Captive Portal RADIUS authentication doesn't work after upgrade to 2.3
-
If you upgraded your firewall to 2.3, the suggestion was to amend the captive portal page with the 'missing' parameter mentioned in the previous posts. The parameters required are all listed on the captive portal config page. If you were using the standard CP page before you upgraded, then try loading a new page with all the required parameters included.
-
Hi friend good morning.Is there any good tutorial to configure a new installation Captive portal configuration.Please provide a link for that.
-
I would love to see that tutorial also. Thank you!
-
Apart from the Cative Portal https://doc.pfsense.org/index.php/Captive_Portal docs you don't really need that much documentation. The options available for the CP are self-explanatory. If you don't want to use the default CP templates for the web page, all you need to do is to write your own page and include the mandatory HTML form that is described in the configuration options. You then upload the page you created via the file upload option on the CP configuration page. The only thing you need to be aware of is that all uploaded files get the prefix "captiveportal-". If you include any files on your custom page, make sure to include this prefix. Using RADIUS as an external authentication mechanism works very well. You need to consult the docs of your RADIUS server on how to configure the authentication mechanism that you choose for your CP.
If you need to use vouchers, please look at https://doc.pfsense.org/index.php/Captive_Portal_Vouchers.
-
If pictures are your thing, here's a tutorial video as well.
https://www.youtube.com/watch?v=s0p3ibHgvFM
-
It is the redirection issue after successful login that is my concern. It doesn't redirect anymore after upgrading to 2.3.
-
Have you checked your DNS is working. Redirection won't happen if DNS isn't functioning.
-
DNS is functioning well. I just noticed though that here in 2.3, I had to go from DNS Resolver to DNS forwarder because I encountered issues in facebook lately which is relatively beneficial because in DNS Resolver, I can't make the OpenDNS work. I just cant make my CP redirect after authentication up until now.
By the way, if I restore the "Portal page contents" to the default page, redirection works. Could there be issues about the code? I tried using only the sample form code below but still with no luck to make the redirection work.
-
By the way, if I restore the "Portal page contents" to the default page, redirection works. Could there be issues about the code?
Obviously, yes. Take the default config page code and amend it to work with your custom page. If neccessary change the code slightly as you go along and wait until the redirect stops working. That should help you narrow down the faulty code.
-
Honestly I don't know where to start. I am not a coder and at the moment I am looking at the /etc/inc/captiveportal.inc. I'd like to know if I am on a right path and if not, can you point me where to get the default page.
Thank you muswellhillbilly.
-
The code in the example should work, assuming your DNS is configured correctly. Check that you can resolve hostnames correctly within the captive portal network before anything else. Redirection can't work if name resolutions doesn't work.
When you create a new captive portal page, the file is placed in '/var/etc/captiveportal*.html'. This is the file you need to edit to tweak the code if you need to. The /etc/inc/captiveportal.inc file appears to create the default captive portal page automatically if no other customised page is present, judging from the code I've seen. However you tweak your custom login page, you only have to ensure the lines mentioned in the example are present and your DNS is working to ensure redirection works.
-
Thank you muswellhillbilly. I'm grateful that you have pointed me to the right understanding especially to the notes about '/var/etc/captiveportal*.html' and /etc/inc/captiveportal.inc. By relying also on your previous replies, I have isolated my issues. I noticed that manual logout page I have been using no longer works in 2.3. When I uploaded my customized login page, and set default on the error page and logout page, I was able to make the redirection successful.
This would again be countless searching about how to implement a successful manual logout page in 2.3. I appreciate your help. I know it would be improper to ask in this thread about the manual logout page. :)