Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [HOWTO] Captive portal + FreeRADIUS + local MySQL user friendly single step

    Captive Portal
    47
    154
    104.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      charlesbiesseki
      last edited by

      Good morning guys, I'm having this problem.

      PHP ERROR: Type: 1, File: /var/etc/captiveportal_publicwifi.html, Line: 157, Message: Class 'mysqli' not found @ 2017-08-11 08:54:53

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        @charlesbiesseki:

        Good morning guys, I'm having this problem.

        PHP ERROR: Type: 1, File: /var/etc/captiveportal_publicwifi.html, Line: 157, Message: Class 'mysqli' not found @ 2017-08-11 08:54:53

        This is what the error says :
        Your are using "PHP mysqli extension" command(s) in your own portal login page. You can't. The PHP msqli extension library should be installed first.
        I can't tell you how to do that on pfgSense. It might be possible.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • M
          mastrus
          last edited by

          Hi everyone, I want to changhe the page after portal login, with putting some image to make it more readable.

          I see that there are two variable in captiveportal-config.php $continue_string, $noScript_string, but i can't see it in the php main page.

          Someone can me say where these variables are used, and where is the page after the portal login?

          1 Reply Last reply Reply Quote 0
          • M
            mackykulitz
            last edited by

            @Gertjan:

            @charlesbiesseki:

            Good morning guys, I'm having this problem.

            PHP ERROR: Type: 1, File: /var/etc/captiveportal_publicwifi.html, Line: 157, Message: Class 'mysqli' not found @ 2017-08-11 08:54:53

            This is what the error says :
            Your are using "PHP mysqli extension" command(s) in your own portal login page. You can't. The PHP msqli extension library should be installed first.
            I can't tell you how to do that on pfgSense. It might be possible.

            Install mysqli with pkg

            1 Reply Last reply Reply Quote 0
            • M
              mackykulitz
              last edited by

              Hi Deajan,

              I have configured your setup on my pfsense perfectly.

              may i ask how can i set the time limit of the newly registered users and reset the time

              ex: new user register, it will have access to internet for 3 hours then disconnect and can only reconnect without having to re-register after lets say after 12 hours.

              and thanks for a great guide very much appreciated..  :)

              1 Reply Last reply Reply Quote 0
              • N
                nunoabsilva
                last edited by

                Hi All,

                anyone already have this working with pfsense 2.4.1?

                thanks in advanced.

                1 Reply Last reply Reply Quote 0
                • R
                  rudat
                  last edited by

                  Maybe I found the solution for problem 2
                  in the File ozy-captive.php I changed the string "Password" to "Cleartext-Password"

                  if (!$statement = $db->prepare("INSERT INTO radcheck (username, attribute, value) VALUES (?, 'Cleartext-Password', ?)"))

                  can someone be so kind and confirm the solution?

                  Update
                  I solved the problem  Nr.1  using the last new version v0.48 - 03 May 2017
                  download from  https://github.com/deajan/pfSense-cp-auth-onestep

                  Promlem 2 now
                  after click on connect  I recieve "Invalid credentials specfied" with the default
                  landing page username / password

                  –-----------------
                  Promlem 1
                  I  receive the Message:  „Cannot check database for user.(1)  after  click on connect at the landing page.
                  I need some help how to go forward debugging ,

                  Radius seams to be up and running
                  /root/pfSense-cp-auth-onestep/sql: radtest testu testp 127.0.0.1:1812 0 SuperTest
                  Sent Access-Request Id 87 from 0.0.0.0:5851 to 127.0.0.1:1812 length 75
                  User-Name = "testu"
                  User-Password = "testp"
                  NAS-IP-Address = 192.168.1.1
                  NAS-Port = 0
                  Message-Authenticator = 0x00
                  Cleartext-Password = "testp"
                  Received Access-Accept Id 87 from 127.0.0.1:1812 to 0.0.0.0:0 length 20

