Voucher auth and username log



  • Hi, i want to set up captive portal with voucher authentification, plus i need to register a username like 'self registered" with the vouncher (to have a name with the vouncher in pf log)

    i've seen this post and this issue but didn't manage to get it work in pf 2.4.4.

    i can auth on cp with vouncher & username but username didn't get logged.
    here is my index.php.txt

    Any suggestions would be greatly appreciated.



  • Three choices exist :

    • No authentication
    • User / password
    • Voucher.

    These are mutual exclusive.

    You would have to change :
    @nicklang said in Voucher auth and username log:

    here is my index.php.txt

    to make work what you ask for.
    ( probably also /etc/inc/captiveportal.inc )


  • Rebel Alliance

    @nicklang said in Voucher auth and username log:

    Hi, i want to set up captive portal with voucher authentification, plus i need to register a username like 'self registered" with the vouncher (to have a name with the vouncher in pf log)

    Any suggestions would be greatly appreciated.

    Well,
    pfSense does not offer such functionality. vouchers are "anonymous" codes and are not designed to be linked to any name. If you ever heard about GDPR in Europe or about various Data Privacy Act in the US & APAC, you should probably understand why.

    You could of course set up your own page that will bind vouchers to real users. But i'm not sure that's what you really want (why use vouchers in the first place in this case? Couldn't you just use a freeRadius server + an SQL database containing your users? Your setup seems a little bit odd)

    Also, the index.php.txt you provided seems to be the default login page of pfSense 2.4.3...You should probably use the 2.4.4 login page instead.
    You could find this file in /usr/local/captiveportal/index.php in your pfSense appliance, or you could simply get it here
    . Then you could update this page to bind vouchers to your username list, probably using an external database or something.

    @Gertjan said in Voucher auth and username log:

    Three choices exist :

    • No authentication
    • User / password
    • Voucher.

    These are mutual exclusive.

    Not really related but...that is not true, vouchers and user/password can be used at the same time :

    d9964755-c3dc-413d-9a95-934bdfef2c1e-image.png



  • @free4 said in Voucher auth and username log:

    @nicklang said in Voucher auth and username log:

    Hi, i want to set up captive portal with voucher authentification, plus i need to register a username like 'self registered" with the vouncher (to have a name with the vouncher in pf log)

    Any suggestions would be greatly appreciated.

    Well,
    pfSense does not offer such functionality. vouchers are "anonymous" codes and are not designed to be linked to any name. If you ever heard about GDPR in Europe or about various Data Privacy Act in the US & APAC, you should probably understand why.

    You could of course set up your own page that will bind vouchers to real users. But i'm not sure that's what you really want (why use vouchers in the first place in this case? Couldn't you just use a freeRadius server + an SQL database containing your users? Your setup seems a little bit odd)

    Also, the index.php.txt you provided seems to be the default login page of pfSense 2.4.3...You should probably use the 2.4.4 login page instead.
    You could find this file in /usr/local/captiveportal/index.php in your pfSense appliance, or you could simply get it here
    . Then you could update this page to bind vouchers to your username list, probably using an external database or something.

    @Gertjan said in Voucher auth and username log:

    Three choices exist :

    • No authentication
    • User / password
    • Voucher.

    These are mutual exclusive.

    Not really related but...that is not true, vouchers and user/password can be used at the same time :

    d9964755-c3dc-413d-9a95-934bdfef2c1e-image.png

    Well ... not really ^^
    Checkout index.php line https://github.com/pfsense/pfsense/blob/master/src/usr/local/captiveportal/index.php#L158
    If a voucher code has been entered, it will be tested - and accepted if the code is valid and some time is left for this voucher. If not, authentication stops - user/password are NOT tested, the error page is shown.

    If no voucher value is entered, user and password are tested - if valid, the login is validated.

    So, it one method, or the other.
    There is no situation where both are tested.

    If some one chooses to use voucher - and not the user/password it would be better to modify the existing login by removing User/Password related lines.
    Btw : keep in mind, the pfsense admin can always use the User (== admin) and his Password to login against the portal.

    ( I resourced from the index.php source )


Log in to reply