Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    User can login with different VLAN on Captive Portal.

    Captive Portal
    3
    6
    108
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ontzuevanhussen
      ontzuevanhussen last edited by ontzuevanhussen

      I have create VLAN183 (for user Guest) and VLAN 182 (for user Doctor), and make two captive portal for that (Services > Captive Portal). And then make user in (Package > FreeRADIUS: Users > Users).
      My question is: How to configure like User A can login for captive portal VLAN183 (Guest) but can't login captive portal VLAN182 (Doctor)? Thank you..

      Because their account can login into two different captive portals :(
      Screen Shot 2020-06-21 at 18.03.00.png

      Screen Shot 2020-06-21 at 18.03.17.png

      Sorry for my English.

      Gertjan 1 Reply Last reply Reply Quote 0
      • Gertjan
        Gertjan @ontzuevanhussen last edited by

        @ontzuevanhussen said in User can login with different VLAN on Captive Portal.:

        How to configure like User A can login for captive portal VLAN183 (Guest) but can't login captive portal VLAN182 (Doctor)?

        I didn't try this out myself, but :

        You saw the user settings ? There is a VLANID.
        (I'm not sure if the context of VLANID is correct here)

        Another way to go : you have two captive portal instances, so you are using two NAS clients, right ?
        The "Advanced Configuration" users settings, like "Additional RADIUS Attributes (CHECK-ITEM)" could be use to check the NAS client before access is granted.

        Anyway, didn't check this myself.

        ontzuevanhussen 1 Reply Last reply Reply Quote 0
        • ontzuevanhussen
          ontzuevanhussen @Gertjan last edited by

          @Gertjan said in User can login with different VLAN on Captive Portal.:

          You saw the user settings ? There is a VLANID.
          (I'm not sure if the context of VLANID is correct here)

          Doesn't work, I have try this before.

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by jimp

            Look at the RADIUS requests, the portal zone should be in there somewhere (NAS-Identifier, I think). Make your radius config check that along with the user.

            1 Reply Last reply Reply Quote 0
            • Gertjan
              Gertjan last edited by

              I do not have multiple portal, but I could test this :

              My "NAS Identifier", to bet defined in the captive portal settings, is =

              1b6945d8-442c-4622-9ee0-5b9501e9d7c3-image.png

              So, it's "CaptivePortal-cpzone1".

              I added in the 'radcheck" table this line for my user called "x" :

              7700a471-d430-4a3e-8899-86c0f3c8394f-image.png

              Now, when the user "x" logs in, an additional check is made : The NAS-Identifier should be "CaptivePortal-cpzone1", if not : no access.

              This should enforce that a user "x" can only login using a specific portal.

              Btw : there is no GUI access to add records to the radcheck table. Use classic mysql commands, or a database GUI like phpmyadmin.

              If needed, stop Freeradiusd process in the pfSense GUI, goto console/ssh access, option 8 and launch freeradius with

              radiusd -X

              This permits you to follow all the radius activity in great detail.

              1 Reply Last reply Reply Quote 1
              • ontzuevanhussen
                ontzuevanhussen last edited by ontzuevanhussen

                Ok, I am done. I am using OpenLDAP for Authentication Servers. Now everything work fine. This is my configuration:

                Screen Shot 2020-08-08 at 10.44.17.png

                Screen Shot 2020-08-08 at 10.44.28.png

                Screen Shot 2020-08-08 at 10.44.54.png

                Screen Shot 2020-08-08 at 10.55.38.png

                Now user 'direktur' can login to Captive Portal 'Direksi' but can't login to Captive Portal 'Dokter'.

                Screen Shot 2020-08-08 at 10.49.05.png

                Screen Shot 2020-08-08 at 10.49.16.png

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy