-_Multimedia_Tutorials

thanks with this, but my main prob is may radius cant start eventhought i delete and reinstall it it wont run what is the fixed?

Well,
If the popup doesn't show up, don't worry.
As soon as the user becomes idle (and set an idle timeout on the captive portal interface to make this happen) because he's out of the network, shuts down its PC, or whatever, the connection is disconnected.

Stuff get serious if you "sell" Wifi portal time.

That why some of us invented this, a rock solid "check-out" disconnect procedure.

hello. pfSense program database server pull data out of the computer, the data is pulled username and password I need something to distribute. Is there anyone that can help?

"server program on the computer that will receive the passport number and room number, they will give you the username and password assigned as the internet."

Ubiquity bridges its interfaces  in three modes , is it in router mode ?

if so then change it to bridged.
ofcourse DHCP, DNS etc … as Gertjan seas must be handled by pfsense.

@insurin:

…..I think it was more to do with pfsense/captive portal already having a connection on that IP address with another user and when this new user tried to authenticate with the same IP address it caused CP to error.

I rephrase.
A user (with an IP obtained from your DHCP server) has a device with a MAC address.
He connects to the portal interface, a session is opened with its
IP
MAC
Start time
End time (the End time will be 'Start time' + 'hard time out')
Session-ID
Etc.

This user will NOT be redirected to the portal login web interface anymore.
This user should manually LOGOUT (using the popup, so the session will be portal will be destroyed) if he want to see the portal login web interface again.
His IP stays the same all this time.

If another user connects, it should NOT obtain the same IP (IP conflict ! - note that user CAN hard code the IP, you better ignore these users  ;)).
This other user has of course another MAC ….

I cannot imagine how is could be possible that two users have the SAME IP ..... your DHCP will never allow that.
A unique user with its unique MAC will receive a unique IP.
This is how thing work in DHCP land  :)

@lsense:

my plan is to use $config['captiveportal']['httpsname'] …...

this should be the same as 
$cpcfg = $config['captiveportal'][$cpzone]['httpsname']
(see function portal_hostname_from_client_ip($cliip) in /etc/inc/captiveportal.inc - pfSense 2.1.3)
@lsense:

that is "HTTPS server name" in web gui to configure what clients see in the address bar even if we are not using https.

Well, this is where I need to explain:
"Works for me" ™
$cpcfg['httpsname'] is only set when you activate (ones) the "activate https authentication on the captive portal settings page.
This will be done if you put in valid certificates …
Not very difficult, its explaine here: https://forum.pfsense.org/index.php?board=2.0 The very first subject PFsense 2.1 MultiCP and https with Windows Radius Guide.
As soon as "https" is setup and valid, de-activate it.
The tric is: the $cpcfg['httpsname'] will be grayed out, but remains set and valid (so, you can use it as I did above  ;)).
Exemple:
My domaine is
brit-hotel-fumel.net (to be set on the General setup page).
The portal 'host' = 'portal' (IP 192.168.2.1, as set on the DNS Forwarder page)
So, my 'httpsname' will be portal.brit-hotel-fumel.net

When people connect to my Wifi network they will get an IP (they don't connect yet).
They can ping at that very moment alreay portal.brit-hotel-fumel.net - this MUST give back a reply.
This means the host name is resolved.
This means that host name can be used instead of 192.168.2.1
And that's what the subject is all about.

@lsense:

portal_ip_from_client_ip($clientip)  is not called at all.

For me, this is correct, because I'm using https login.
For non-https login, this function will be called:
(see function portal_hostname_from_client_ip($cliip) in /etc/inc/captiveportal.inc - pfSense 2.1.3)

Anything that speaks SFTP should work.  Just know that uploading directly doesn't put the files in the XML config and might not survive a reboot.

Not just www.apple.com

See
Using Apple Products with Captive Portal
iOS 6 issues
Not getting a "captive portal detected" message on iOS devices 
etc.

IOS devices have a boatload of URLs to test if the Internet is reachable.

If you have your user list in an Excel sheet, you could export it into a "easy to parse" format, like CSV, or even dot-comma separated lines.

You need some lines of PHP that should do this:
Remove all current user that are member of the group that are allowed to login to the portal: this is mine:
http://pastebin.com/uQ6Ry4h0
You should remove all <user>…..</user> that have a that belongs to this group.
Now,
Rebuild the group, and insert all users.

You will have to encode the password (3 formats).

Any of this can be looked up in the pfSense portal PPHP code, so the bigger part of the code is just 'copying' what already exists.

Note that, when a user is present in the User Database (managed by pfSense) their is no need to deleted it, you could also just 'deactivate' the account and reactivate when the "rent comes in".

You could also add MySQL or MSSQL support to the PHP engine of pfSEnse, and use a separated SQL server that will do the authentication (better check how
to generate the passwords then ...)

oh I think its a different topic ….

well problem solved..

I need to authenticated to the portal before i can have net access...

Thanks

please close sir moderator. thank you

I activated the Portal Interface on the my LAN - I merely activated Local User Manager, not touching any other settings.
This means I had two portal interfaces, one on OPT1, and one on the LAN.

Just to be sure, I added the MAC of my PC to the MACC pass through page.

I switch on another PC on the LAN and launched a navigator.
Guess what popup up ? this one: http://www.test-domaine.fr/Capture-portal.PNG
I had access to the net after authentication …
I didn't really tested it for a long time, but a Portal Interface on LAN, it seems to work.

Hi Gertjan

I am looking at the logs and I can now see what's happening as you have pointed out already

logportalauth[83783]: CONCURRENT LOGIN - REUSING IP 172.110.14.67 WITH DIFFERENT MAC ADDRESS 18:20:32:27:17:b3: username timestamp

cheers

Hi Gertjan

I think this problem has also started to manifest itself into other devices so it may not just be Apple. I have started another thread to which you have kindly gave me some advice on how to diagnose the issue.

The thread is here for anyone looking

https://forum.pfsense.org/index.php?topic=77821.0

cheers

Thanks Gertjan for your info, I will follow your instructions.