                  #even mysql is up and running

                  mysql -p -e "SELECT * FROM radpostauth;" radius
                  Enter password:
                  +----+----------+-------+---------------+---------------------+
                  | id | username | pass  | reply        | authdate            |
                  +----+----------+-------+---------------+---------------------+
                  |  1 | testu    | testp | Access-Accept | 2017-10-31 21:36:17 |

                  in schema.sql I changed in "CREATE TABLE radcheck"  the line "op char(2) NOT NULL DEFAULT ':=',"  already
                  Running  2.4.1 with Freeradius 3

                  P.S
                  ozy-captive.php 
                  @mysql_select_db(DBNAME, $con);  seams to work
                  but  this seams to fail ....

                  $query = "INSERT INTO reg_users (familyName, surName, roomNumber, emailAddress, macAddress, ipAddress, regDate, identificator, newsletter) VALUES ('$familyName', '$surName', '$roomNumber', '$emailAddress', '$macAddress' , '$ipAddress', '$regDate', '$identificator', '$newsletter');";

                  1 Reply Last reply Reply Quote 0
                  • R
                    retestreak
                    last edited by

                    I'm running the latest version of pfsense with freeradius3
                    I followed every detail in the guide but I still cant manage to make everything work.

                    I did try what user "srvrgt" suggested except changing the "==" to ";=" resulted in having an attribute error. ( I left the schema file as it was "==")
                    I've only changed the password value to cleartext-password in the php file.

                    Now I am facing 2 issues.

                    1. Whenever a client connects and fills in the form the user gets created in sql but somehow it is not showing up on radius clients tab.

                    2. When a client submits the form they first get redirected to the new captive portal after clicking the accept button the default pfsense captive portal comes on with the error code that username/password is wrong however
                    authentication for user testu:testp works because it is in the clients tab on radius

                    If someone could help me that would be great!
                    Thank you in advance

                    1 Reply Last reply Reply Quote 0
                    • R
                      rudat
                      last edited by

                      in the Post is written „:=„  an not „;=„ also a change im the php file

                      1 Reply Last reply Reply Quote 0
                      • R
                        rudat
                        last edited by

                        @retestreak:

                        I'm running the latest version of pfsense with freeradius3
                        I followed every detail in the guide but I still cant manage to make everything work.

                        I did try what user "srvrgt" suggested except changing the "==" to ";=" resulted in having an attribute error. ( I left the schema file as it was "==")
                        I've only changed the password value to cleartext-password in the php file.

                        Now I am facing 2 issues.

                        1. Whenever a client connects and fills in the form the user gets created in sql but somehow it is not showing up on radius clients tab.

                        2. When a client submits the form they first get redirected to the new captive portal after clicking the accept button the default pfsense captive portal comes on with the error code that username/password is wrong however
                        authentication for user testu:testp works because it is in the clients tab on radius

                        If someone could help me that would be great!
                        Thank you in advance

                        I used the version form v0.48 - 03 May 2017
                        download from  https://github.com/deajan/pfSense-cp-auth-onestep

                        1 Reply Last reply Reply Quote 0
                        • R
                          rudat
                          last edited by

                          @srvrgt:

                          heyy guys, first of all thank you Deajan for the amazing work, really, it helps alot, now to my problem, i am currently on pfsense 2.3.4, and everything seems to be working fine except for the radius login part, i can see the users in the MYSQL database but they are all Rejected, the configuration of the ports on the radius server is ok, i was able to find this in the logs

                          "Invalid user (sql1: Failed to create the pair: Invalid vendor name in attribute name "Password"): [123] (from client tester port 2010 cli "

                          i believe from what ive read that there is no such thing as apassword atribute, it must be Cleartext-Password, the problem is that i cant seem to find where to change the value, could you please help me out?,

                          FYI if i use the test user and test password i can log in no problem and the mysql database also reflects that, so im guessing its just some sintaxis problem.

                          thanks

                          Do you found a Solution?

