Captive Portal Only Showing Options for Vouchers
-
I've been trying to set up my Captive Portal following the video that was linked from the pfSense web site, but have been noticing a rather glaring difference for some reason…I don't seem to have a Users tab at all on my Captive Portal page at all.
After installation, I couldn't get a login page to the portal at all, and couldn't see a Users tab, so I began to start searching on the web and on the appliance, but found nothing except some documentation all referencing the tab I'm missing. After loads of searching, I've tried several different things to see if I could get anywhere. Hopefully I haven't made matters any worse, but things are slightly different now than they were in the beginning, and I'll explain that further on.
I've tried adding a user specifically for those users accessing the Captive Portal (since I obviously wouldn't want to share out the admin login anyway), and gave that user it's own group in case I wanted additional users in the future. There was no change in anything at this point. I was able to browse the web from anywhere, but nothing changed on the portal...no authentication prompts of any nature.
I've also tried installing Squid and setting it to transparent mode so that I don't have to manually configure every browser to either the proxy URL or to look for a proxy, but still no difference. I still have no Users tab, but here's where the weirdness was noted on the clients...
At some point, and I don't think it was when Squid was installed, my Vouchers tab enable checkbox became "permanently" checked. I say permanently because I know there's got to be a way to fix it, but I can't do it from the web interface. Every time I remove the check from the Vouchers tab enable box and save the changes, it appears to stay that way until I leave the page and return. I've tried doing that both by shutting down the Captive Portal first and by not, but no change in the behavior of the Vouchers tab. However, I can at least verify that I am reaching the Captive Portal. I get a prompt for a Voucher number on a wireless client on my unsecured wireless if I leave the Captive Portal enabled now, which is a far cry from what I was getting before I installed Squid.
Now, for the pertinent configuration information:
pfSense 2.0.1 i386 Release
Intell P-III 700 Dual CPU running in SMP mode
2 Gb RAM
38.4 GB SCSI Hard Drive
4-Port Intel NIC running in a WAN-LAN-OPT1 (Secure)-OPT2 (Captive) configuration
Dansguardian 2.12.0.0 pkg v.0.1.5.3
Lightsquid 1.8.0 pkg v.2.32
Squid 2.7.9 pkg v.4.3.1I'm a bit confused as to what this is doing, and hoping it's something I can fix by simply editing a .conf file via ssh or the console. I'm still working the bugs out of small things like the Dansguardian config, but that certainly shouldn't affect this, I wouldn't think. It was there before the Dansguardian install. Thanks in advance for any and all assistance!
--Mike -
Captive portal users are integrated into the user manager in 2.0 and newer, you're finding old documentation. Everything else is the same though.
-
I've been trying to set up my Captive Portal following the video that was linked from the pfSense web site, but have been noticing a rather glaring difference for some reason…I don't seem to have a Users tab at all on my Captive Portal page at all.
Go to System -> User Manager to add or modify user authentication details for users accessing pfSense or wanting to authenticate to the Captive Portal.
You need to supply your own authentication page to collect username and password or voucher code for Captive Portal authentication. I didn't see any mention of you providing such a page.
I have been running Captive Portal for over a year on one of my systems using voucher or username/password authentication and I have never had to run Squid to get it to work. I don't run Dan's Guardian on that system.
I wonder if you ever specified the correct interface(s) on which to run Captive Portal.
-
@CMB: Yeah, I found that the Captive Portal users were integrated into the User Manager. That's fine. That's why I created the user and group for that particular user (or others, should I need them). I found that after the fact, but I wouldn't have thought it should have made a big difference. I would have expected the User tab to show up if that way it was designed to function.
@WallabyBob: I tried adding the appropriate permissions for the user I added, and I also tried removing all permissions, neither made any difference at all. I've also marked the "Local User Manager/Vouchers" setting, figuring that it would use the default page. Everything I've read indicates that there is such a page. Am I to understand that the page now needs to be created, and that it no longer exists? That's no big problem, but I thought I'd read every recent Captive Portal post, and even on those where someone had had any issues it didn't sound like anyone had had that sort of issue. Also, if I had to create a default page for the username/password, shouldn't I also have to create one for the vouchers? It will prompt me for vouchers with no problem. In fact, I can't remove the check from the checkbox for the voucher authentication, and I'm assuming (dangerous thing, I know) that's because it's not allowing username/password authentication.
