Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [HOWTO] Captive portal + FreeRADIUS + local MySQL user friendly single step

    Scheduled Pinned Locked Moved Captive Portal
    154 Posts 47 Posters 107.5k Views 7 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      deajan
      last edited by

      @ardorin: out of ideas here. Have tested it on linux / windows, using various languages and systems. Didn't happen to me. Maybe start with a fresh install and try again ?
      @Alexandre4sol: Are you running on 2.2 ? Cause zone parameter was introduced in 2.3. Also, what's your exact zone name ?

      NetPOWER.fr - some opensource stuff for IT people

      1 Reply Last reply Reply Quote 0
      • A Offline
        Alexandre4sol
        last edited by

        @deajan: Hi, thanks for helping me out.
        I'm using version 2.3.2-RELEASE (i386)
        the captive portal zone is "guest"
        This is the link to open the registration form. http://192.168.123.1:8002/index.php?zone=guest&redirurl=http%3A%2F%2Fwww.gstatic.com%2Fgenerate_204

        ![Captura de Tela 2017-02-04 a?s 10.28.56.png](/public/imported_attachments/1/Captura de Tela 2017-02-04 a?s 10.28.56.png)
        ![Captura de Tela 2017-02-04 a?s 10.28.56.png_thumb](/public/imported_attachments/1/Captura de Tela 2017-02-04 a?s 10.28.56.png_thumb)

        1 Reply Last reply Reply Quote 0
        • D Offline
          deajan
          last edited by

          @Alexandre4sol: I think dhipo on this thread did have the same error. Maybe you should talk to him to see how he managed to solve this. As for me I'll have to make some tests because I never encountered that problem.

          NetPOWER.fr - some opensource stuff for IT people

          1 Reply Last reply Reply Quote 0
          • G Offline
            guterkerl
            last edited by

            Hi had issues with the one downloaded from git.

            https://codeload.github.com/deajan/pfSense-cp-auth-onestep/zip/master
            

            The old version worked fine but the new one didn't.

            http://netpower.fr/sites/default/files/soft/bin/pfSense-cp-auth-onestep.gz
            

            Fatal error: Call to undefined function mysql_real_escape_string() in /var/etc/captiveportal_wifi.html on line 35 Call Stack: 0.0002 226208 1. {main}() /usr/local/captiveportal/index.php:0 0.0170 1469432 2. portal_reply_page() /usr/local/captiveportal/index.php:288 0.0171 1469680 3. get_include_contents() /etc/inc/captiveportal.inc:1944 0.0172 1487664 4. include('/var/etc/captiveportal_wifi.html') /etc/inc/pfsense-utils.inc:2601 0.0277 1500240 5. cleanInput() /var/etc/captiveportal_wifi.html:45 PHP ERROR: Type: 1, File: /var/etc/captiveportal_wifi.html, Line: 35, Message: Call to undefined function mysql_real_escape_string()

            1 Reply Last reply Reply Quote 0
            • D Offline
              deajan
              last edited by

              @guterkerl That's why releases exist on github, in order to not pick up a project at a random moment in the dev process. You should take release v0.46 on github which is latest and functionnal.

              NetPOWER.fr - some opensource stuff for IT people

              1 Reply Last reply Reply Quote 0
              • G Offline
                guterkerl
                last edited by

                oh ok thanks deajan

                1 Reply Last reply Reply Quote 0
                • P Offline
                  probie
                  last edited by

                  @deajan, I followed your instruction on PFS2.3.3 and it worked like a champ.  I tried to customize to my enviroment and was wondering on I would change the font size of "Hotel WiFi"?

                  1 Reply Last reply Reply Quote 0
                  • D Offline
                    deajan
                    last edited by

                    @probie Late reply, sorry. You can mod the text size directly in the css of ozy-captive.php. Find the line with```
                    .vertical-text

                    NetPOWER.fr - some opensource stuff for IT people

                    1 Reply Last reply Reply Quote 0
                    • K Offline
                      krotin
                      last edited by

                      Hi Deajan, Thank you for sharing your work.
                      My mistake I messed up mysql password during 'secure installation'.

                      How can I reset it to carry on with your [How To]

                      Thank you again.

                      Krotin

                      1 Reply Last reply Reply Quote 0
                      • D Offline
                        deajan
                        last edited by

                        @krotin google is your friend http://www.pastbedti.me/2008/11/resetrecover-mysql-root-password-in-freebsd/

                        NetPOWER.fr - some opensource stuff for IT people

                        1 Reply Last reply Reply Quote 0
                        • K Offline
                          krotin
                          last edited by

                          Thank you, I know google is my friend but i'm not trusting every source granted i'm new to freebsd.

                          At least I know I can safely follow those instructions with your recommendations.

                          Thank you for your kindness Sir.

                          Krotin.

                          1 Reply Last reply Reply Quote 0
                          • B Offline
                            bassc
                            last edited by

                            Hello. Is your work runnig both 32bit and 64bit platforms? Coz i noticed that some installation commands end with "amd64". So it means that installation package is for 64bit platform? When i wanna use 32bit platform do i have to use 32bit installion package?

                            1 Reply Last reply Reply Quote 0
                            • M Offline
                              mastrus
                              last edited by

                              Hi, I try to instal but when i try to instal mysql56-server, or mysql57-server go in conflict with the library libevent2-2.0.22_1 and libevent-2.1.8 in 64 bit version.

