@GruensFroeschli:

They probably have a popup-blocker running.

I don't think that's it as the CP doesn't use a pop-up AFAIK, plus I use a popup stopper and it works for me. Thanks though.

@Still:

Did you add your internal/ISP DNS servers IPs to the captive portal "Allowed IP addresses" list?
It happens when a client request an internet page and can't DNS resolve it, the CP loginpage won't show up.

I did not add them, but i'm going to right now, not sure when the next time I can test the theory out is as i'm not sure when Canada Revenue will be back but i'll backup and remove all the Pass-through MACs and i'll find out eventually if it works and let you know. Thanks for the tip, hopefully it solves the problem.

Hi,

ive tinkered with this some more and it appears it does work after all though so far ive only managed to get back a message when the radius server was down.

Are there any plans to extend the range of messages? It would be nice for instance to know why the login failed, ie bad credentials, expired account or to many simultaneous logins for exmple.

Regards

Nick

JJ,

excellent, glad you got it working

Regards

Nick

If you want to import into freeradius from a file you could try something along these lines.

`$file_handle = fopen("users.csv", "r");
while (!feof($file_handle) ) {
        $line_of_text = fgets($file_handle);
        $sStream .= $line_of_text;
}

fclose($file_handle);
$arUsers = explode("\n", $sStream);
$sUserCount = count($arUsers)-1 ;

for ($i = 0;$i< $sUserCount; $i++){
     $sTmp = $arUsers[$i];
     $arAcct = explode(",",$sTmp);
     if (  AddXML(false,$arAcct) ) AddDbUser ($arAcct);
     if ( $i > $sUserCount ) break;
}

function AddDBUser($fDebug,$arAcct){

include "opendb.php";
     $SQL = "INSERT INTO radcheck (UserName, Attribute, op, Value) VALUES ('$arAcct[0]', 'User-Password', ':=', '$arrAcct[0]');";
     $QResult = mysql_query($SQL);
     include "closedb.php";
}`

users.csv is simply a list of username password pairs eg fred, apples\n tom, oranges

opendb.php and closedb.php are included pages to handle the connection to the radius db

Obviously thats ver simple only using the usename passwrod pair, it would be no hassle at all to extend it to add additional radius attributes

Its a bit rough and ready and probably has some errors as I just jotted it down from memory of past stuff I've done. I do hope it helps some one

Regards

Nick

I see 1.2.3 is suitable for production.  Can anyone help me out my other questions?

How about using curl to squirt the data over to another box and storing it in a db?

Dear Cry Havok  thank you
if I used a translator because I Alangelzip weak in the language, this is not a drawback to the present, but you are because you do not like you said you like irony and I love to be one of the users of this system of power in the network management
And look for ways to learn what to do
Thank you for all
My question has been, however, I did not find a commentary on the style of translation
No explanations of this video server
Please intervene to solve the problem of determining the velocities of the Iozyrep

Implementing access control based on MAC addresses alone is a no no IMO. , you better use the simple user manager in the captive portal itself, assign each client a username and pass and thats it, preferably to be a https login page..

my 2cents.

Only in 2.0.

In 1.2+ you have to change the order of pfil. Search the forums with "sysctl pfil".

My initial thought was to run a nightly cronjob for the guestrollpwd.sh script, update the config.xml file, and reload it - and finally post today´s password on our intranet page…

Yes I did fear that…...

if this php script does, which function actually reloads the config file?

Well I guees require_once('guiconfig.inc'); could be replaced with
require_once("config.inc");
require_once("functions.inc");
But then everyone can read it.
Different account's and email service afaik will be in pfSense 2.0

edit (After a good night sleep):
/var/run/clear.ip could be created in /usr/local/www/clear.ip so your intranet can access it's
If the intranet ain't on the lan side a simple password can be used to read /var/run/clear.ip

You could make the VLAN separation on the switch itself.
–> You have a single untagged interface to the switch.
Traffic from the pfSense is allowed to both groups (wired, wireless).
Traffic from the groups is only allowed to the pfSense and not to the other group.

As ipnet said : bind the Captive Portal to OPT1 (or whatever you named it), that's were it belongs anyway.

I'm using pfSense with the CP on OPT1 (which is btw 192.168.2.1) and people do not need to type in this IP to get the portal login page.

A simple www.i-wana-go-womewhere.com will do the job - and that what's it is all about. They will see my logging portal, if they want it or not.

Ducktn, goto the Captive Portal settings page "services_captiveportal.php" and have a look at the bottom of that page : see the red note !
"Changing any settings on this page will disconnect all clients! Don't forget to enable the DHCP server on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the DNS forwarder needs to be enabled for DNS lookups by unauthenticated clients to work."
You should know what to check now  :)

i've seen that if i enable dhcp server and i use it this problem disappear, however it doesn't really make much sense :\

This is fixed in 1.2.3 it seems, others have confirmed it. This thread is locked because it's old, but wanted to post here to notify those who may be following this thread. You can post your experiences in the 1.2.3 board.

No, I do not lock myself out because I've already added a rule to be able to access the WAN side before any changes I make.  I did run a few more installs and test.  got it to work essentially.  The steps are all the same but one key item I have not heard or seen is that during the time I am configuring the Wireless side (AP mode, Infrastructure Mode, Ad-Hoc), it asks for authentication method.  Well, I left it at NO AUTHNETICATION and then completed by pressing SAVE.  Well once you press SAVE that's it!  It doesn't work if you go back and want to use Local User Manager.  I tried this out on multiple new installs.  Same effect.  So the effect is this - BEFORE you hit that save button, make sure it is the settings you will be using or you WILL have to reinstall…I repeated this process so that's my conclusion.  If you have another fix which is faster, please tell me.

Not sure if this was also part of it, but on the General Setup Page of this AP mode of pfSense, make sure you have the DNS also pointing to the DNS of your network segment and not one on the Internet like OpenDNS.  I made a clean install and change the DNS on an internal DNS which already has external DNS for referral, and the settings above I discussed pertaining to autneication and everything works fine....

with problems I had previously with FTP and now Captive Portal, I can concur and honestly say pf Sense works but if you do not choose the correct settings at first and go back to change them....you might as well reinstall to have correct settings at first!!  Just because you can change settings doesn't mean it will correctly do so in pfSense.

You can find the original CP file here :
Open etc/inc/captiveportal.inc
Look for lines 91 up untill 116 - everything including and between the html tags.

You'll find the same concept for the default error page : line 134 - 147.