No, I do not lock myself out because I've already added a rule to be able to access the WAN side before any changes I make.  I did run a few more installs and test.  got it to work essentially.  The steps are all the same but one key item I have not heard or seen is that during the time I am configuring the Wireless side (AP mode, Infrastructure Mode, Ad-Hoc), it asks for authentication method.  Well, I left it at NO AUTHNETICATION and then completed by pressing SAVE.  Well once you press SAVE that's it!  It doesn't work if you go back and want to use Local User Manager.  I tried this out on multiple new installs.  Same effect.  So the effect is this - BEFORE you hit that save button, make sure it is the settings you will be using or you WILL have to reinstall…I repeated this process so that's my conclusion.  If you have another fix which is faster, please tell me.

Not sure if this was also part of it, but on the General Setup Page of this AP mode of pfSense, make sure you have the DNS also pointing to the DNS of your network segment and not one on the Internet like OpenDNS.  I made a clean install and change the DNS on an internal DNS which already has external DNS for referral, and the settings above I discussed pertaining to autneication and everything works fine....

with problems I had previously with FTP and now Captive Portal, I can concur and honestly say pf Sense works but if you do not choose the correct settings at first and go back to change them....you might as well reinstall to have correct settings at first!!  Just because you can change settings doesn't mean it will correctly do so in pfSense.

You can find the original CP file here :
Open etc/inc/captiveportal.inc
Look for lines 91 up untill 116 - everything including and between the html tags.

You'll find the same concept for the default error page : line 134 - 147.

Yes that's the point of a captive portal.
You need first to authenticate before you can browse the internet.
Make sure you dont have an adblocker enabled that blocks the authentication popup.

you can try install freeradius package and set the captive portal to authenticate user using that radius server. Freeradius package has Expiration-date module.

@Docwyatt2001:

A combination if RADIUS and vendor specific entries can do this… VLAN's based on SSID.. Then have them come into an intermediate network where they can access the portal. Cisco definately can. Linksys can't as far as I know. Its more a dot1x thing than pfSense. By choosing the SSID paired with AD credentials (PEAP), you can have it forced into the network you need, otherwise no access. Then give your users the private SSID, and the guests/visitors/etc the public SSID.

Thanks for this..  I know my ASA can't help with this..

Can the 2k server resolve addresses?  You can have dhcp and dns managed elsewhere without problem, but the proper holes need to be poked to allow for it. 
You could always try another DNS server like opendns, poke a hole through for it and see how that works to take 2k out of the equation.

nb

or you can add his mac address in Services > Pass-through MAC, i am doing this and working fine with me, especially for the TV satellite receivers that clients uses.

I thought at first as well that you need to have the local DNS forwarder for the CP to work.
You dont. You can use any DNS server you want. The client just has to be able to resolve names even if not authenticated.

@lightsareout:

Where exactly is the index.php file stored.  I'm working on a school project and have tried to upload a different file through the GUI and it messed up the whole box and had to re-install pfsense.  So where can i go and manually configure the login page?

Thanks!

I believe the files are stored (after being decoded from the XML) in /usr/local/captiveportal/  But you should use the web interface to change them or they will not be stored in the config.  I have successfully build several highly customized login pages using the supported method.

Thanks you, I look this

I agree with the radius. I use the radius setup to manage 10 different networks, and it works very well for me.

@Monoecus:

I think that the first version is fine for you. The drawback with both versions is that you do not have any traffic shaping on the OPT with pfSense 1.2.1. However, as you need Shaping only on the LAN for now, that first version is safe. In case you need Shaping on all Interfaces, wait for the version 2.0.

For the access points. Just make sure that they cannot connect to LAN, by blocking access to LAN.

It is important to use traffic shaping for LAN and guest users. I need to limit guests to 30% from total bandwith AND use traffic shaper to distrubute fair these 30% to all guest users.

So I will use Option 2 until version 2.0 comes out.

Thanks for the help!

yes you are right, i was thinking little bit about this, and it is because of NAT, so i turned it off and enter static routes in wireless router, and check Disable MAC filtering in captive portal and now works …

and now, i see that you are talking about NAT.

it works now
thanks

Ok, I got it to work.

I did check and twig settings till it work!

i will upload my config.xml file, but i think the reason it works was that on the firewall->rules tab,
the '! WAN Address' was not working so I put '! Network' and "192.168.0.1 / 24".
Now the DHCP is nolonger giving 10.10.10.xxx ip to the pc's on the 192.168.0.1/24 network.

Thank you.