How to Captive Portal Self Registration Using Free radius & Mysql (Tutorial)
-
Captive Portal Self Registration Using Free radius & Mysql Tested with 2.0.2-RELEASE (i386) built on Fri Dec 7 16:30:14 EST 2012 in vmware 8.
Caution : this procedure was perfect for me. Please use at your own risk & make backup.
You need few thing to do this
- php-mysql support in pfsense. Default is disabled. follow this post to do it
http://forum.pfsense.org/index.php/topic,47150.0.html
your command should be
and
tips: according to his (sash99) post some package dependencies should occur. But I did not found 1. what I did..
- in command added package with
- in command
/etc/rc.php_ini_setup
- installed freeradius2 package from system/package
- rebooted pfsense
- in command
touch /etc/php_dynamodules/php52-mysql
- rebooted pfsense.
Step 2
Config pfsense freeradius according to this doc
http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package
and for sql support
http://forum.pfsense.org/index.php/topic,43675.msg235475.html#msg235475
add extra table using reg_users.sql.txt file sql command or u can rename this to reg_users.sql and import via phpmyadminI hav added database file also.
step 3
now rename every file & remove “.txt” from file name ie
captiveportal-cp_reg_suc.php.txt to captiveportal-cp_reg_suc.php
captiveportal-bootstrap.min.css.txt to captiveportal-bootstrap.min.cssand so …
now edit
captiveportal-cp_reg_suc.php in line 104 insert your sql server ipaddress & password.Upload evry file in captive file manager except
cp_portal.php
cp_error.phpin captive portal main page
enable captive portal in Lan
check Disable concurrent logins
in Authentication section
check RADIUS Authentication
in ipaddress box –----------- 127.0.0.1
port box ----------- 1812
sharedsecret box -----------your shared secret
in Accounting check send RADIUS accounting packets
in port ----------- 1813
Accounting updates ----- check strat stop
In RADIUS NAS IP attribute select your lan.insert cp_portal.php in “Portal page contents”
cp_error.php in “Authentication error page contents”.
Save. And you are ready to go.Important
1. you should change php file content according to your need.2. be aware about adding php-mysql package you may not be lucky as i was. if anything goes wrong follow "sash99" post carefully.
3. in my captive portal page i have some security like a client with a mac address can only register one account.
please let me know your experiences.
captiveportal-bootstrap-responsive.min.css.txt
captiveportal-bootstrap.min.js.txt
captiveportal-bootstrap-responsive.min.css.txt
captiveportal-jquery.validate.js.txt
captiveportal-jquery.min.js.txt
-
php & sql file added
reg_users.sql.txt
raddd.sql.txt
cp_error.php.txt
cp_portal.php.txt
captiveportal-cp_terms.php.txt
captiveportal-cp_registration_form.php.txt
captiveportal-cp_reg_suc.php.txt
captiveportal-cp_contact.php.txt
-
I didn't test your tutorial or the one from the forum user you pointed some links to but I would ask if it would be ok to add this to the pfsense freeradius2 doc ? The pfsense documentation could be an centralized point where everyone can find information about freeradius2 package and information about things which go further.
I just would like to add a link to the documentation if you allow :-)
-
Sure. any kinds of help i can, for pfsense & its community.
-
Great!
I added this to my freeradius2 documentation:
http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#CaptivePortal_Self-Registration:FreeRADIUS.2B_MySQL
-
glad someone found my post useful - just a note this later post about how to get a fully functional webserver might be a bit easier for people to understand then my original post.. for setting up mysql and for phpmyadmin within your pfsense machine
-
Hello
I am wondering the reason no one has commented on his experience of using the solution provided by Khan, the forum needs to know user experiences so we can improve if there is any bug or errors or even difficulties, Please, if you have tested or tried this, share your experience, if you are scared to give it a try, also share your fear(s).Thank you
-
well I decided to give it a try to see how it would work. on a fresh install of amd64 machine i have the phpmyadmin and mysql installed o locally on pfsense freeradius2 and mysql are function as they should. just not getting the the captive portal self registration to work
several problems so far that I noticed
I try to register and it gives me this error
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/db/cpelements/captiveportal-cp_reg_suc.php on line 115
×
Registration Successfull. Please visit Login page to login
but you do not get access and no errors are displayed when logging in
also if I enter in on purpose the incorrect user name and password on it does not redirect me to the error page.
would you have a general idea what might be wrong ???
-
when I do radtest while connected to mysql all seams fine to that point
radtest test test123 127.0.0.1:1812 0 testing123
Sending Access-Request of id 129 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test123"
NAS-IP-Address = 192.168.1.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=129, length=20as you can see here
and these radtest entries are the only ones that can be found in the mysql data base
also
captiveportal-cp_reg_suc.php line was modified to$con = mysql_connect("127.0.0.1","radius","radpass");
to match my settings
-
several problems so far that I noticed
I try to register and it gives me this error
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/db/cpelements/captiveportal-cp_reg_suc.php on line 115
×this line in captiveportal-cp_reg_suc.php checks the mac address of the system trying to register if already in database.
