Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal without Authentication

    Scheduled Pinned Locked Moved Captive Portal
    9 Posts 4 Posters 6.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TheStig405
      last edited by

      Is it possible to use Captive Portal with out the Authentication page?  I only want people to be re-directed at the first page to our web site, but do not want them to go through any kind of login.  Is this possible?

      thanks

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        No, users have to click through the portal page to be logged in. They can be redirected after clicking through the first page.

        1 Reply Last reply Reply Quote 0
        • T
          TheStig405
          last edited by

          Thanks, that's what I needed to know.

          1 Reply Last reply Reply Quote 0
          • S
            splante
            last edited by

            Actually I think there might be a way to accomplish this:
              * Create a 'guest' user with some known password
              * Create your own login form with the guest user name and password as hidden fields.
              * Include some JavaScript on the form to automatically submit when the page is loaded.
              * Also include a message and submit button just in case JavaScript is turned off for some users.
              * Set it to forward to your company page.

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              @splante:

              Actually I think there might be a way to accomplish this:
                * Create a 'guest' user with some known password
                * Create your own login form with the guest user name and password as hidden fields.
                * Include some JavaScript on the form to automatically submit when the page is loaded.
                * Also include a message and submit button just in case JavaScript is turned off for some users.
                * Set it to forward to your company page.

              That might work, not sure if you can get Javascript to do that but if you can it'll work.

              1 Reply Last reply Reply Quote 0
              • J
                jjones
                last edited by

                I've actually completed a method today that works. I edited the /usr/local/captiveportal/index.php file and added an ip address detection section where when it detects the specific subnet (we have a vlan setup with several vlans) and adds the correct user based on ip address without ever having to submit the form. When I get back to my box tommorrow, I'll post my exact setup. I don't know about potential security issues, but I just needed it for the redirect for this specific vlan.

                1 Reply Last reply Reply Quote 0
                • J
                  jjones
                  last edited by

                  Have a backup of the page on my laptop  ;D

                  I added this here:
                  $orig_host = $_ENV['HTTP_HOST'];
                  $orig_request = $_REQUEST['redirurl'];
                  $clientip = $_SERVER['REMOTE_ADDR'];

                  $octs = explode(".", $clientip);
                  $oct1 = $octs[0];
                  $oct2 = $octs[1];

                  And then depending on the setup (whether you are using no authentication, local authentication, or radius authentication) you can add another statement like so (I am using radius authentication, so you will need to edit appropriately):

                  else if (($_POST['accept'] && $radius_enable) || ($oct1 == "10" && $oct2 == "111")) { //added an or statement to get this subnet inside the if with no form submission
                     if ($_POST['auth_user'] && $_POST['auth_pass']) {
                         $auth_list = radius($_POST['auth_user'],$_POST['auth_pass'],$clientip,$clientmac,"USER LOGIN");
                  $type = "error";
                  if (!empty($auth_list['url_redirection'])) {
                  $redirurl = $auth_list['url_redirection'];
                  $type = "redir";
                  }

                  if ($auth_list['auth_val'] == 1) {
                             captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR",$auth_list['error']);
                     portal_reply_page($redirurl, $type, $auth_list['error'] ? $auth_list['error'] : $errormsg);
                         }
                         else if ($auth_list['auth_val'] == 3) {
                             captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE",$auth_list['reply_message']);
                             portal_reply_page($redirurl, $type, $auth_list['reply_message'] ? $auth_list['reply_message'] : $errormsg);
                         }
                     } else if($oct1 == "10" && $oct2 == "111") {
                      $auth_list = radius("user","pass",$clientip,$clientmac,"USER LOGIN");
                     } else {
                         captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR");
                         portal_reply_page($redirurl, "error", $errormsg);
                     }

                  My oct1 and oct2 are specific to my subnet, so you will need to change those to apply to your specific setup. Pretty much I just broke apart the detected ip address into it's separate components and added a loophole into the correct if statement. Then to get around the authentication I hard coded in the credentials into the statement in place of the POST variables. That way they never have to click accept and they automagically get redirected to whatever page you have set up for the redirect. This method requires that you have a user set up (in my case I used user for the username and pass for the password ;D ) either in the local database or radius database.

                  I'm away from my test box right now so I haven't tested this, but I believe you should be able to modify the following statement to do it without any form of authentication setup.

                  else if (($_POST['accept'] && $clientip && $config['captiveportal']['auth_method'] == "none") || ($oct1 == "10" && $oct2 == "111")) {
                      captiveportal_logportalauth("unauthenticated",$clientmac,$clientip,"ACCEPT");
                      portal_allow($clientip, $clientmac, "unauthenticated");
                  }

                  1 Reply Last reply Reply Quote 0
                  • J
                    jjones
                    last edited by

                    Is there anyone interested in this? I know over the months I've seen many people ask about this but no one is replying to this post. I'm working on integrating this into the portal setup page so there will be a box so you can select an interface for redirect only with no authentication required. I guess if anyone is interested PM me.

                    1 Reply Last reply Reply Quote 0
                    • C
                      cmb
                      last edited by

                      I'm sure it would be of interest to people, maybe not at this instant, but I would recommend posting it regardless as I'm sure someone will find this at some point and want to see it.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.