Captiv portal and vouchers integration with ssid on wlc 9800
-
Cisco ? Dono what that is. It better be an access point.
What you want is this :
As I use 3 access points, I used a dumb switch.
As the connected client device are not my friends, just people that need an Internet access, I use a dedicated LAN interface (OPT) for the captive portal.
My own stuff is hooked up to the LAN interface, not shown in the image.The access points don't need any special setup. Just an SSID, and typically, you remove the WPA password, so the SSID will be an 'open' network.
-
@Jozy you can run captive portal on the cisco controller, or just let cisco provide the wifi and run the captive portal on pfsense.
-
@Gertjan @johnpoz
So the situation is that when I try to connect to SSID guest it redirects me to Pfsense
the problem is that voucher are enabled and generated and when testing it works (as you can see from the picture )but when trying to reach Captiv Portal, pfSense asks me to type username and password instead of vouchers.
What could be the problem, on Captive portal side or SSID doesn't send right path or there is some other issue?? :(
Best regards,
Jozy -
@Jozy said in Captiv portal and vouchers integration with ssid on wlc 9800:
pfSense asks me to type username and password instead of vouchers.
that isn't captive portal, that is just the gui web page.
https://docs.netgate.com/pfsense/en/latest/captiveportal/index.html#captive-portal
-
@johnpoz perhaps I got it wrong.
What should I get?
How to get vouchers to autenticate instead of usename/paasword? -
@Jozy said in Captiv portal and vouchers integration with ssid on wlc 9800:
So the situation is that when I try to connect to SSID guest it redirects me to Pfsense
Did you saw the login page ?
The default (build in) login page will ask for a user name and password. if you have activated Voucher it will also show a third entry line, where the voucher must be entered.
Confusing for your portal victims ? I agree !Now, remember that you saw this : check the option "Enable to use a custom captive portal login page" and you' see :
Extract the captive portal login page with your browser to see what it looks lie.
Html of course, so no big deal.
Look also at /etc/inc/captiveportal.inc - search the function get_default_captive_portal_html() to get the default captive portal htm
There you can see how it's done.
In your case, make your own identical html file, but remove these two :<input type="text" name="auth_user" placeholder="{$translated_text1}" id="auth_user"> <input type="password" name="auth_pass" placeholder="{$translated_text2}" id="auth_pass">Don't forget to create "error" logout page also. Its nearly the same file as your login page, with one line added (the line that shows the error message).
After login, where do you login redirect your clients to ?
Remember this one ?
@Gertjan said in Captiv portal and vouchers integration with ssid on wlc 9800:
As the connected client device are not my friends, just people that need an Internet access, I use a dedicated LAN interface (OPT) for the captive portal.
which means : don't run the portal on your LAN.
You can, just be ready to assume the consequences. -
@Gertjan Thanks for the effort.
That's the problem since as I can see everything is enabled but I still don't get third entry for vouchers, only for username and password not vouchers. hm
you can see below fi something is wrong:
Is this ok for the local database?
I dont know what is wrong, is there some compability problem. PfSense version is 2.7.2 ?
Best regards,
Jozy -
@Jozy looks to me you have it set to use custom, but don't actually have custom setup
-
@johnpoz hm not sure what do you mean when you say that?
-
@Jozy your read @Gertjan posted write where you edit the template and add your voucher section..
edit: so what exactly is happening? You want to get rid of the username password prompt like @Gertjan was talking about? Because I just fired up captive portal on my guest network.. Connected with iphone, got the captive portal - and used a voucher to login.. It was pretty clicky clicky
And as I said before - this is not the captive portal, this is just the normal gui login
The default out of the box click,clicky captive portal is the image I posted above where I put in my voucher.
Your not running into a issue where your gui is listening on the captive portal port? I believe the captive portal is like 800x where x can change, etc. Are you using something like that for your web gui port? Example Just turned on the captive portal again to see what port its on, and its on 8002
[24.03-RELEASE][admin@sg4860.home.arpa]/root: netstat -anl Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp6 0 0 *.8002 *.* LISTEN tcp4 0 0 *.8002 *.* LISTEN -
@johnpoz Please if you can help me what exact lines I have to add in "captiveportal.inc" instead of
<input type="text" name="auth_user" placeholder="{$translated_text1}" id="auth_user">
<input type="password" name="auth_pass" placeholder="{$translated_text2}" id="auth_pass">??
As well, what is URL for Captive Portal I should use and put to WLC if I want redirection to ?
Im using this - https://x.x.x.x/services_captiveportal_zones.php :)
I have downloaded and uploaded html from page to Captiv portal content but nothing -
https://docs.netgate.com/pfsense/en/latest/captiveportal/configuration.html#captiveportal-portal-page-contents-vouchersBest regards,
Jozy -
@Jozy said in Captiv portal and vouchers integration with ssid on wlc 9800:
As well, what is URL for Captive Portal I should use and put to WLC if I want redirection to ?
If your going to do the captive portal on pfsense, there is nothing to do on the wlc.. Its just the wireless connection - pfsense would handle the captive portal you enable in pfsense on the network your clients are connecting to via wireless.
I would suggest you get that working before you look into editing how the captive portal page looks.
If all your going to ever use is vouchers, you can edit the page to only show that as an option. But vouchers will work even if it presents the options of username/password.. But get your captive portal working before worry about how the page looks would be my suggestion.
You can always pretty up the page once you know its functioning ;) And I think there is even some 3rd party tools you could use to print out vouchers with qr codes on them, etc.
