Importing captive portal users into pfsense



  • Hi,

    So I setup my pfsense to work like a shamp as a gateway for all my APs that cover our campus to provide internet service. The problem is that i have around 400 users need to be added to the user manager database that i am currently use to authenticate users on the captive portal.

    As per my knowledge "correct me if i am wrong"  there is no way to import users to the local db which brig us to my question:

    what is my option now? how pfsense champs do it? keeping in mind i don't want to manager user administration in the future; it should be delegated.

    Thank you and appreciate your help



  • The most manageable way I know to handle hundreds (in my case, thousands) of users, is setting up a RADIUS server and using that as the authentication mechanism for the captive portal. You can use FreeRadius and import as many accounts as you need quite easily. You can use the flat 'users' file in the FreeRadius config folder, or import users into a SQL database which can be used in conjuctions with FreeRadius. The DaloRadius project does exactly that, and is very easy to manage - you can import users either using SQL commands or via the web interface directly. It also allows for specific permissions to be assigned to individual admin users.

    http://www.daloradius.com/



  • @muswellhillbilly:

    The most manageable way I know to handle hundreds (in my case, thousands) of users, is setting up a RADIUS server and using that as the authentication mechanism for the captive portal. You can use FreeRadius and import as many accounts as you need quite easily. You can use the flat 'users' file in the FreeRadius config folder, or import users into a SQL database which can be used in conjuctions with FreeRadius. The DaloRadius project does exactly that, and is very easy to manage - you can import users either using SQL commands or via the web interface directly. It also allows for specific permissions to be assigned to individual admin users.

    http://www.daloradius.com/

    Is there are any options to install daloRadius on pfsense?


  • LAYER 8 Netgate

    Why must your firewall also be your RADIUS server?



  • @Derelict:

    Why must your firewall also be your RADIUS server?

    Well my previous thinking was to have all-in-one box to do every thing for me but it is ok now i installed dalo radius ova and trying to make it work with my pfsense.

    I followed this link: http://mgyinngetay.blogspot.ae/2014/04/how-to-configure-pfsense-captive-portal.html but it didn't work as excepted, i get this error msg from the pfsense portal :

    Error sending request: No valid RADIUS responses received

    I installed pfsense on a PC with two network card, wan PPPOE and lan, the daloRadius .ova running on VMplayer om my machine which is connected directly to the LAN port.

    Trying to go out from my host machine to internet to validate that it is working with no luck.

    I will appreciate your support



  • I tried radtest tool on the daloradius and it gave me error msg :

    radclient: no response from server for ID 66 socket 3

    the configuration exactly the same as i tested with. i checked the services as well, radius and mysql are running…



  • Try running a self-test on the Dalo machine. The GUI allows you to check whether a login account will work locally with the Radius server. If it does, then the issue may be that you haven't added the PFS machine's IP address to the clients.conf file (in /etc/raddb). Edit this file and add the following lines:

    client 34.23.10.9 {
            secret          = secret
            shortname      = MyPFS
            nastype        = other
    }

    Replace the '34.23.10.9' with the IP of your PFS. Restart your Radius service ('service radiusd restart' or 'systemctl restart radiusd') and the 'secret' to whatever password you want to use and try again.



  • @muswellhillbilly:

    Try running a self-test on the Dalo machine. The GUI allows you to check whether a login account will work locally with the Radius server. If it does, then the issue may be that you haven't added the PFS machine's IP address to the clients.conf file (in /etc/raddb). Edit this file and add the following lines:

    client 34.23.10.9 {
            secret          = secret
            shortname      = MyPFS
            nastype        = other
    }

    Replace the '34.23.10.9' with the IP of your PFS. Restart your Radius service ('service radiusd restart' or 'systemctl restart radiusd') and the 'secret' to whatever password you want to use and try again.

    tried to do the selftest from the GUI but it is not working on my PFS secret; it is only working on the default NAS "localhost" which was pre-configured on the ova. Anyway i added the above client configuration to the /etc/freeradius/client.conf file and map it to work with the default with no luck. I tried to change the secret on the PFS and the nas type but didn't work as well. any more suggestion?


  • LAYER 8 Netgate

    Add the client and the secret to the RADIUS server and it will work.

    Did you restart the RADIUS server after making the changes?

    If it's based on FreeRADIUS shut it down and run it with the -X flag. That will show what it's doing in the foreground. Run a test using Diagnostics > Authentication and post the results.



  • @Derelict:

    Add the client and the secret to the RADIUS server and it will work.

    Did you restart the RADIUS server after making the changes?

    If it's based on FreeRADIUS shut it down and run it with the -X flag. That will show what it's doing in the foreground. Run a test using Diagnostics > Authentication and post the results.

    I restarted the radius and it did work :) , Thanks to muswellhillbilly and Derelict


Log in to reply