Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CAPTIVE PORTAL VS FREERADIUS: AUTHENTIFCATION WITH PHONE NUMBER XXXXXXXX

    Scheduled Pinned Locked Moved Captive Portal
    4 Posts 3 Posters 951 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      aliadam
      last edited by

      hi friends, i configured the pfsense captive portal and radius server with authentication the phone number as username and password.i have loaded the phone numbers of my users on freeradius (in this format XXXXXXXX Cleartext- Password: = "XXXXXXXX") so that they can authenticate.
      the problem is that a user can use another user's phone number to authenticate.
      is it possible to be able to identify the phone number of a user and that only this user can connect with his phone number only?
      Or is it possible to directly link the authentication to the GSM system to the HLR (home location register)?

      1 Reply Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad
        last edited by NogBadTheBad

        Try running a radsniff -x and check what info the phones are sending in the requests., there may be something unique to each phone.

        Why didn't you create an individual user ID & unique password for each user, using easily known data seems a little stupid.

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 0
        • A
          aliadam
          last edited by

          I know that I can create a user ID and password for each user, I want to encourage my users to use my product (phone number (sim)), I set up wifi terminals in public places, once you buy my product (Sim) I give you free access to the internet but while authenticating with the number of the sim you paid.

          1 Reply Last reply Reply Quote 0
          • F
            free4 Rebel Alliance
            last edited by free4

            well

            first of all HLR don't exist in phone networks anymore. we are now in the age of 3g and 4g, HLR have been replaced by HSS.

            second of all, unless you are a government agency, you can't have access to such data, for obvious safety reasons. you are not allowed to track the location of any user you want

            third, the recommanded way to check that a phone number really belong to someone, is to send a confirmation code to the phone.
            this is what banks do for verifying an user's phone, so you should be safe with it

            in order to do this, you could either code your own system using a sim card reader, or use an external services for this. multiple companies are offering this services. you can type "confirmation SMS API" or "F2A API" on google to find one

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.