@kiokoman said in images from file manager not showing:

of course not there is a specific section on the Captive portal to load images,

Right.
It's here :

19678267-ca36-41e5-8f58-f2bd9b96c538-image.png

Check out this :

d55e67a6-8f49-4909-a7ec-a669a89cb0fc-image.png

Got it ? You see the first "check" : "Use custom captive portal page
Enable to use a custom captive portal login page" ?

It's not clear if @exofio is using the default, build in login page - which has an optional replaceable background and logo image, or if he is using a self-made login 'html' page.

I might say obvious things, but did you have a look to the documentation ? It has been updated recently

https://docs.netgate.com/pfsense/en/latest/captiveportal/captive-portal-configuration.html

Well, it seems supporting LDAP - which is supported by pfSense.

Never heard from "shibboleth" related to pfSense ....
A forum or Google search confirms.

Edit : there is one : https://forum.netgate.com/topic/60524/cp-authenticating-to-idp-via-saml !

I agree totally.

People that use devices to connect to the Internet are aware of the fact that an capital X and small case x are not always the same.

I know - again : we as a company still receive, ones in a while, mails in all capitals - or all lower case. Better yet : check out this forum, you will find the same thing.

Btw : forcing whatever is entered as a user name to capital ? No big deal.
Find line 216 in /usr/local/captiveportal/index.php

Here it is :

$auth_result = captiveportal_authenticate_user($user, $passwd, $clientmac, $clientip, $pipeno, $context)

Surround $user with "strtoupper" like this :

$auth_result = captiveportal_authenticate_user(strtoupper($user), $passwd, $clientmac, $clientip, $pipeno, $context)

This will force whatever the user entered, to capitals.

True : when pfSense updates, you will have to redo this edit - ones or twice a year.
A small shell script that starts when pfSense reboots could do this for you.

thank you. i am adding the school's default background.

@Gertjan separating LAN and WAN works! great Sir! thank you!

@exofio said in Logo and Background images missing:

i cant upload due to img limit size 10mib.. what to do?

Serious ?
An index landing page that weights over 10 mega ???
If you really have to, put the videos, images and other big resources in separate files, and link to them from the main index login page.
Note : None of the files can be bigger then 10 M.
Also : everything you upload will be stored into the config.xml file.

i uploaded the file to var/db/... what code will i use to call it on html file?

@Gertjan said in Captive portal looping:

The 'login' page and nearly identical 'login-error' page are not stored in /var/db/cpelements.

Thanks for the tip, that was indeed the source of the problem. An older login page was uploaded (at some point in the past) to the captive portal error page.

@jimp I found the problem, in the Voucher config page, I entered the server ip, the port and the username and password. And it gave me those errors.
But if I let them blank, the Local Database being on the localhost, everything work perfectly now.

Thanks

@ontzuevanhussen said in One account ONLY for one device on the captive portal:

one account for one device, but does not disconnect the account that was previously logged.

not sure i quite understand...you mean you want to allow only one login per user, and block additional logins attempts using an error page?

if yes :

pfSense does not natively support this feature. since you seems to be using freeradius, you could nevertheless add some freeradius setting (like simultaneous-Use : 1) to prevent an user to log in more than once. keep in mind that this kind of freeradius setting is not compatible with "reauthenticate users" for obvious reasons...

also,

independently of "is this technically possible", you should not do this. pfSense is using a MAC address&IP address couple to identify an user. for privacy reasons, a device may change them randomly over time. once its MAC or IP has changed, a device will face the login page again but won't be able to login anymore...is that really what you want?

@free4 Ok, I found it. Thank you so much friend..
Annotation 2019-08-18 163737-.jpg

@ontzuevanhussen

What are you trying to do?

Have you registered the aps in freeradius or the controller, it needs to have the aps registered.

Try running rasdniff -x from the pfSense cli, it might give you a clue.

https://docs.netgate.com/pfsense/en/latest/captiveportal/using-captive-portal-with-freeradius.html

@ssattannae you are welcome

if after further testing you still think that the patch is really fixing your problem...then don't hesitate to make a thumbs up on https://github.com/pfsense/pfsense/pull/4042 and/or make a small comment "friendly bump, this pull request resolve a very impactful problem..."

The patch and pull request are ready since a while (2.4.4-p2)...the current stable release is 2.4.4-p3 and the pull request is not merged yet...

@Nova9 said in [HOWTO] Captive portal + FreeRADIUS + local MySQL user friendly single step:

Maybe the .js files aren't loading properly?

Use the right button of your mouse.
Every browser will give you the possibility to see the 'html source of the web page.
You'll be seeing in a split second if resource files like css and js files are not load, most of the time because they have another file on the system name.

Btw : The subject "Captive portal + FreeRADIUS + local MySQL user friendly single step:" is a rather big project.
Nothing something that can be pulled of 'ASAP'.
Using an old pfSense version gives you a new feature : you created a security time bomb.

@Trel said in Radius or voucher authentication on same captive portal.:

Here's an example multi-method login page.
It's probably overkill for anything you're trying to do though.

multicappor.txt

Can I please have a copy of the code?

i had two different urls in, one disable the freeradius and the other did not. i used both of them and that was the result i observed. with the url that is not disabling the radius i am also redirected to the redit URL.

@Gertjan Great! I think I saw that code somewhere.

Will start with this one. Thanks a lot @Gertjan.

If anyone has other ideas that can make this happen, please do add some lines here :)

Put them on another LAN/OPTx interface ?!
Or, use FreeRadius, which gives a per user upload and download limit - although I guess the MAC added users all still handled by the captive portal main setting. I never tried this.