Captive portal voucher auth. not working (vouchers not recognized)



  • Hi,
    I have an installation of pfSense 2.0.1 and I'm having trouble getting it to authenticate users with vouchers.
    Every code I enter is not recognized.

    Radius authentication and authentication with local users work fine with this version (they can be successfully authenticated).

    Is there some bug in this version regarding vouchers  or am I doing something wrong.



  • You have to give more:

    • details about your configuration
    • system logs
    • CP logs

    to be able to give a suggestion.



  • Hi Ermal,

    My configuration is as simple as possible. (My installation is fresh - made today especially for testing this).
    I have two interfaces (LAN and WAN).
    On the LAN interface I want to enable Captive portal and authenticate using vouchers.

    If I just enable captive portal I'm presented with a login screen and if I enter username/password form the local database I'm authenticated and everything works.

    I then enable vouchers. I leave everything on default. I go and create a voucher role (again leaving all the options on default).
    I then press on the blue icon to generate the vouchers and then download them.

    I restart the captive portal and am now presented with an option to only enter a voucher (no username/password).
    I enter the vouchers that I have generated and downloaded and am presented with the error: Voucher invalid.

    In the portal logs I see this:
    Sep 17 16:39:55 logportalauth[25156]: Voucher: All 10 vouchers from Roll 0001 marked unused
    Sep 17 16:40:52 logportalauth[25156]: Restarting captive portal.
    Sep 17 16:41:38 logportalauth[21605]: XKEQeeDBxPS (1/1): not found on any registererd Roll
    Sep 17 16:41:38 logportalauth[21605]: FAILURE: XKEQeeDBxPS, 00:04:23:31:fa:74, 10.32.32.32
    Sep 17 16:48:23 logportalauth[21605]: XKEQeeDBxPS (1/1): not found on any registererd Roll
    Sep 17 16:48:23 logportalauth[21605]: FAILURE: XKEQeeDBxPS, 00:04:23:31:fa:74, 10.32.32.32

    This is from the system logs (not sure if relevant):
    Sep 17 16:39:53 apinger: Error while feeding rrdtool: Broken pipe
    Sep 17 16:39:56 check_reload_status: Syncing firewall
    Sep 17 16:40:13 check_reload_status: Syncing firewall
    Sep 17 16:40:46 check_reload_status: Syncing firewall
    Sep 17 16:40:46 kernel: IP firewall unloaded
    Sep 17 16:40:46 check_reload_status: Reloading filter
    Sep 17 16:40:52 check_reload_status: Syncing firewall
    Sep 17 16:40:53 kernel: ipfw2 (+ipv6) initialized, divert loadable, nat loadable, rule-based forwarding enabled, default to accept, logging disabled
    Sep 17 16:40:53 check_reload_status: Reloading filter
    Sep 17 16:40:53 apinger: /usr/local/bin/rrdtool respawning too fast, waiting 300s.
    Sep 17 16:41:38 check_reload_status: Synching vouchers
    Sep 17 16:41:43 check_reload_status: Syncing firewall
    Sep 17 16:48:23 check_reload_status: Synching vouchers
    Sep 17 16:48:28 check_reload_status: Syncing firewall

    Regards.



  • This is how the voucher file looks like:

    Voucher Tickets 1..10 for Roll 1

    Nr of Roll Bits     16

    Nr of Ticket Bits   10

    Nr of Checksum Bits 5

    magic initializer   1681818054 (32 Bits used)

    Character Set used  2345678abcdefhijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ

    XKEQeeDBxPS
    Qzba7kSAGXx
    AZk6MqzWCys
    ShkBGvEAuFE
    QK8LjncXk6z
    jzHGLF75G5M
    7QiQSsSBZSd
    QCX3FbyLA8a
    iDnShFafys23
    bqA4f8w2r5B

    If I go and test a voucher (Status/Captive portal/Test vouchers) i get this:

    XKEQeeDBxPS (1/1): not found on any registererd Roll
    Access granted for 0 Minutes in total.



  • Can you post your config.xml section or all of it if this is a test system?
    Also what is making your CP restart? On the logs there seem save is being hit often!



  • @ermal:

    Can you post your config.xml section or all of it if this is a test system?
    Also what is making your CP restart? On the logs there seem save is being hit often!

    The config.xml file is attached. I had to rename it to config.txt since .xml files are not allowed to be uploaded by the forum.

    Regarding the CP restart. I was enabling and disabling it. After I create the vouchers when I try to go through the CP I'm still only presented with an option to enter username/password. After I disable and enable CP the option to enter voucher code appears (and the option to authenticate using username/password) disappears.

    config.txt



  • Hi Ermal,

    did you have a look at the config file?
    Do you have an idea what might the problem be?

    Regards.


Locked