Captive Portal - ERROR: unauthenticated, noclientmac



  • Hi,

    I was wondering if anyone else is experiencing similar problems, I have my testbed set up with 5 guinea pigs clients authenticating against local user manager with captive portal and I am running a 1st april snapshot on a mini-itx with 4 giga intel adaptors, 1st 2 adapters are wan interfaces, the 3rd is lan and the 4th interface has 4 vlans attached to it.

    wan1–--          |-----vlan11
                |pfsense|-----vlan22
    wan2----    |    |-----vlan33
                      |    |-----vlan44
                    lan

    I have captive portal attached to vlan11,vlan22 and clients connect to these interfaces via access points with bridging enabled (AP on vlan11 dettached at the moment).

    On the captive portal config page I have "Disable concurrent logins" ticked and I have "Disabled MAC filtering" unticked.

    However, now and again I come across an error which seems to happen randomly, tbh I havent seen it for about a week up until now.

    Log is in reverse order.

    Thanks

    Slam

    Apr 6 23:19:44 logportalauth[53453]: LOGIN: davide, 00:1b:9e:xx:xx:xx, 10.0.1.101
    Apr 6 23:15:00 logportalauth[53453]: LOGIN: kerol3006, 00:18:de:xx:xx:xx, 10.0.1.147
    Apr 6 22:13:25 logportalauth[52226]: LOGIN: sara, 00:1f:3c:xx:xx:xx, 10.0.1.148
    Apr 6 22:10:38 logportalauth[62179]: TIMEOUT: kerol3006, 00:18:de:xx:xx:xx, 10.0.1.147
    Apr 6 21:56:19 php[32620]: /index.php: Successful login for user 'admin' from: 192.168.1.149
    Apr 6 21:32:42 logportalauth[27369]: TIMEOUT: sara, 00:1f:3c:xx:xx:xx, 10.0.1.148
    Apr 6 20:47:35 logportalauth[24858]: TIMEOUT: davide, 00:1b:9e:xx:xx:xx, 10.0.1.101
    Apr 6 20:24:19 logportalauth[32620]: LOGIN: sara, 00:1f:3c:xx:xx:xx, 10.0.1.148
    Apr 6 19:59:20 php[52353]: /index.php: Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality.
    Apr 6 19:59:20 logportalauth[52353]: ERROR: unauthenticated, noclientmac, 10.0.1.148
    Apr 6 19:58:50 php[52353]: /index.php: Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality.
    Apr 6 19:58:50 logportalauth[52353]: ERROR: unauthenticated, noclientmac, 10.0.1.148
    Apr 6 19:58:20 php[52353]: /index.php: Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality.
    Apr 6 19:58:20 logportalauth[52353]: ERROR: unauthenticated, noclientmac, 10.0.1.148
    Apr 6 19:57:50 php[52353]: /index.php: Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality.
    Apr 6 19:57:50 logportalauth[52353]: ERROR: unauthenticated, noclientmac, 10.0.1.148
    Apr 6 19:57:20 php[52353]: /index.php: Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality.
    Apr 6 19:57:20 logportalauth[52353]: ERROR: unauthenticated, noclientmac, 10.0.1.148
    Apr 6 19:56:50 php[52353]: /index.php: Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality.
    Apr 6 19:56:50 logportalauth[52353]: ERROR: unauthenticated, noclientmac, 10.0.1.148
    Apr 6 19:56:20 php[52353]: /index.php: Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality.
    Apr 6 19:56:20 logportalauth[52353]: ERROR: unauthenticated, noclientmac, 10.0.1.148
    Apr 6 19:55:50 php[52353]: /index.php: Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality.
    Apr 6 19:55:50 logportalauth[52353]: ERROR: unauthenticated, noclientmac, 10.0.1.148
    Apr 6 19:55:20 php[52353]: /index.php: Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality.
    Apr 6 19:55:20 logportalauth[52353]: ERROR: unauthenticated, noclientmac, 10.0.1.148
