I'm late answering, sorry :-)

I tried to add some code to my captured html page, called index.html, but it didn't work. Have you any example of an html file I could use as example ?

Hello,

@yanosz:

we've some trouble configuring captive portal on 1.2.2. While some features work, some doesn't:

Accessing the portal on 8000/tcp? - works.

Non-Whitelisted hosts are blocked? - works.

Whitelisted hosts are not blocked? - works.

Portal page is shown, if not-authorized hosts try to access web pages by http? - doesn't work

Actually, it seems there is a bug in the configuration code and / or firewall code. After removing some firewall rules ( "pass"-definitions only - sounds strange) and
after switching the interface from wlan to lan and back, everything is running fine…

Keep smiling
yanosz

@GruensFroeschli:

They probably have a popup-blocker running.

I don't think that's it as the CP doesn't use a pop-up AFAIK, plus I use a popup stopper and it works for me. Thanks though.

@Still:

Did you add your internal/ISP DNS servers IPs to the captive portal "Allowed IP addresses" list?
It happens when a client request an internet page and can't DNS resolve it, the CP loginpage won't show up.

I did not add them, but i'm going to right now, not sure when the next time I can test the theory out is as i'm not sure when Canada Revenue will be back but i'll backup and remove all the Pass-through MACs and i'll find out eventually if it works and let you know. Thanks for the tip, hopefully it solves the problem.

Hi,

ive tinkered with this some more and it appears it does work after all though so far ive only managed to get back a message when the radius server was down.

Are there any plans to extend the range of messages? It would be nice for instance to know why the login failed, ie bad credentials, expired account or to many simultaneous logins for exmple.

Regards

Nick

JJ,

excellent, glad you got it working

Regards

Nick

If you want to import into freeradius from a file you could try something along these lines.

`$file_handle = fopen("users.csv", "r");
while (!feof($file_handle) ) {
        $line_of_text = fgets($file_handle);
        $sStream .= $line_of_text;
}

fclose($file_handle);
$arUsers = explode("\n", $sStream);
$sUserCount = count($arUsers)-1 ;

for ($i = 0;$i< $sUserCount; $i++){
     $sTmp = $arUsers[$i];
     $arAcct = explode(",",$sTmp);
     if (  AddXML(false,$arAcct) ) AddDbUser ($arAcct);
     if ( $i > $sUserCount ) break;
}

function AddDBUser($fDebug,$arAcct){

include "opendb.php";
     $SQL = "INSERT INTO radcheck (UserName, Attribute, op, Value) VALUES ('$arAcct[0]', 'User-Password', ':=', '$arrAcct[0]');";
     $QResult = mysql_query($SQL);
     include "closedb.php";
}`

users.csv is simply a list of username password pairs eg fred, apples\n tom, oranges

opendb.php and closedb.php are included pages to handle the connection to the radius db

Obviously thats ver simple only using the usename passwrod pair, it would be no hassle at all to extend it to add additional radius attributes

Its a bit rough and ready and probably has some errors as I just jotted it down from memory of past stuff I've done. I do hope it helps some one

Regards

Nick

I see 1.2.3 is suitable for production.  Can anyone help me out my other questions?

How about using curl to squirt the data over to another box and storing it in a db?

Dear Cry Havok  thank you
if I used a translator because I Alangelzip weak in the language, this is not a drawback to the present, but you are because you do not like you said you like irony and I love to be one of the users of this system of power in the network management
And look for ways to learn what to do
Thank you for all
My question has been, however, I did not find a commentary on the style of translation
No explanations of this video server
Please intervene to solve the problem of determining the velocities of the Iozyrep

Implementing access control based on MAC addresses alone is a no no IMO. , you better use the simple user manager in the captive portal itself, assign each client a username and pass and thats it, preferably to be a https login page..

my 2cents.

Only in 2.0.

In 1.2+ you have to change the order of pfil. Search the forums with "sysctl pfil".

My initial thought was to run a nightly cronjob for the guestrollpwd.sh script, update the config.xml file, and reload it - and finally post today´s password on our intranet page…

Yes I did fear that…...

if this php script does, which function actually reloads the config file?

Well I guees require_once('guiconfig.inc'); could be replaced with
require_once("config.inc");
require_once("functions.inc");
But then everyone can read it.
Different account's and email service afaik will be in pfSense 2.0

edit (After a good night sleep):
/var/run/clear.ip could be created in /usr/local/www/clear.ip so your intranet can access it's
If the intranet ain't on the lan side a simple password can be used to read /var/run/clear.ip

You could make the VLAN separation on the switch itself.
–> You have a single untagged interface to the switch.
Traffic from the pfSense is allowed to both groups (wired, wireless).
Traffic from the groups is only allowed to the pfSense and not to the other group.

As ipnet said : bind the Captive Portal to OPT1 (or whatever you named it), that's were it belongs anyway.

I'm using pfSense with the CP on OPT1 (which is btw 192.168.2.1) and people do not need to type in this IP to get the portal login page.

A simple www.i-wana-go-womewhere.com will do the job - and that what's it is all about. They will see my logging portal, if they want it or not.

Ducktn, goto the Captive Portal settings page "services_captiveportal.php" and have a look at the bottom of that page : see the red note !
"Changing any settings on this page will disconnect all clients! Don't forget to enable the DHCP server on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the DNS forwarder needs to be enabled for DNS lookups by unauthenticated clients to work."
You should know what to check now  :)

i've seen that if i enable dhcp server and i use it this problem disappear, however it doesn't really make much sense :\

This is fixed in 1.2.3 it seems, others have confirmed it. This thread is locked because it's old, but wanted to post here to notify those who may be following this thread. You can post your experiences in the 1.2.3 board.