                          1 Reply Last reply Reply Quote 0
                          • R
                            retestreak
                            last edited by

                            @rudat:

                            @srvrgt:

                            heyy guys, first of all thank you Deajan for the amazing work, really, it helps alot, now to my problem, i am currently on pfsense 2.3.4, and everything seems to be working fine except for the radius login part, i can see the users in the MYSQL database but they are all Rejected, the configuration of the ports on the radius server is ok, i was able to find this in the logs

                            "Invalid user (sql1: Failed to create the pair: Invalid vendor name in attribute name "Password"): [123] (from client tester port 2010 cli "

                            i believe from what ive read that there is no such thing as apassword atribute, it must be Cleartext-Password, the problem is that i cant seem to find where to change the value, could you please help me out?,

                            FYI if i use the test user and test password i can log in no problem and the mysql database also reflects that, so im guessing its just some sintaxis problem.

                            thanks

                            Do you found a Solution?

                            Thanks for the help :)

                            I've changed the Cleartext-password atribute in the schema.sql to ":=" and I had to enter my database password in the captive portal setting. Now everything works great.

                            1 Reply Last reply Reply Quote 0
                            • D
                              doken1313
                              last edited by

                              Absolutely amazing work! Congratulations to all of you that made this system.

                              However I had some issues from users registering with emails with no valid domains (no mx records at all) so I am posting an addon for all of you that  want to avoid this :

                              Add a new error message in captiveportal-config.php like

                              $novalidmail_string = "The input you provided is not a valid email.";
                              
                              

                              or whatever you want to appear there and make your ozy-captive.php look like this (lines 105 - 117)

                              
                              	if (isset($_POST['emailAddress']))
                              	{
                              		$emailAddress = cleanInput($_POST["emailAddress"]);
                              		$record = 'MX';
                              		list($user, $domain) = explode('@', $emailAddress);
                              	}
                              	else
                              		$emailAddress = false;
                              	if (!checkdnsrr($domain, $record)  && ($askForEmailAddress == true))
                              	{
                              		$checkMessage = t('novalidmail_string');
                              		$badCheck = true;
                              	}
                              
                              

                              Once again great work !

                              1 Reply Last reply Reply Quote 1
                              • D
                                darkiazz
                                last edited by

                                Hi guys !

                                I've a problem with pfSense 2.4.1 and this solution..

                                I've 'Invalid creditential specified' and in the system logs 'failed retrieving values required to evaluate condition'.

                                Do anyone can help me ?

                                Thanks you

                                1 Reply Last reply Reply Quote 0
                                • D
                                  Darlene
                                  last edited by

                                  @deajan:

                                  03 May 2017:

                                  • New version 0.48 has php-mysqli requirements
                                    29 Nov 2016:
                                  • Added watchdog install
                                    26 May 2016:
                                  • Added new pkg procedure for 2.3 final and post 2.3 releases

                                  Hello,

                                  I've written a captive portal wrapper that creates the FreeeRADIUS user account and logs in in one step, all with bootstrap responsive code and validation, with configurable language that suits for hotels and public wifi providers.
                                  Here's the full howto:

                                  1 Introduction

                                  pfSense-cp-auth-onestep is a project that aims to provide a captive portal interface for pfSense 2.x (currently tested on 2.2.x and 2.3-beta) that doesn't require the creation of a user account.

                                  In fact, when a user registers, it creates the RADIUS user account and then logs in with that account.

                                  A demo can be found at the following address:http://pfcp.netpower.fr
                                  The latest doc can be found here: http://netpower.fr/pfcp-pfSense-auth-onestep

                                  Initial work based on the excellent work of khan: https://forum.pfsense.org/index.php?topic=57260.0

                                  2 Preparation of pfSense

                                  In order to work, pfSense needs the following packages: FreeRADIUS, Cron.

                                  Also, some upstream packages are required in order to work.

                                  First we need to fetch some upstream packages:

                                  Additional steps for pfSense 2.3

                                  The repository management has changed in pfSense 2.3, and by default the FreeBSD repository is disabled.

