Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal - machine login issues

    Scheduled Pinned Locked Moved Captive Portal
    2 Posts 1 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      sheepthief
      last edited by

      Release 2.0.3

      I have a dozen CPs located at different sites, all authenticating users in Active Directory via central RADIUS servers. This works very well for users logging in via the CP web page.

      However, I have a hundred or so Android tablets that need to get through CP without user input. At first I had all the MACs listed as exceptions at each of the dozen CPs, and it worked, but admin is a pain so I wanted the MACs defined in a central location.

      So, I made use of the CP ability to use MAC authentication via RADIUS - set the accounts up in AD, ticked the boxes in CP, removed the local MAC exceptions.

      Everything seemed to work, but I soon started to get reports of some (but seemingly not all) tablets taking a long time to get access - sometimes hours.

      For the failing tablets: I know they're connected to the CP because I can see DHCP allocating addresses, but I see no attempts by CP to request authentication from the RADIUS servers. The tablets are running a custom app that I have no control over and I can't tell what response they're getting when they try to access a web page - maybe they're being fed the normal CP login page, maybe not.

      Has anyone else seen problems when using CP with MAC authentication via RADIUS?

      1 Reply Last reply Reply Quote 0
      • S Offline
        sheepthief
        last edited by

        I've found the problem, though not the solution.

        The tablets are configured to connect to a https site, and CP redirects only access to port 80, not port 443, as mentioned here: http://forum.pfsense.org/index.php?topic=53630.0

        For the tabelts that do work, I guess there's some background process that's communicating with a site via port 80, this allows CP to authenticate the MAC, so https access then works as expected.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.