Captive Portal without Authentication



  • Is it possible to use Captive Portal with out the Authentication page?  I only want people to be re-directed at the first page to our web site, but do not want them to go through any kind of login.  Is this possible?

    thanks



  • No, users have to click through the portal page to be logged in. They can be redirected after clicking through the first page.



  • Thanks, that's what I needed to know.



  • Actually I think there might be a way to accomplish this:
      * Create a 'guest' user with some known password
      * Create your own login form with the guest user name and password as hidden fields.
      * Include some JavaScript on the form to automatically submit when the page is loaded.
      * Also include a message and submit button just in case JavaScript is turned off for some users.
      * Set it to forward to your company page.



  • @splante:

    Actually I think there might be a way to accomplish this:
      * Create a 'guest' user with some known password
      * Create your own login form with the guest user name and password as hidden fields.
      * Include some JavaScript on the form to automatically submit when the page is loaded.
      * Also include a message and submit button just in case JavaScript is turned off for some users.
      * Set it to forward to your company page.

    That might work, not sure if you can get Javascript to do that but if you can it'll work.



  • I've actually completed a method today that works. I edited the /usr/local/captiveportal/index.php file and added an ip address detection section where when it detects the specific subnet (we have a vlan setup with several vlans) and adds the correct user based on ip address without ever having to submit the form. When I get back to my box tommorrow, I'll post my exact setup. I don't know about potential security issues, but I just needed it for the redirect for this specific vlan.



  • Have a backup of the page on my laptop  ;D

    I added this here:
    $orig_host = $_ENV['HTTP_HOST'];
    $orig_request = $_REQUEST['redirurl'];
    $clientip = $_SERVER['REMOTE_ADDR'];

    $octs = explode(".", $clientip);
    $oct1 = $octs[0];
    $oct2 = $octs[1];

    And then depending on the setup (whether you are using no authentication, local authentication, or radius authentication) you can add another statement like so (I am using radius authentication, so you will need to edit appropriately):

    else if (($_POST['accept'] && $radius_enable) || ($oct1 == "10" && $oct2 == "111")) { //added an or statement to get this subnet inside the if with no form submission
       if ($_POST['auth_user'] && $_POST['auth_pass']) {
           $auth_list = radius($_POST['auth_user'],$_POST['auth_pass'],$clientip,$clientmac,"USER LOGIN");
    $type = "error";
    if (!empty($auth_list['url_redirection'])) {
    $redirurl = $auth_list['url_redirection'];
    $type = "redir";
    }

    if ($auth_list['auth_val'] == 1) {
               captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR",$auth_list['error']);
       portal_reply_page($redirurl, $type, $auth_list['error'] ? $auth_list['error'] : $errormsg);
           }
           else if ($auth_list['auth_val'] == 3) {
               captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE",$auth_list['reply_message']);
               portal_reply_page($redirurl, $type, $auth_list['reply_message'] ? $auth_list['reply_message'] : $errormsg);
           }
       } else if($oct1 == "10" && $oct2 == "111") {
        $auth_list = radius("user","pass",$clientip,$clientmac,"USER LOGIN");
       } else {
           captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR");
           portal_reply_page($redirurl, "error", $errormsg);
       }

    My oct1 and oct2 are specific to my subnet, so you will need to change those to apply to your specific setup. Pretty much I just broke apart the detected ip address into it's separate components and added a loophole into the correct if statement. Then to get around the authentication I hard coded in the credentials into the statement in place of the POST variables. That way they never have to click accept and they automagically get redirected to whatever page you have set up for the redirect. This method requires that you have a user set up (in my case I used user for the username and pass for the password ;D ) either in the local database or radius database.

    I'm away from my test box right now so I haven't tested this, but I believe you should be able to modify the following statement to do it without any form of authentication setup.

    else if (($_POST['accept'] && $clientip && $config['captiveportal']['auth_method'] == "none") || ($oct1 == "10" && $oct2 == "111")) {
        captiveportal_logportalauth("unauthenticated",$clientmac,$clientip,"ACCEPT");
        portal_allow($clientip, $clientmac, "unauthenticated");
    }



  • Is there anyone interested in this? I know over the months I've seen many people ask about this but no one is replying to this post. I'm working on integrating this into the portal setup page so there will be a box so you can select an interface for redirect only with no authentication required. I guess if anyone is interested PM me.



  • I'm sure it would be of interest to people, maybe not at this instant, but I would recommend posting it regardless as I'm sure someone will find this at some point and want to see it.


Log in to reply