                                  You must edit the file /usr/local/etc/pkg/repos/pfSense.conf and set the following value:

                                  FreeBSD: { enabled: yes }
                                  

                                  Additional steps after 2.3 final release

                                  You must also edit file /usr/local/etc/pkg/repos/FreeBSD.conf and set the following value:

                                  FreeBSD: { enabled: yes }
                                  

                                  ATTENTION: Once the packages are installed with pkg command, please set this value to 'no' again so updates won't interfere with pfSense normal functionality.

                                  Installation of packages:

                                  pkg
                                  pkg update
                                  pkg install nano git
                                  

                                  If your pkg doesn't find the packages, you may need to reinit the pkg database with

                                  rm -f /var/db/pkg/*.sqlite
                                  

                                  After this, pkg update should reinitialize the pkg database.

                                  2.1 Installation of MySQL

                                  Although MySQL should be installed on a separate machine, it's convenient to have a single pfSense box doing the whole authentication.

                                  Installation of MySQL isn't supported by pfSense, so you'll have to redo the following steps after every update.

                                  2.1.1 pfSense 2.2 steps

                                  MySQL installation

                                  pkg install mysql56-server
                                  pkg install compat8x-amd64
                                  

                                  PHP support

                                  touch /etc/php_dynamodules/mysql
                                  /etc/rc.php_ini_setup
                                  

                                  The following command should output mysql and mysqlnd.

                                  php -m | grep mysql
                                  

                                  2.1.2 pfSense 2.3 steps

                                  MySQL installation

                                  pkg install mysql56-server
                                  pkg install compat9x-amd64
                                  pkg install php56-mysql
                                  

                                  Since v0.48 of the captive portal version, mySQL queries are done via prepared statements using mysqli.
                                  If using pfSense-cp-onestep-auth v0.48 or higher, please replace php56-mysql package with php56-mysqli.

                                  PHP support

                                  The following command should output mysql and mysqlnd.

                                  php -m | grep mysql
                                  

                                  2.1.3 Common steps

                                  We need to allow the MySQL service to start.

                                  echo 'mysql_enable="YES"' > /etc/rc.conf
                                  

                                  Also, pfSense won't start services unless their name finishes by “.sh”

                                  mv /usr/local/etc/rc.d/mysql-server /usr/local/etc/rc.d/mysql-server.sh
                                  

                                  2.1.4 MySQL startup fix

                                  For whatever, pfSense won't start MySQL sometimes. If you have a tip, please tell.

                                  In order to fix this, create the following file /usr/local/bin/mysql_relaunch.sh

                                  #!/usr/bin/env sh  
                                  
                                  service /mysql-server.sh status > /dev/null
                                  if [ $? != 0 ]; then
                                          service mysql-server.sh start
                                  fi
                                  

                                  Render the file executable

                                  chmod +x /usr/local/bin/mysql_relaunch.sh
                                  

                                  Install the cron package and add the following entry:

                                  */1 * * * * root /usr/local/bin/mysql_relaunch.sh
                                  

                                  After this, we may launch the mysql service

                                  service mysql-server.sh start
                                  

                                  Also, as FreeRADIUS may start before mysql and fail, install watchdog service and set it up to restart FreeRADIUS.

                                  Secure your installation by running the following command and change your root password

                                  /usr/local/bin/mysql_secure_installation
                                  

                                  Optionnaly, you may create the following password file /root/.my.cnf

                                  [client]
                                  password="YourMySQLrootPassword"
                                  

                                  2.2 FreeRADIUS setup

                                  2.2.1 FreeRADIUS installation
                                  Install the FreeRADIUS2 package via System > Packages > Available

                                  In Services > FreeRADIUS > Users

                                  Add a user called: testu

                                  Set it's password: testp

                                  in Services > FreeRADIUS > NAS / Clients

                                  Add a NAS user:

                                  IP: 127.0.0.1

                                  Client Shortname: tester

                                  Shared Secret: SuperTest (replace this with a good password)

