Hello.

Yes, it can be done.
Yes, I guess its already done by some one.
But, no, this (working with MySQL) isn't coded in the portal authentication system right now.

That's for the short answer.

The longer one:
On this forum, examples are given how to add the package to your pfSense setup, so PHP can "speak" to MySQL - its just an extension to load.
Of course, you will have to do some PHP coding.
As a starting point: have a look how local authentication with the local databse is being used.
Discover that pfSense uses also a small database motor (I forget the name, you'll find it in the code, in /etc/inc/captiveportal.inc).
A while back, I even managed to add the package that gave me MSSQL (yep Microsoft SQL) PHP support. I could speak with a MSSQL server on the LAN for portal authentication.

The thing is: no-one is gona do that for you, except if you make it a bounty case https://forum.pfsense.org/index.php?board=34.0

edit: go here  : https://forum.pfsense.org/index.php?board=2.0 (its where you posted your message).
You will see a thread called : How to Captive Portal Self Registration Using Free radius & Mysql (Tutorial)

@mcircuits:

My system setup:
Internet –------- Modem/Wifi Router --------- computer with pfsense installed....

Your setup indicates:
People would connect to your mentioned Wifi device.
They won't be seen, neither handled by pfSense.

Hello Gertjan,

thanks for your reply - finally i was able to solve my problem by myself - after hours :)
My problem was the DNS forwarding and the correct entry of the DNS server. So i was able to ping 8.8.8.8 but not google.com.
I could reach the captive portal via IP but not via name. After setting the correct entries it was working fine.

Regards
tommysense

Hi,

look at this thread: https://forum.pfsense.org/index.php?topic=46015.0

(and please reply if you get it to work, I can't test it right now and there seems to be trouble with the solution posted there…)

Best wishes,
Eagle2

Hi,

you should be able to do this by setting up the freeradius package (see https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package) and then setting bandwith limits for the radius users. Then you can use the captive portal with radius auth or - if your access points support the speed limit - set up radius auth (WPA2-Enterprise) directly on the access points.

Best wishes,
eagle2

Hi guys. As far as I can see, both the GUI and XML are reporting a matching zone name (I presume this is the name of the captive portal).

As I test, I've just disabled the Sync between the master and slave, disabled the portal setup on the slave and confirmed the settings were removed, then enabled Sync again. Everything seems to populate across from the master but still no luck. I'm still getting "TYPO Invalid Magic !!"

after every reboot pfsense ipfw rules start from 5000, 6000, 7000 and so on. the startnum is modified 2 to 50 and the end number is same 65400 but after reboots when the ipfw rules reach to 65400 then all the rules start from 1

What about using a switch ? Use one of the Juniper LAN port, put a 3 port switch (if it exists) on it, use port 2 f the switch to the existing network segment and the third to the pfsense box.
Of course, bandwidth goes up to the capacity of the LAN port of the Juniper firewall.

The DHCP server of pfSense isn't really from "pfSEnse". Its a industrial strengh DHCP server that is already known and being used on FreeBSD for years (also a reference). It can handle a lot of DHCP request … the only limit might be network bandwidth and "pure processor power" of your firewall. This is valid for your actual Juniper firewall, or the pfense box. I guess all possible setup-possibilities are there.
I'm using pfSense as the main "firewall" at my work - about 10 PC's and seperate a Portal Wifi subnet for our customers (a hotel).
I use a PowerEdge from Dell to handle it all (or an older Dell Dimension 51xx, an old retired desktop PC) with a quad NIC Intel PCI card - the onboard NIC is my WAN NIC. It runs fine for years now (it only breaks when I mess up the script/code ones more).
Here are the stats: https://www.test-domaine.fr/munin/dyndns.org/brithotelfumel.dyndns.org/index.html
As you can see, my 'firewall' is just twisting its fingers all the time .....
You could also consider buying a special appliance as said here: https://www.pfsense.org/hardware/index.html#sizing - stuff like this (example) http://store.netgate.com/Netgate-FW-7541-1U-Rack-Mount-System-BTO-P1903.aspx (6 Giga NIC's) will handle hundreds of PC's easily.

Hey gio,

you could use "Automatic MAC Pass-Through addition" to automatically add the MACs of the users to the Pass-Through table. Although it is not really documented, if you select only one of the two check boxes, the MAC address is added and never deleted; when selecting both check boxes it should add the MAC and delete it after the voucher expires.

@ozlecz:

thanks guys…...had it worked;

= got to make the same zone throughout

I have to admit I was shaking my head a little through this thread but it gave me the clue I needed. I don't see anywhere in the docs (perhaps I missed it) that the zone name must be the same at the locations syncing with the master. The sync reported success but none of the vouchers worked. I had a different name and since there is no way to rename in the GUI I had to edit the XML config file by hand to change the zone name. After I did that it worked, so thank you ozlecz! :)

With my current time zone(gmt -3), session last activity is almost 5 hours ahead.
so I've tried to set my timezone to london (gmt 0) and for my surprise, last activity is earlier then start time.

@ermal:

Yeah the behaviour has been that way but even until 2.1 there was no bw limits you could apply to such hosts.

Hmm, which hosts are you referring to? The ones in the mac passthrough list? The bw limits definitely worked for all users who logged in through the captive portal.

The behaviour has been changed to match the configuration since an allowed host is still a user.
What you can do is specify 0 when you configure such hosts or the required bw.
This is mostly to be consistent all over with the limits.

That doesn't seem to be working for me - 0 isn't accepted. When I change an existing entry in the MAC passthrough list to have 0 as both the upload and download values, when I click on Save and open that entry again, the values are blank. If I set a number other than 0, it is saved.

All the entries on my mac list have the up and down bandwidth blank. Following the description on the main config page, setting it to 0 or blank means that host will have no limit. However, the hosts are still limited.

Thanks!

@m4st3rc1p0:

….all subnet that is allowed on the allowed IP address in the portal page should be or can be access by the client but we cannot i can only ping other than that sharing is not allowed.

Can you make this more clear ?

add to cron script.sh with "rm /var/db/captiveportal_usedmacs_<cp>.db"</cp>

Wehre can i find this Information?

"Question: What is your Hard timeout ? Idle timeout ?"

It depends on the details.

Can you share what kind of frames are not understood by pfSense?

Though reading again your post you are talking about stateless accounting packets(or outbound accounting packets) right?
If that is the case no stateless accounting packets are not supported so far.

@mendilli:

www.facebook.com automaticly redirects you to https://www.facebook.com, if you want to have portal login page for https/ssl try "enable HTTPS login" option in captive portal settings

Thanks A LOT .  after try look like i have a lot of work.  :)