External login page authentication

guntery

The Pre-authentication redirect URL redirects to our radius and login server but we want to use the server for the login page and still use the captive portal as the radius client.

Any ideas on how to auth with radius via external login page?

Gertjan

@guntery said in External login page authentication:

The Pre-authentication redirect URL redirects to our radius

Well ....

a Radius server is a server process that listens on ports 1812 1813 and 1816.
Redirecting a web browser to a radius server .... you have a lot of explanation to do here / I don't get it.

I'm using FreeRadius myself.

Using Pre-authentication redirect URL is "not easy".
Click the link, read and only proceed if you are fully aware of what needs to be done.
I consider the "Pre-authentication redirect" usage very advanced.

Instead of seeing the small word "Connected", use the "After authentication Redirection URL" to a known page, like your own companies web site, where you explain that the visitor was just granted Internet access.

guntery

Yeah the pre auth is the wrong option.

Our current captive portals all have external login pages for auth which use a form to send auth details back to the CP.

This way with a remote radius/web server we can better control the login pages and clients.

Don't know how to remotely run the auth so ended up keeping the login page in pfsense and enabling php-mysql to talk to the remote web server, cheers.

Gertjan

@guntery

Like https://www.youtube.com/watch?v=RS0nMVxPznY ?

It's not as simple as the classic local auth with the build in captive portal web server.
I've tried it ones, long time ago, just to see how it works and if I could make it work.

See also here : https://forum.netgate.com/topic/137979/what-happened-to-pre-authentication/2