                                  In Services > FreeRADIUS > Interface

                                  Add the interface the RADIUS server should listen on: 127.0.0.1

                                  You can now check in Status > System Logs that the server is active

                                  Sep 29 14:54:50 radiusd[10330]: Loaded virtual server <default>Sep 29 14:54:50 radiusd[13493]: Ready to process requests.</default>

                                  Connect to pfSense via ssh or console and check if FreeRADIUS authenticates (replace SuperTest with your Shared Secret):

                                  radtest testu testp 127.0.0.1:1812 0 SuperTest
                                  

                                  The answer should look like:

                                  Sending Access-Request of id 108 to 127.0.0.1 port 1812
                                          User-Name = "testu"
                                          User-Password = "testp"
                                          NAS-IP-Address = 192.168.1.1
                                          NAS-Port = 0
                                          Message-Authenticator = 0x00000000000000000000000000000000
                                  rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=108, length=20

                                  Check authentication in Status > System Logs

                                  Sep 29 15:04:51	radiusd[22223]: Login OK: [testu] (from client pfSense port 0)
                                  

                                  #TIP: See https://doc.pfsense.org/index.php/Testing_FreeRADIUS for tuning and troubleshooting

                                  2.2.2 MySQL FreeRADIUS integration

                                  First we need to create the RADIUS database. Launch the “mysql” program. If you didn't create the /root/.my.cnf password file, launch “mysql -p” and execute the following statements:

                                  CREATE DATABASE  `radius`;
                                  exit
                                  

                                  We also have to get a copy of the sql files needed for the captive portal.

                                  You can fetch them via wget at http://netpower.fr/sites/default/files/soft/bin/pfSense-cp-auth-onestep.gz or directly via git:

                                  cd /root
                                  git clone https://github.com/deajan/pfSense-cp-auth-onestep
                                  cd /root/pfSense-cp-auth-onestep/sql
                                  

                                  We need to integrate every .sql file into the radius database. Please execute the admin.sql file at last because it contains definitions for the other files. Add “-p” to myql if you don't have created the password file.

                                  Before running those commands, modify the admin.sql file in order to replace the default password 'radpass'. (Use vi or nano if installed).

                                  mysql radius < cui.sql
                                  mysql radius < nas.sql
                                  mysql radius < radippool.sql
                                  mysql radius < schema.sql
                                  mysql radius < wimax.sql
                                  mysql radius < reg_users.sql
                                  mysql radius < admin.sql
                                  

                                  Activate SQL support in Services > FreeRADIUS > SQL:

                                  Enable SQL Support: Enable

                                  Enable SQL Authorization: Enable

                                  Enable SQL Accounting: Enable

                                  Enable SQL Session: Enable

                                  Enable SQL Post-Auth: Enable

                                  Server IP Address –> 127.0.0.1

                                  Server Port --> 3306

                                  Server Database -> radius

                                  Server User -> radius

                                  Server Password -> radpass (replace with your database password).

                                  MySQL authentication test

                                  Execute the following command (replace SuperTest with your Shared Secret):

                                  radtest testu testp 127.0.0.1:1812 0 SuperTest
                                  

                                  The radpostauth table should contain the authentication info:

                                  mysql -p -e "SELECT * FROM radpostauth;" radius
                                  

                                  +–--+----------+-------+---------------+---------------------+
                                  | id | username | pass  | reply        | authdate            |
                                  +----+----------+-------+---------------+---------------------+
                                  |  1 | testu    | testp | Access-Accept | 2015-09-29 15:13:24 |
                                  +----+----------+-------+---------------+---------------------+

                                  2.3 Enable captive portal

                                  2.3.1 Setup

                                  Grab a copy of the pfSense-pfcp-auth-onestep files via github or via the following link http://netpower.fr/sites/default/files/soft/bin/pfSense-cp-auth-onestep.gz

                                  Uncompress the file and edit captiveportal-config.php to meet your settings, especially the database password.