I only installed Squid based on another user's experience, and am using it simply to get the Captive Portal to come up. Without it, I get nothing. And I've installed DansGuardian to try to keep the kids from some of the unsavory websites. Neither should cause any problem, I wouldn't think. They can be removed if needed. A lot of the DansGuardian functionality can be accomplished by the use of custom DNS blacklisting, it's just not as easy to maintain.
And I have verified that I've picked the correct interface, multiple times. I'm also wondering if it's a problem since this is the last of four interfaces on the device. I can reassign them if necessary, and put my secured wireless last, I just hadn't tried that since I already had everything else set up.
-
@WallabyBob: I tried adding the appropriate permissions for the user I added, and I also tried removing all permissions, neither made any difference at all. I've also marked the "Local User Manager/Vouchers" setting, figuring that it would use the default page. Everything I've read indicates that there is such a page. Am I to understand that the page now needs to be created, and that it no longer exists?
I've been using captive portal for well over a year now. My recollection when I first set it up was a Captive Portal login page had to be provided - see the Portal page contents entry near the bottom of the Services -> Captive Portal page. Maybe there is now a default page that can be overridden. Maybe there always was a default page but at the time it didn't provide for input of voucher codes.
Please go to the Portal page contents entry near the bottom of the Services -> Captive Portal page, click on View current page and post the output here.
-
The default page with user authentication enabled shows a username and password field. The default page with vouchers enabled shows vouchers. If you want both, you have to create a custom portal page (the HTML code for the form field is right there on the Services>CP page).
-
I haven't had the time to get back to grab a screenshot, so that's why you haven't seen one yet showing what my current config is. Sorry about that. As to cmb's statement about how it SHOULD be behaving, that's what I'd expect. I'll be down in my office for quite some time this evening, perhaps I can get the chance to grab a pic or two and post it so that you can take a look and see what's going on. I make no promises, though. I'm trying to get ready for an 8-hour trip out of town for a family wedding this weekend as well as trying to get 4 laptops ready for a weekend-long event next weekend, so I'm kind of stretched thin but we'll give it the ol' college try. Thanks again for all of the assistance!
–Mike -
Ok. I got my problems solved. I finally had a little time to work on it, and I JUST got it done tonight, after starting it about an hour and a half ago, so I wanted to post my findings here while my thoughts were fresh. It was a bit of a bear, mainly the understanding of what it was doing and why, but it's working. Now I'll go back and tighten up the restrictions between the interfaces as time allows.
Here's what I did to correct my issues, and what I finally figured out:
1. Went and re-read this forum post again several times, especially the second to last post before my last reply in which WallabyBob requested a screenshot of my Captive Portal page. I looked and looked for a button or some HTML text to click on that would show my current page, but there was none. So I proceeded to try to create my own using the form provided. I was unsuccessful in every effort except for causing pfSense to display the View Current Page text so I went to step 2.
2. I went back to Google (a tech's best friend, remember?) and searched again for setting up the pfSense Captive Portal. I found a couple of very helpful links. One of them was at nettechonline.net, from May 21, 2011, and was probably the most helpful of the two. I'm not going to link it here, since it also points to another package that I wouldn't recommend since it doesn't do as much as pfSense itself does. In a nutshell, it explains that the basic portal in pfSense 2.0 is set up in the Captive Portal page, and the Vouchers tab is always visible no matter what, while the users tab is no longer there at all. The docs I was using previously WERE old, and I had misunderstood cmb's mention that the tab's function had been moved. Maybe I was more tired the night that I read that and I just didn't get it, I don't know.
3. At any rate, after confirming what I'd been told (and densely not picked up on), I went back and found the post here that linked back to the original pfSense Captive Portal html files and downloaded them and installed them. That was easy part #1.
4. After doing that, I dropped back to the DHCP server setup for the interface on the wireless that serves the Captive Portal and verified that I had pointed the DNS server to the proper location…I hadn't. I fixed that as well (easy part #2) and tested it as working.
Thanks everyone for your assistance and tolerance of my cranial density! You'd think that after so many years with these things, I'd follow along better than that. Maybe this is an indicator that I need to actually get more sleep instead of burning the midnight oil so frequently.
--Mike
-
Thanks for the report. Glad you have it working.