What is your database table structure? in my database i have added an extra table named "reg_users". do u have that table in your database? if not please add that using sql file provided.anyway (if not resolved)
in line114 in captiveportal-cp_reg_suc.php
replace
$result = mysql_query("SELECT * FROM reg_users WHERE macaddress = '$macaddress'");
with
$result = mysql_query("SELECT * FROM reg_users WHERE macaddress = '$macaddress'")or die(mysql_error());
this will tell you the cause of error. please post the error.
-
good morning khan
well I see that I forgot to import your sql tables. which I did now. I no longer get the error mentioned above no errors mentioned at all actually. but I still do not get access either. I looked through my sql data base and I can not find my log in entries any where. does not seam to enter them into the data basetheses are the tables I have in my radius data base
cui
nas
radacct
radcheck
radgroupcheck
radgroupreply
radippool
radpostauth
radreply
radusergroup
reg_users
wimaxare all the table there that suppose to be..??? is there possibly another table I missed importing….
I thought I imported them all, some that that I importerd do not display as tables thoughthank you for your time
sash
-
well rebuilt pfsense amd64 firewall again , with full web host abilities and mysql. ( basically the same as doing it for i386 just change the i386 to amd86 ie:
to
but still no go with the self register. no entries added into the database. mysql server/client working with in pfsense fine as I can build websites with mysql database in them ( ie joolma etc ) plus phpmyadmin is working fine too on the pfsense machine..
it probably something simple I just do not know what going wrong and where..
where can I manual add a user into the data base and its format. atleast then I would be able to narrow down the problem, by verify that that login works via the database. I know that the page talks to the data base as it was popping up the error earlier due to the missing table (reg_users). now I want to see if it reads the database. then at least I will know that it only a write problem.
thank you for your time
sash
-
okay this has me stumped for now..
I reinstalled the computer as i386 pfsense instead of amd64
and what I have learned
for some strange reason the error page works on the I386 version and not the amd64 versionradtest seams to work fine it sends data to mysql so freeradius and mysql are working fine as it enter mysql data entries into it automatically
if I install the radius data base with out reg_user table the self registration captive portal page see that it missing table and fails on registration .so captive portal seems to be configure correctly as the self registration webpage has access to the radius database because of the table error
if If have the reg_user table imported. into radius database I no longer get an error.
But it does not write anything into reg_user table upon completion of registration ( so it tells me i have no write capability or some sort un seen mysql error happening that prevents it from writing)
if I manual enter in a user via insert in phpmyadmin into the reg_users . I also have have no access and the self registration web page flags that as an unknown user.. so it it can not read reg_user table for some reason either ..
it a funny problems and I know very little of mysql to be able debug it easily – well lets see if any one can successfully get this self registration page to work.. as at this point I can not , or at least on a single pfsense machine firewall/web serve/database machine anyways..
-
if I manual enter in a user via insert in phpmyadmin into the reg_users . I also have have no access and the self registration web page flags that as an unknown user.. so it it can not read reg_user table for some reason either ..
actually "reg_users" table is not necessary for captive portal this table is for monitoring user registration with extra field & cheks mac based security. free radius checks only "radcheck" for user & password. you can manually enter there.
But it does not write anything into reg_user table upon completion of registration ( so it tells me i have no write capability or some sort un seen mysql error happening that prevents it from writing)
from your configuration i think you dont have permition to write in mysql database. this can be caused if you dont have permission to write in that folder/disk. or your mysql user privilege is not enough.
can u please send me your mysql server details.
my system is running with 20 registered user & increasing every day.
-
I have tested your config in vmware 9 environment with 2.0.2-RELEASE (i386). what i did
1. installed pfsense.
2. installed mysql & vhost according to your post.
3. installed php52-mysql as i mentioned before.
4. installed free radius2.
5. config them all
6. uploaded all the captive portal file.but everything seems ok for me. i can register & data also available in database.
if u are interested i can upload the vmware image.
sorry to mention before….. i file (main css "bootrtrap.min.css") missing in my captiveportal file list, for which design was not perfect. added in this post.
can any moderator would be kind to attach this file in my main post please??
-
sure I will try your vmware image. hopefully it run in my vm machine ( I am not using Vmware but usually not to much problem with different Vmdisk images from other programs )
-
Sorry For my delayed reply. i have uploaded virtual image as open virtual format in Google drive. link
https://docs.google.com/file/d/0B7TKCwKoq_lNdDRmVERaT0ZaeU0/edit
first network adapter is WAN
2nd network adapter is LANwebgui:
username : admin
password: pfsensephpmyadmin:
192.168.26.1:8001/phpmyadmin/
username: root
password: pfsensebest of luck. don forget to update ur result. let me know if face any error.