                                  Create a new zone in Services > Captive Portal . Example “PUBLICWIFI”

                                  In Services > Captive Portal > File Manager, upload all the files from pfSense-pfcp-auth-onestep beginning with “captiveportal-*”

                                  The following files need to be uploaded:

                                  captiveportal-bootstrap.min.css
                                  captiveportal-bootstrap.min.js
                                  captiveprotal-jquery.validate.js
                                  captiveportal-jquery-1.11.3.min.js
                                  captiveportal-background.jpg
                                  captiveportal-sidelogo.png
                                  captiveportal-check_readio_sheet.png
                                  captiveportal-termsofuse.html
                                  captiveportal-config.php

                                  #TIP: I had trouble with uploading the files in pfSense 2.2.6. After every 3 files, I had to restart WebConfigurator via ssh.

                                  We Can now enable the captive portal on the LAN interface or whatever interface you need.

                                  We also need to activate RADIUS authentication:

                                  IP: 127.0.0.1

                                  Port: 1812

                                  Shared Secret: SuperTest (or your Shared Secret)

                                  Radius Protocol: PAP

                                  Account Check:

                                  Send RADIUS accounting packets: Enable

                                  Port: 1813

                                  Accounting updates: stop/start accounting (FreeRADIUS if available)

                                  RADIUS NAS IP attribue: LAN IP (or whatever interface you selected)

                                  Portal page contesnts: Upload file ozy-captive.php

                                  Redirection URL: Whatever you'd like, example: http://www.google.com

                                  2.3.2 Testing

                                  Once enabled, you can open a browser and enter any domain. You should end on the captive portal page.

                                  You may access directly to the captive portal via http://[pfSenseIP]:8002

                                  #TIP: Your computer should use DHCP and use the pfSense IP as DNS server or the redirection won't work.

                                  If the redirection still doesn't work, check that the DNS Resolver service is running without the forwarding mode.

                                  Also, if your computer already has the domain in DNS cache, you may have to flush dns cache.

                                  On Linux:

                                  service nscd restart
                                  

                                  On Windows:

                                  ipconfig /flushdns
                                  

                                  At least, close and reopen your browser so it would make a new DNS query.

                                  Fell free to help improve this howto.

                                  Regards,
                                  zy.

                                  please how do u edit and enter the code?

                                  1 Reply Last reply Reply Quote 0
                                  • GertjanG
                                    Gertjan
                                    last edited by

                                    @Darlene:

                                    please how do u edit and enter the code?

                                    Using a keyboad and your hands ?!

                                    Of course, a more specific answer is possible as soon as we know what kind of device you use.

                                    No "help me" PM's please. Use the forum, the community will thank you.
                                    Edit : and where are the logs ??

                                    1 Reply Last reply Reply Quote 0
                                    • M
                                      mansoor.khan
                                      last edited by

                                      Hello,

                                      I am facing problem in login page from Captiveportal.

                                      I am using the default login Form Html code with Form action 'action ="$PORTAL_ACTIONS"' and still I am continuously getting Access-Reject message in Mysql table 'radpostauth'.

                                      I am using Pfsense 2.4.2 with freeRadius3 pakage and mysql Server 5.6.39.

                                      When I create user from Captiveportal -> Users login page works fine then. Also with NO authentication login page is working.

                                      But I need this with Mysql database authentication.

                                      Did anyone face problem like this? If you have solution in mind please let me know.

                                      Thanks in advance

                                      M 1 Reply Last reply Reply Quote 0
                                      • O
                                        Ophion
                                        last edited by

                                        Great work! Appreciated.

                                        1 Reply Last reply Reply Quote 0
                                        • D
                                          Darlene
                                          last edited by

                                          Please how do you edit those files you mentioned earlier

                                          1 Reply Last reply Reply Quote 0
                                          • GertjanG
                                            Gertjan
                                            last edited by

                                            @Darlene:

                                            Please how do you edit those files you mentioned earlier

                                            Who is you ?
                                            What file ?

                                            No "help me" PM's please. Use the forum, the community will thank you.
                                            Edit : and where are the logs ??

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.