@asbonet said in Import Multiple Users Accounts CP + FreeRADIUS:

I have been able to add users now and authenticate them though mysql using the radcheck table but i can not figure out how to get the attributes such as Max-Daily-Session := 3600 to be linked with the Accounts that i add any help on where i need to be adding this attribute and how to link it with the user.

Thanks
  :) :)

How did you import multiple users into pfSense? is there anyway to do that without sql?

Why would you think that your wireless routers should send traffic to pfsense in the cloud? WTF is your IPs suppose to show us? 1 is for sure rfc1918 the 10.x and the other might be 172.x other is public I take it with 146.x

It is much easier if you just attach your drawings to your post vs links to other sites - that may or may not be blocked dependng on the viewers connection.

@21hertz said in Windows 10 (?) users cant login:

What I can confirm though, is that pfSense still has some sort of bug with “Allowed Hosts”. Sometimes it takes a couple of minutes and sometimes it doesn’t work at all, when you have entered a value / domain.
It seems like the list of domains that you enter in “Allowed Hosts” isn’t applied to the rules as it should. Feels intermittent. This was a actual reported bug in an earlier release (don’t remember which version).

The "allowed hosts" is easy to "debug".
Add your host, ad then look at the generated ipfw rules (this page is very useful : https://www.netgate.com/docs/pfsense/captiveportal/captive-portal-troubleshooting.html - it has told many, many portal admins that they shouldn't break their DNS before operating a captive portal - or, using more common words : Captive portal will not work better as our DNS).

Btw : In case you didn't know : if you use the Allowed host to let portal visitors visit public Internet sites before authentication, be careful : even the most dull WordPress index page includes tells your browser to search for additional info at Google, FB, and else where. These places - hosts, are of course not allowed, so the principle site seams broken, or even the Allowed host entry doesn't seem to work.

** Don't add a host without checking first with nslookup, dig or your favorite DNS tool.

I don't use vouchers, neither selling access time.
I just need to guarantee an Internet access for my clients.

@gertjan said in Free wifi Acccess on first 15minutes Captive Portal:

tw : I didn’t test drive this - I just read what is explained on the settings page of the captive portal.

@gertjan That url is broken.

I am using pfsense with unifi (ubnt) wireless APs, and they already introduce Facebook authentication. So there is an alternative to make it work without pfsense support.

I would personally prefer to be able to configure it in pfsense, where I already have most of the networking configuration.

Gertjan,

Thanks for your reply. Fun fact; I've managed to do the same thing yesterday and got it working.
Good to see that I've done it right. I'll make sure to check the links your provided!

Thanks again dude.

Cheers,
Lex

Ok... Without some details nothing for anyone to help you with.

Were you just wanting people to know, or did you actually want some help with your issue?

Here from that info this is best can offer
https://www.netgate.com/docs/pfsense/captiveportal/captive-portal.html

@becasist2 said in Voucher tickets fails sometimes after updating:

The devices with the MAC included in those lists can connect without a Ticket, the devices without the MAC in this lists have to put the ticket code in the Portal Captive Index page, am I wrong?

Noop, you're right - it works like that.

Thank you very much for your help Jimp

Hi,

@tjthomas101 said in How to create a captive portal without username/password:

Unless anyone has a better idea, I’m still all ears.

Consulting the Chillispot support site ?
(but the solution looks ok to me)

@p3n6 said in Reduce length Voucher:

@Gertjan
Is this being done in pfsense

Yes.
Use the console access, or better, enable SSH access, access SSH (Putty is your friend here) and use option 8.

or do i need to run a command?

Yes.
You asked for non-standard possibilities. You'll be needing a keyboard.

Can you provide a screen shot?

Never used vouchers myself.

A bug from 5 years ago ?
No one is talking about this one, so I consider it doesn't exist any more. I was using pfSense 5 years ago, and I never saw this "send() failed (40: Message too long)”" in my logs.

Back then, I remember that I could force pfSEnse (nginx or lighthttpd) to show this message by 'programming' a redirect error in my home made captive portal html page (it went recursive, and the web server reply became to long).

When you say "Users can not login" you should also post the firewall rules that you obtained by reading this : https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting

0_1527673608678_chose-one.PNG

You can use
Voucher
or
Radius
Not both at the same time at the same portal instance.

This means that vouchers all share the same bandwidth settings, set up on the captive portal page.

FreeRadius gives you the possibility to set a per-user bandwidth setting.

thanks, I will study it

@Gloom:

Silly question but have you put rules in place to allow the connections to the interface on VLAN20 from the subnet?

Hrm What do you mean? Should I need an additional rule besides the Firewall Rule on the mvneta1.20 VLAN IF that allows all protocols/ports to pass?

This is the only rule I have in that IF:

Nice. The progress is the word "Failure".

This message is the result of one check ( see /usr/local/captiveportal/index.php  - at the bottom ) : if the user+pass are in the local user list, access is granted.
A second check is done if you checked "Allow only users/groups with "Captive portal login" privilege set" on the Captive portal settings page.

If these test(s) are ok, you are logged in. If not, a "Failure" is thrown out.

So, if you are sure the user and password are ok when entered, and you are sure they are in the local user manager list, the conclusion is simple :
Consider your system broken - probably a hardware (disk) failure.

If a login works - and after some time (hard or soft time out ?) the user can't login anymore, then something is not working as it should.

Btw : I'm replying knowing that you did not mention anything about your setup, so I consider every setting is set (kept to) to default (value). It is of course possible that a user logs in, and after  time out he can't login anymore for the rest of the day. Or something like that.