Captive Portal authentication system
-
If I go to Status -> Captive Portal, I only see the following fields:
-
IP address
-
MAC address
-
Username
-
Session start
If you click on the "X" to disconnect a user from the CP, you get the following link:
http://firewall.ramboflat.nl/status_captiveportal.php?zone=gast&order=&showact=&act=del&id=9c9280ad2173ea8b
If you can see the ID in the url is: 9c9280ad2173ea8b.
Can I somehow retrieve (with a script) which user(name) has which ID?
-
-
In order to authenticate, the user must enter a username, which shows up under the status page. You've indicated you've seen this already. The username has to be associated with the account/name of the user in question. What are you using for authentication? Local database? RADIUS? Vouchers?
You mention building a 'site' where all the AD users are 'loaded'. How so? Are you importing user IDs in some fashion? Are you binding this to AD using RADIUS?
User IDs are assigned by you, so you ought to be able to correspond login IDs with AD accounts one way or another. So how are you doing it?
-
CP is authentication against my Windows Server (2012 R2) Active Directory.
What I mean is that, if a user is already logged in, we want to kick him off the network (disconnection his connection).
Normally this is done by click on the 'X' to disconnect the user, but I want an external site or script to do this action automatically on the firewall (so no direct acces to the firewall / pfSense).I almost managed it by building a user manager with ldap connection to my AD, if a user his account is disabled, CP will kick him automatically from the network (is the idea :) )
-
hola instale el pfsense por tarea de la escuela y necesito hacer 1 portal cautivo.
Despues de configurar el portal cautivo y pruebo si me redirecciona a la pagina de login no lo hace, solo lo hace si coloco esta direccion ip 192.168.99.1:8000. Una vez en la pagina de login inicio sesion pero no me hace nada solo se queda ahi alguien que me ayude. Por favor me urge
-
English, please.
-
@ Chrisiesmit93: To my knowledge AD is providing the authentication mechanism for the captive portal. Once authentication takes place, the captive portal handles when the session times out. Disabling the account within AD simply prevents any further authentication from taking place on that account, but won't trigger the active session on the PFS to end. My only suggestion is that you set the expiry time on the session to something short-ish and when you disable the account within AD the session will timeout shortly afterwards.
-
I maybe solved my problem.
I've built myself a website where all the AD user accounts can be enabled or disabled with one button (in the AD)Captive Portal reauthenticates users every minute, so if I click on the button to disable a user account in the AD.
The user will automatically be kicked off the network :)No testing done so far…
-
My "problem" is not (yet) solved.
Can I kick users authenticated through RADIUS (MS Active Directory) from CLI or a .php script on another host and/or webserver?
-
@Chrisiesmit93:
.
Can I kick users authenticated through RADIUS (MS Active Directory) from CLI or a .php script on another host and/or webserver?'kicking' means 'disconnecting' means the Captive Portal firewall rules should be modified. So something has to execute on pfSense to 'kick'.
Putting a script on another system won't do 'the job'.Btw : Userid's are stored into a SQLLIGHT3 database on the pfSense file syem (see source for the "how to access and retrieve").
-
@Chrisiesmit93:
.
Can I kick users authenticated through RADIUS (MS Active Directory) from CLI or a .php script on another host and/or webserver?'kicking' means 'disconnecting' means the Captive Portal firewall rules should be modified. So something has to execute on pfSense to 'kick'.
Putting a script on another system won't do 'the job'.Btw : Userid's are stored into a SQLLIGHT3 database on the pfSense file syem (see source for the "how to access and retrieve").
Thank you! This is wat I searched for! :)