                              To no one else does the same?

                              1 Reply Last reply Reply Quote 0
                              • M Offline
                                mastrus
                                last edited by

                                I resolved the situation by using the development version 2.3.4-DEVELOPMENT (amd64), that does'nt have library conflict.

                                Also I have a problem with freeradius version 1.7.8 that don't allow to input into the interface the ip 127.0.0.1 so after installing freeradius I modificate the file /usr/local/pkg/freeradius.inc at line 4384 from

                                if (!is_ipaddr_configured($post['varinterfaceip'])) {

                                to

                                if (!is_ipaddr_configured($post['varinterfaceip']) && $post['varinterfaceip'] != "127.0.0.1") {

                                I found the information in tha post https://forum.pfsense.org/index.php?topic=127875.0

                                the last problem with freeradius version 1.7.8 is that need in the EAP section on "certificates for tls" all the voice with a hit

                                in the first you need to create a CA certificate, in the second a revacation list for the certificate and in the thir a ssl server certificate

                                @mastrus:

                                Hi, I try to instal but when i try to instal mysql56-server, or mysql57-server go in conflict with the library libevent2-2.0.22_1 and libevent-2.1.8 in 64 bit version.

                                To no one else does the same?

                                1 Reply Last reply Reply Quote 0
                                • D Offline
                                  deajan
                                  last edited by

                                  @mastrus:

                                  Also I have a problem with freeradius version 1.7.8 that don't allow to input into the interface the ip 127.0.0.1 so after installing freeradius I modificate the file /usr/local/pkg/freeradius.inc at line 4384 from

                                  if (!is_ipaddr_configured($post['varinterfaceip'])) {

                                  to

                                  if (!is_ipaddr_configured($post['varinterfaceip']) && $post['varinterfaceip'] != "127.0.0.1") {

                                  I found the information in tha post https://forum.pfsense.org/index.php?topic=127875.0

                                  Thanks for sharing. I have to setup a new pfSense test platform these days because of some changes I recently made on the mysql code. I'll update the howto then.

                                  NetPOWER.fr - some opensource stuff for IT people

                                  1 Reply Last reply Reply Quote 0
                                  • M Offline
                                    mastrus
                                    last edited by

                                    You have not updated this documentation page at this time

                                    http://netpower.fr/sites/default/files/soft/html-doc/pfSense-cp-auth-onestep_0.html

                                    1 Reply Last reply Reply Quote 0
                                    • D Offline
                                      deajan
                                      last edited by

                                      @mastrus:

                                      You have not updated this documentation page at this time

                                      http://netpower.fr/sites/default/files/soft/html-doc/pfSense-cp-auth-onestep_0.html

                                      I'm aware of that :) Still have to redo the whole howto on a recent pfSense build in order to rewrite it properly and address new issues, but as always, time is a b****, and I was more eager to rewrite the portal itself for security reasons than the manual.

                                      NetPOWER.fr - some opensource stuff for IT people

                                      1 Reply Last reply Reply Quote 0
                                      • P Offline
                                        patpa11
                                        last edited by

                                        Hi deajan, thanks a lot for this project.
                                        Is it possible to use this Captive Portal for self registration on a unencrypted WLAN SSID with username and password, and use these credentials to authenticate on a encrypted WPA2 Enterprise SSID (with PEAP authentification or something like that)?

                                        1 Reply Last reply Reply Quote 0
                                        • D Offline
                                          deajan
                                          last edited by

                                          @patpa11:

                                          Hi deajan, thanks a lot for this project.
                                          Is it possible to use this Captive Portal for self registration on a unencrypted WLAN SSID with username and password, and use these credentials to authenticate on a encrypted WPA2 Enterprise SSID (with PEAP authentification or something like that)?

                                          Hi,

                                          I'm not really sure what's your usecase here, but if I understand right, you want users to self sign in on a first wireless network, then have them connect on the secured wireless network with the credentials they created earlier.
                                          You would have to modify the code of the captive portal to add a password option (let's say instead of the room number or so).
                                          Then you'd need to add the pfSense FreeRADIUS server to your WPA2 setup.
                                          Could you elaborate a bit please ?

                                          NetPOWER.fr - some opensource stuff for IT people

                                          1 Reply Last reply Reply Quote 0
                                          • P Offline
                                            patpa11
                                            last edited by

                                            @deajan:

                                            Hi,

                                            I'm not really sure what's your usecase here, but if I understand right, you want users to self sign in on a first wireless network, then have them connect on the secured wireless network with the credentials they created earlier.
                                            You would have to modify the code of the captive portal to add a password option (let's say instead of the room number or so).
                                            Then you'd need to add the pfSense FreeRADIUS server to your WPA2 setup.
                                            Could you elaborate a bit please ?

                                            That's exactly what I want to implement.
                                            I've got three LANCOM L-322agn Access Points, one LANCOM WLC-4006+ Controller and a pfSense Setup. This will be used for a public WLAN in a small industrial area. The idea is to provide these two SSIDs with the access points at the same time. I do not want to use a "normal" WPA with pre shared key to provide more security when using the WLAN without VPN. I Think 802.1x/EAP with MSCHAPv2 or somethink like that would be better. What would be the best way to do that with your Captive portal solution? My PHP and JavaScript knowledge is unfortunately limited  :-\

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.