Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    User can login with different VLAN on Captive Portal.

    Scheduled Pinned Locked Moved Captive Portal
    6 Posts 3 Posters 370 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ontzuevanhussenO
      ontzuevanhussen
      last edited by ontzuevanhussen

      I have create VLAN183 (for user Guest) and VLAN 182 (for user Doctor), and make two captive portal for that (Services > Captive Portal). And then make user in (Package > FreeRADIUS: Users > Users).
      My question is: How to configure like User A can login for captive portal VLAN183 (Guest) but can't login captive portal VLAN182 (Doctor)? Thank you..

      Because their account can login into two different captive portals :(
      Screen Shot 2020-06-21 at 18.03.00.png

      Screen Shot 2020-06-21 at 18.03.17.png

      Sorry for my English.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @ontzuevanhussen
        last edited by

        @ontzuevanhussen said in User can login with different VLAN on Captive Portal.:

        How to configure like User A can login for captive portal VLAN183 (Guest) but can't login captive portal VLAN182 (Doctor)?

        I didn't try this out myself, but :

        You saw the user settings ? There is a VLANID.
        (I'm not sure if the context of VLANID is correct here)

        Another way to go : you have two captive portal instances, so you are using two NAS clients, right ?
        The "Advanced Configuration" users settings, like "Additional RADIUS Attributes (CHECK-ITEM)" could be use to check the NAS client before access is granted.

        Anyway, didn't check this myself.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        ontzuevanhussenO 1 Reply Last reply Reply Quote 0
        • ontzuevanhussenO
          ontzuevanhussen @Gertjan
          last edited by

          @Gertjan said in User can login with different VLAN on Captive Portal.:

          You saw the user settings ? There is a VLANID.
          (I'm not sure if the context of VLANID is correct here)

          Doesn't work, I have try this before.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by jimp

            Look at the RADIUS requests, the portal zone should be in there somewhere (NAS-Identifier, I think). Make your radius config check that along with the user.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan
              last edited by

              I do not have multiple portal, but I could test this :

              My "NAS Identifier", to bet defined in the captive portal settings, is =

              1b6945d8-442c-4622-9ee0-5b9501e9d7c3-image.png

              So, it's "CaptivePortal-cpzone1".

              I added in the 'radcheck" table this line for my user called "x" :

              7700a471-d430-4a3e-8899-86c0f3c8394f-image.png

              Now, when the user "x" logs in, an additional check is made : The NAS-Identifier should be "CaptivePortal-cpzone1", if not : no access.

              This should enforce that a user "x" can only login using a specific portal.

              Btw : there is no GUI access to add records to the radcheck table. Use classic mysql commands, or a database GUI like phpmyadmin.

              If needed, stop Freeradiusd process in the pfSense GUI, goto console/ssh access, option 8 and launch freeradius with

              radiusd -X
              

              This permits you to follow all the radius activity in great detail.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 1
              • ontzuevanhussenO
                ontzuevanhussen
                last edited by ontzuevanhussen

                Ok, I am done. I am using OpenLDAP for Authentication Servers. Now everything work fine. This is my configuration:

                Screen Shot 2020-08-08 at 10.44.17.png

                Screen Shot 2020-08-08 at 10.44.28.png

                Screen Shot 2020-08-08 at 10.44.54.png

                Screen Shot 2020-08-08 at 10.55.38.png

                Now user 'direktur' can login to Captive Portal 'Direksi' but can't login to Captive Portal 'Dokter'.

                Screen Shot 2020-08-08 at 10.49.05.png

                Screen Shot 2020-08-08 at 10.49.16.png

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.