[HOWTO] Captive portal + FreeRADIUS + local MySQL user friendly single step

astatine · Oct 12, 2016, 2:05 PM

There was a typo in admin.sql, should read PRIVILEGES and not PRIVIELGES.
Corrected on github. You may redownload the latest archive at https://github.com/deajan/pfSense-cp-auth-onestep/archive/master.zip

Merci!!! Problem solved!!

xAm56 · Oct 27, 2016, 1:42 PM

Hello deajan,

First thank you a lot for your work, the system works great !

I try to use your template only with the "room number" field to log in on the portal.

I successfully disable the others fields (familyName, surName, emailAddress and newsletter) but when i validate the form, I've a blank page.

However, I pass the portal and I can access to the web but the result is not very clean

Could you please explain me which modifications I have to make in ozy-captive.php and perhaps in captiveportal-config.php .

Thanks in advance !

deajan · Oct 29, 2016, 1:03 PM

Hello xAm56,

As far as I remember, the username is a combination of emailAdress and roomNumber and password is a combination of familyName and surName, in order to get some degree of randomness.
Basically, only using room number would mean that Radius records would not be unique.

I'll have a to push an update until monday which adds the language parameter in the url.
I'll try to check your usecase in the same time.

Regards,
Orsiris.

deajan · Oct 30, 2016, 9:19 AM

Have a look at the latest commits on github at https://github.com/deajan/pfSense-cp-auth-onestep/releases/tag/v0.44

saygon · Nov 1, 2016, 4:54 PM

Hi @deajan and thank you for your amazing work!

Unfortunately I'm not able to run mysql server.
I have made a clean install of pfSense 2.3, configured wan and lan, internet works. I'm also able to install all what do you mentioned on this guide.
Each time I try start mysql server it comes some error:


[2.3.2-RELEASE][admin@pfSense.localdomain]/root: service mysql-server.sh start
Starting mysql.
Bad -c option
/usr/local/etc/rc.d/mysql-server.sh: WARNING: failed to start mysql

I have already research on Google regarding to this error, but don't found nothing useful.
Please let me know if you need some additional info or log output.

deajan · Nov 1, 2016, 8:50 PM

@saygon I remember having dealt with that error while developping this project.
Don't remember the exact root cause… probably a bad mysql version installed.

Remove and reinstall the version corresponding to your setup.
If the problem still occurs, post the content of your mysql_server.sh file, and mysql -v output.

astatine · Nov 3, 2016, 7:33 AM

+–--+----------+-------+---------------+---------------------+
| id | username | pass | reply | authdate |
+----+----------+-------+---------------+---------------------+
| 1 | testu | testp | Access-Accept | 2015-09-29 15:13:24 |
+----+----------+-------+---------------+---------------------+

Hello deajan,

would you please tell me , how can I set MD5 encrypt here for user password?

deajan · Nov 3, 2016, 11:32 AM

@astatine Your question isn't in the scope of this howto. Please make your own question regarding FreeRADIUS + MySQL setup only.

joel.dq · Nov 4, 2016, 9:39 PM

Hello !

I'm new to pfSense and forum. I was tasked to set up this type of access for an organization and I'm having a small trouble that I probably think it's pretty stupid but can't make it work.

I followed the instructions to the letter and I got the captive portal working as is- No modification of the files except for mysql password etc.

On the LAN PC I get successfully forwarded to the Captive Portal but as soon as I press Connect nothing happens, the form is cleared (as if new connection) and remain there.

I tried to see if the PHP inserted something in the radius DB but I found nothing there and for the life of me I can't find in the logs, or where in the logs, I can tail if there are connectivity errors with mysql + php etc.

I do want t thank you though, the guide is very detailed and I was able to set everything up quick. I just now need to to make that work.

Thanks !

deajan · Nov 9, 2016, 10:33 AM

Hello joel.dq,

Can you activate debug mode in captiveportal-config.php ?

joel.dq · Nov 10, 2016, 11:22 PM

I think I did already. Where should I see that logging?

deajan · Nov 11, 2016, 9:07 AM

There's no logging, it's about getting the error messages onscreen.
What version of the captive portal code are you using ? What user input do you ask for to connect ?

joel.dq · Nov 12, 2016, 11:52 PM

@deajan:

There's no logging, it's about getting the error messages onscreen.
What version of the captive portal code are you using ? What user input do you ask for to connect ?

Hello

I'm using 2.3.2-RELEASE-p1 version.

The inputs I'm asking are

Room # (renamed to Age) . I put it because I can read in the code that the room# is used to create the radius account.
Name
Surname
Mail

Debug is enabled

/usr/local/captiveportal: cat captiveportal-config.php | grep DEBUG
DEFINE("DEBUG", true);
DEFINE("DEBUG", true);

What is happening is that I do get the Captive Portal. I fill the details and click Connect. Nothing happens, no error on the screen and simply clears the form as if first reaching the CP page.

http://i.imgur.com/a/TfTn4

and form gets cleared

http://imgur.com/a/Z8Udw

I normally try to debug myself, I have rudimentary php skills to understand what code does, but I'm lost when JS is involved.

deajan · Nov 16, 2016, 12:00 PM

Hello,

What version of captiveportal do you use ? Latest from git ?

Can you mail me your captiveportal-config.php file at ozy at netpower dot fr ?

Also, assuming you did a Spanish translation, can you give me that so I add it to git ?

joel.dq · Nov 16, 2016, 12:33 PM

@deajan:

Hello,

What version of captiveportal do you use ? Latest from git ?

Can you mail me your captiveportal-config.php file at ozy at netpower dot fr ?

Also, assuming you did a Spanish translation, can you give me that so I add it to git ?

Latest from GIT. Sending and many thanks for your assistance.

I'll send you the spanish translation a bit later. Modified it outside hotel for educative institute.

deajan · Nov 16, 2016, 2:51 PM

Your config file does not come from the latest git, there have been at least 7 commits since your version.
Please UPDATE ALL files before posting about this again.

joel.dq · Nov 18, 2016, 1:11 PM

@deajan:

Your config file does not come from the latest git, there have been at least 7 commits since your version.
Please UPDATE ALL files before posting about this again.

I found the issue.

When I put the terms of use as false, no matter what other options I try with true or false, it won't go on.

$askForTermsOfUse = false;

While the option to put it false is there, apparently it has to always be true to work.

Regards

deajan · Nov 18, 2016, 4:29 PM

Well this was more or less by design, as accepting Terms of use is mandatory.
In the meanwhile, I added askFor[all] parameters, without updating the fact that Terms of Use aren't mandatory anymore.

I've commited a quick and dirty fix you may try.

Regards,
Ozy.

joel.dq · Nov 21, 2016, 10:03 PM

@deajan:

Well this was more or less by design, as accepting Terms of use is mandatory.
In the meanwhile, I added askFor[all] parameters, without updating the fact that Terms of Use aren't mandatory anymore.

I've commited a quick and dirty fix you may try.

Regards,
Ozy.

I can confirm it now works perfect ! Thanks very much Ozy

hsrtreml · Nov 25, 2016, 3:56 PM

Hello Ozy, great work. Thank you.

I have couple of questions about authentification and administration:

How do you disable "non" Hotel guests? You solution is free and open for all "participants".
Is it possible to check the room number, before accepting the registration?
Why does in pfSense in FrreRadius section not listing the registrated user? Only within mySQL-database.
Have you thinking about the process to validate "the login" with eMail confirmation by the user or by the hotel?

Thanks so lot for a discussion.
Best regards
Treml