Captive portal voucher auth. not working (vouchers not recognized)

morphmkd

Hi,
I have an installation of pfSense 2.0.1 and I'm having trouble getting it to authenticate users with vouchers.
Every code I enter is not recognized.

Radius authentication and authentication with local users work fine with this version (they can be successfully authenticated).

Is there some bug in this version regarding vouchers  or am I doing something wrong.

eri--

You have to give more:

• details about your configuration
• system logs
• CP logs

to be able to give a suggestion.

morphmkd

Hi Ermal,

My configuration is as simple as possible. (My installation is fresh - made today especially for testing this).
I have two interfaces (LAN and WAN).
On the LAN interface I want to enable Captive portal and authenticate using vouchers.

If I just enable captive portal I'm presented with a login screen and if I enter username/password form the local database I'm authenticated and everything works.

I then enable vouchers. I leave everything on default. I go and create a voucher role (again leaving all the options on default).
I then press on the blue icon to generate the vouchers and then download them.

I restart the captive portal and am now presented with an option to only enter a voucher (no username/password).
I enter the vouchers that I have generated and downloaded and am presented with the error: Voucher invalid.

In the portal logs I see this:
Sep 17 16:39:55 logportalauth[25156]: Voucher: All 10 vouchers from Roll 0001 marked unused
Sep 17 16:40:52 logportalauth[25156]: Restarting captive portal.
Sep 17 16:41:38 logportalauth[21605]: XKEQeeDBxPS (1/1): not found on any registererd Roll
Sep 17 16:41:38 logportalauth[21605]: FAILURE: XKEQeeDBxPS, 00:04:23:31:fa:74, 10.32.32.32
Sep 17 16:48:23 logportalauth[21605]: XKEQeeDBxPS (1/1): not found on any registererd Roll
Sep 17 16:48:23 logportalauth[21605]: FAILURE: XKEQeeDBxPS, 00:04:23:31:fa:74, 10.32.32.32

This is from the system logs (not sure if relevant):
Sep 17 16:39:53 apinger: Error while feeding rrdtool: Broken pipe
Sep 17 16:39:56 check_reload_status: Syncing firewall
Sep 17 16:40:13 check_reload_status: Syncing firewall
Sep 17 16:40:46 check_reload_status: Syncing firewall
Sep 17 16:40:46 kernel: IP firewall unloaded
Sep 17 16:40:46 check_reload_status: Reloading filter
Sep 17 16:40:52 check_reload_status: Syncing firewall
Sep 17 16:40:53 kernel: ipfw2 (+ipv6) initialized, divert loadable, nat loadable, rule-based forwarding enabled, default to accept, logging disabled
Sep 17 16:40:53 check_reload_status: Reloading filter
Sep 17 16:40:53 apinger: /usr/local/bin/rrdtool respawning too fast, waiting 300s.
Sep 17 16:41:38 check_reload_status: Synching vouchers
Sep 17 16:41:43 check_reload_status: Syncing firewall
Sep 17 16:48:23 check_reload_status: Synching vouchers
Sep 17 16:48:28 check_reload_status: Syncing firewall

Regards.

morphmkd

This is how the voucher file looks like:

Voucher Tickets 1..10 for Roll 1

Nr of Roll Bits     16

Nr of Ticket Bits   10

Nr of Checksum Bits 5

magic initializer   1681818054 (32 Bits used)

Character Set used  2345678abcdefhijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ

XKEQeeDBxPS
Qzba7kSAGXx
AZk6MqzWCys
ShkBGvEAuFE
QK8LjncXk6z
jzHGLF75G5M
7QiQSsSBZSd
QCX3FbyLA8a
iDnShFafys23
bqA4f8w2r5B

If I go and test a voucher (Status/Captive portal/Test vouchers) i get this:

XKEQeeDBxPS (1/1): not found on any registererd Roll
Access granted for 0 Minutes in total.

eri--

Can you post your config.xml section or all of it if this is a test system?
Also what is making your CP restart? On the logs there seem save is being hit often!

morphmkd

@ermal:

Can you post your config.xml section or all of it if this is a test system?
Also what is making your CP restart? On the logs there seem save is being hit often!

The config.xml file is attached. I had to rename it to config.txt since .xml files are not allowed to be uploaded by the forum.

Regarding the CP restart. I was enabling and disabling it. After I create the vouchers when I try to go through the CP I'm still only presented with an option to enter username/password. After I disable and enable CP the option to enter voucher code appears (and the option to authenticate using username/password) disappears.

config.txt

morphmkd

Hi Ermal,

did you have a look at the config file?
Do you have an idea what might the problem be?

Regards.