Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal RADIUS authentication doesn't work after upgrade to 2.3

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    21 Posts 5 Posters 6.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      muswellhillbilly
      last edited by

      A thought: Have you tried removing any custom wifi login page you might have and just use the default? There may be a subtle change in the syntax/requirements in the login page which might not be obvious. I mention this only because I've seen a minor change of wording/requirements in the wifi login page instructions on the config page. If the default works, then there may be some change you may need to make to your custom page to get your RADIUS connection working.

      1 Reply Last reply Reply Quote 0
      • R Offline
        robi
        last edited by

        Read this: https://forum.pfsense.org/index.php?topic=109829.0
        And please give feedback if it works for you or not.

        1 Reply Last reply Reply Quote 0
        • C Offline
          cs1
          last edited by

          muswellhillbilly: Yes, good idea. I'll try that.

          robi: I don't have any PHP includes on any of the CP pages (we don't use pre-authentication redirects or anything). We only have the simple HTML form for supplying username and password (as mentioned on the pfSense 2.3 CP configuration page). The only thing that we don't have (except for the voucher field, which we don't use anyhow) is the hidden form input

          It could well be that this is the cause of the problem because I don't recall that this hidden form input was needed in 2.2.6. I'll have a look at this and come back to you.

          1 Reply Last reply Reply Quote 0
          • C Offline
            cs1
            last edited by

            This was indeed the problem. The system log yielded an "/index.php: Submission to captiveportal with unknown parameter zone:" entry. After including the above hidden input, everything started to work. It's rather strange that the same portal worked under 2.2.6 without the hidden input. Oh well, it's nice that it's working now. Thanks for you hints. :)

            1 Reply Last reply Reply Quote 0
            • B Offline
              bhelrajesh
              last edited by

              Hi friend please elaborate your answer.am a beginner.Sorry for disturb you during your busy time

              1 Reply Last reply Reply Quote 0
              • M Offline
                muswellhillbilly
                last edited by

                @bhelrajesh:

                Hi friend please elaborate your answer.am a beginner.Sorry for disturb you during your busy time

                Elaborate how? What don't you understand? The line "" was missing from the customised login page for the portal. Adding it solved the problem.

                1 Reply Last reply Reply Quote 0
                • B Offline
                  bhelrajesh
                  last edited by

                  Hi friend am I not customize anything on the login page but i have error like this /index.php: Submission to captiveportal with unknown parameter zone

                  1 Reply Last reply Reply Quote 0
                  • M Offline
                    muswellhillbilly
                    last edited by

                    If you upgraded your firewall to 2.3, the suggestion was to amend the captive portal page with the 'missing' parameter mentioned in the previous posts. The parameters required are all listed on the captive portal config page. If you were using the standard CP page before you upgraded, then try loading a new page with all the required parameters included.

                    1 Reply Last reply Reply Quote 0
                    • B Offline
                      bhelrajesh
                      last edited by

                      Hi friend good morning.Is there any good tutorial to configure a new installation Captive portal configuration.Please provide a link for that.

                      1 Reply Last reply Reply Quote 0
                      • U Offline
                        unixaccent
                        last edited by

                        I would love to see that tutorial also. Thank you!

                        1 Reply Last reply Reply Quote 0
                        • C Offline
                          cs1
                          last edited by

                          Apart from the Cative Portal https://doc.pfsense.org/index.php/Captive_Portal docs you don't really need that much documentation. The options available for the CP are self-explanatory. If you don't want to use the default CP templates for the web page, all you need to do is to write your own page and include the mandatory HTML form that is described in the configuration options. You then upload the page you created via the file upload option on the CP configuration page. The only thing you need to be aware of is that all uploaded files get the prefix "captiveportal-". If you include any files on your custom page, make sure to include this prefix. Using RADIUS as an external authentication mechanism works very well. You need to consult the docs of your RADIUS server on how to configure the authentication mechanism that you choose for your CP.

                          If you need to use vouchers, please look at https://doc.pfsense.org/index.php/Captive_Portal_Vouchers.

                          1 Reply Last reply Reply Quote 0
                          • M Offline
                            muswellhillbilly
                            last edited by

                            If pictures are your thing, here's a tutorial video as well.

                            https://www.youtube.com/watch?v=s0p3ibHgvFM

                            1 Reply Last reply Reply Quote 0
                            • U Offline
                              unixaccent
                              last edited by

                              It is the redirection issue after successful login that is my concern. It doesn't redirect anymore after upgrading to 2.3.

                              1 Reply Last reply Reply Quote 0
                              • M Offline
                                muswellhillbilly
                                last edited by

                                Have you checked your DNS is working. Redirection won't happen if DNS isn't functioning.

                                1 Reply Last reply Reply Quote 0
                                • U Offline
                                  unixaccent
                                  last edited by

                                  DNS is functioning well. I just noticed though that here in 2.3, I had to go from DNS Resolver to DNS forwarder because I encountered issues in facebook lately which is relatively beneficial because in DNS Resolver, I can't make the OpenDNS work. I just cant make my CP redirect after authentication up until now.

                                  By the way, if I restore the "Portal page contents" to the default page, redirection works. Could there be issues about the code? I tried using only the sample form code below but still with no luck to make the redirection work.

                                  1 Reply Last reply Reply Quote 0
                                  • M Offline
                                    muswellhillbilly
                                    last edited by

                                    @unixaccent:

                                    By the way, if I restore the "Portal page contents" to the default page, redirection works. Could there be issues about the code?

                                    Obviously, yes. Take the default config page code and amend it to work with your custom page. If neccessary change the code slightly as you go along and wait until the redirect stops working. That should help you narrow down the faulty code.

                                    1 Reply Last reply Reply Quote 0
                                    • U Offline
                                      unixaccent
                                      last edited by

                                      Honestly I don't know where to start. I am not a coder and at the moment I am looking at the /etc/inc/captiveportal.inc. I'd like to know if I am on a right path and if not, can you point me where to get the default page.

                                      Thank you muswellhillbilly.

                                      1 Reply Last reply Reply Quote 0
                                      • M Offline
                                        muswellhillbilly
                                        last edited by

                                        The code in the example should work, assuming your DNS is configured correctly. Check that you can resolve hostnames correctly within the captive portal network before anything else. Redirection can't work if name resolutions doesn't work.

                                        When you create a new captive portal page, the file is placed in '/var/etc/captiveportal*.html'. This is the file you need to edit to tweak the code if you need to. The /etc/inc/captiveportal.inc file appears to create the default captive portal page automatically if no other customised page is present, judging from the code I've seen. However  you tweak your custom login page, you only have to ensure the lines mentioned in the example are present and your DNS is working to ensure redirection works.

                                        1 Reply Last reply Reply Quote 0
                                        • U Offline
                                          unixaccent
                                          last edited by

                                          Thank you muswellhillbilly. I'm grateful that you have pointed me to the right understanding especially to the notes about '/var/etc/captiveportal*.html' and  /etc/inc/captiveportal.inc. By relying also on your previous replies, I have isolated my issues. I noticed that manual logout page I have been using no longer works in 2.3. When I uploaded my customized login page, and set default on the error page and logout page, I was able to make the redirection successful.

                                          This would again be countless searching about how to implement a successful manual logout page in 2.3. I appreciate your help. I know it would be improper to ask in this thread about the manual logout page.  :)

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.