Captive portal login - add a link forgeted password
-
For access with Captive Portal I use openwisp-radius: i wanted to know if there is a way to authorize, when logging in to Captive Portal, access to a specific LAN url to reach Openwisp to reset the password. Better said: before entering the username and password for Captive Portal, allow the user to access a LAN URL to reset the password.
-
@Tommao said in Captive portal login - add a link forgeted password:
Better said: before entering the username and password for Captive Portal, allow the user to access a LAN URL to reset the password.
This "allow the user to access a LAN URL to reset the password" the user need to enter a user name and the current password, right ?
That's the "chicken and egg" problem.
If the users doesn't need to enter a ID and password, you might as well ditch them all, no more portal needed.
( I would change the passwords of everybody .....
)The only way out is : ask the user the very first tile when he uses your portal : a mail addresses.
A mail with a challenged code will get send to the address.
The user has to validate the mail address he entered with this code (this is what everybody does : expedia, bookings, amazon etc etc etc)Now, if the users forgot the password, have him enter the (his) mail address again.
If the mail exists in the radius system (or doesn't !!), show the message : "mail is send".
Of course, if the mail isn't present in the database, silently discard the "send mail operation".If the user really entered his mail address correctly (already a challenge, these days people even forget what address they used), he will get a challenge code.
Etc etc.Btw : you have to presume that the users doesn't need the portal access to have access to his mail box.
-
This "allow the user to access a LAN URL to reset the password" the user need to enter a user name and the current password, right ? :
I'll try to explain myself better: in a customized page for logging to Captive Portal, I would like to insert a link that takes you back to the OpenWisp-Radius password reset page (accessible within the LAN):
to reset the password you need to enter the email address to which the Captive Portal login username is associated.
Clearly, the user who requests the password reset must access their mailbox from a PC on the LAN and reset the password via the link received.
I would just like to know if there is a way to allow access to an IP internal to the LAN in the pre-authentication phase of the Captive Portal.
-
If the pfSense captive portal is the pfSense LAN, then access is already granted, as traffic doesn't pas through pfSense.
If If the pfSense captive portal is not the pfSense LAN, then you can use any of these :
-
but Allowed Ip Address does not refer to the source IP?
does it allow you to avoid blocking Captive Portal on the source addresses included in the list? -
@Tommao said in Captive portal login - add a link forgeted password:
Allowed Ip Address does not refer to the source IP?
You didn't trust the manual Allowed IP Address
IPv4's entered on the Allowed IP Address page can be accessed by the devices on the the captive portal network even they are not (yet) authenticated.
-
Now is more clear for me : have to set the direction
thank you !
Direction
The direction to allow traffic matching this IP address.From
Allow traffic sourced from this IP address through the portal, such as a local client IP address attempting to reach the Internet, or the IP address of a management client that must reach hosts on the portal network.To
Allow traffic with this IP address as a destination, such as a local web server IP address that must be reached via port forward, or a remote web server IP address which clients must always reach.Both
Allow traffic both to and from this IP address.