    Apr 6 19:54:50 php[52353]: /index.php: Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality.
    Apr 6 19:54:50 logportalauth[52353]: ERROR: unauthenticated, noclientmac, 10.0.1.148
    Apr 6 19:54:20 php[52353]: /index.php: Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality.
    Apr 6 19:54:20 logportalauth[52353]: ERROR: unauthenticated, noclientmac, 10.0.1.148
    Apr 6 19:53:50 php[52353]: /index.php: Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality.
    Apr 6 19:53:50 logportalauth[52353]: ERROR: unauthenticated, noclientmac, 10.0.1.148
    Apr 6 19:53:20 php[52353]: /index.php: Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality.
    Apr 6 19:53:20 logportalauth[52353]: ERROR: unauthenticated, noclientmac, 10.0.1.148
    Apr 6 19:52:50 php[52353]: /index.php: Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality.
    Apr 6 19:52:50 logportalauth[52353]: ERROR: unauthenticated, noclientmac, 10.0.1.148
    Apr 6 19:52:20 php[52353]: /index.php: Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality.
    Apr 6 19:52:20 logportalauth[52353]: ERROR: unauthenticated, noclientmac, 10.0.1.148
    Apr 6 19:51:50 php[52353]: /index.php: Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality.
    Apr 6 19:51:50 logportalauth[52353]: ERROR: unauthenticated, noclientmac, 10.0.1.148
    Apr 6 19:51:20 php[52353]: /index.php: Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality.
    Apr 6 19:51:20 logportalauth[52353]: ERROR: unauthenticated, noclientmac, 10.0.1.148
    Apr 6 19:50:50 php[52353]: /index.php: Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality.
    Apr 6 19:50:50 logportalauth[52353]: ERROR: unauthenticated, noclientmac, 10.0.1.148
    Apr 6 19:50:20 php[52353]: /index.php: Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality.
    Apr 6 19:50:20 logportalauth[52353]: ERROR: unauthenticated, noclientmac, 10.0.1.148
    Apr 6 19:49:50 php[52353]: /index.php: Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality.
    Apr 6 19:49:50 logportalauth[52353]: ERROR: unauthenticated, noclientmac, 10.0.1.148
    Apr 6 19:20:30 logportalauth[733]: LOGIN: davide, 00:1b:9e:xx:xx:xx, 10.0.1.101
    Apr 6 18:18:56 logportalauth[40277]: TIMEOUT: sara, 00:1f:3c:xx:xx:xx, 10.0.1.148
    Apr 6 17:45:51 logportalauth[53453]: LOGIN: martina, 00:1f:3c:xx:xx:xx, 10.0.1.149
    Apr 6 17:03:04 logportalauth[11479]: TIMEOUT: davide, 00:1b:9e:xx:xx:xx, 10.0.1.101
    Apr 6 16:10:22 logportalauth[49225]: LOGIN: kerol3006, 00:18:de:xx:xx:xx, 10.0.1.147
    Apr 6 15:03:08 logportalauth[29941]: LOGIN: sara, 00:1f:3c:xx:xx:xx, 10.0.1.148
    Apr 6 15:01:59 logportalauth[35813]: LOGIN: davide, 00:1b:9e:xx:xx:xx, 10.0.1.101
    Apr 6 06:21:02 logportalauth[56071]: TIMEOUT: test, 00:21:5c:xx:xx:xx, 10.0.1.150



  • When someone logs in, it pings their IP address once, which will issue an ARP request that the client should respond to even if firewalled. The result of the ping is ignored. The ARP table is then checked for the IP address of the host, and if it doesn't exist, it returns the "Captive portal could not determine client's MAC address" message. So that means for some reason that host wasn't responding to ARP, if it's indeed on the same broadcast domain as the firewall.



  • Thanks for the clarification Chris, I think then its most probably an issue with my switch or the software running on my ap's not passing the mac address correctly on random occasions, Ill have to investigate further.

    Thanks

    Slam


Log in to reply