-
I am on an VMWare exi5.1.0 server … fo some reason I cannot get either network interfaces in you vm to come up. It looks to be there but no traffic passes... any ideas??
-
I am on an VMWare exi5.1.0 server … fo some reason I cannot get either network interfaces in you vm to come up. It looks to be there but no traffic passes... any ideas??
what is your virtual network settings? i used wan bridged with my netbook wifi and lan as a host only network.l
-
I fixed it I think… the interface mappings got flipped somehow ... thanks for your reply It got me in the right direction !
-
Ok it IS working as advertised ;D
but I have one question (from a NON FreeBSD admin) What is the path for the portal php files does it just sit in /var/etc ??
-
Well I THOUGHT it was working …
User cannot log inerror message from the portal
Your Email & Password Doesnot Match. If you Dont Have Any please Register
If you think This is an Error Of This System Please Contact Us.
This is right after the user creates himself through registration.
Peeking at the database the information (including the password is there)BTW phpmyadmin is NOT installed as was indicated used webmin
If you attempt to re register it tells you that you already have a account under the username
message is : You are already registered. with <what ever="" the="" name="" user="" registered="" with="">Hellp :'(</what>
-
Well I THOUGHT it was working …
User cannot log inerror message from the portal
Your Email & Password Doesnot Match. If you Dont Have Any please Register
If you think This is an Error Of This System Please Contact Us.
This is right after the user creates himself through registration.
Peeking at the database the information (including the password is there)What is your log in system in portal auth log?
anyway i just test it to selfregistration didnt checked full functionality. please adjust the shared secret in free radius nas & captive portal page.BTW phpmyadmin is NOT installed as was indicated used webmin
of course i have installed phpmyadmin. after your comment i have dloaded from google drive and checked again.
If you attempt to re register it tells you that you already have a account under the username
message is : You are already registered. with<what ever="" the="" name="" user="" registered="" with=""></what>
i have designed this pages for a hotspot solution. so i add some mac based security, like a client with a mac can only register 1 account. if u want to create multiple account change ur mac address. or delete previous account from sqlserver via phpmyadmin
did Anybody got this tutorial helpful? bcos i have seen more then 10 download of my cp pages. only 2 of them replied.
-
HI khan..
tried your Vmware image. I can not get it work for me.. the virtualimage works and all but the root partion in not set at drive position 0 (ad0s1a) in pfsense but at the 3rd disk (ad3s1a). and your ovf is incompatible. i tried with a couple virtual machine always the same error non compliant ovf. even tried it in Vmplayer same difference…. and when I force it to boot ad0s1a ( with the mountroot> ufs:/dev/ad0s1a ) in other virtual machines. pfsense is all broken.. and/or vmware server just make it really incompatible with anything other then itself..I even open it up in live boot BSD (frenzy) and edited as much as could but it still refuses to work for me
perhaps if you like to to make a vm appliance with virtualbox or simular
-
perhaps if you like to to make a vm appliance with virtualbox or simular
ok i am creating a oracle virtual box image. need some time.
-
Thnx! I would like to test with a virtualbox image!
-
ไม่มีใช้กับ captive portal บ้างเหรอครับ ทำไมมีแต่ free radius
-
Sorry for delayed reply.
I have uploaded file for virtual machine created with oracle virtual box. Double checked. rar file with recovery record.
https://docs.google.com/file/d/0B7TKCwKoq_lNYjJ3cE53T013Y28/edit
first network adapter is WAN (192.168.0.0/23 subnet) change as your requirement.
2nd network adapter is LAN (192.168.100.0/24 subnet)Webgui:
Username: admin
Password: pfsensephpmyadmin:
Username: root
Password: pfsenseCaptiveportal
Mac based security is enable. so if u need multiple account from one mac please login to phpmyadmin change mac value in reg_user table first.
I am writing a step by step "how to ". but need some time.
anyway post your comment.
-
yes and be running
-
I'm testing with the virtualbox image but I get exactly the same message as Thenomand:
_Your Email & Password Doesnot Match. If you Dont Have Any please Register
If you think This is an Error Of This System Please Contact Us._
This is also right after the user creates himself through registration.
Peeking at the database the information (including the password is there)If you attempt to re register it tells you that you already have a account under the username
message is : You are already registered. with <what ever="" the="" name="" user="" registered="" with="">Anyone how to solve this?</what>
-
After replacing 127.0.0.1 for 192.168.100.1 @ radius settings by captive portal and nas /client en interface settings by FreeRadius it works!
Is there any solution that multiple users can register from one PC without changing the mac address in DirectAdmin?
-
I have tested your config in vmware 9 environment with 2.0.2-RELEASE (i386). what i did
1. installed pfsense.
2. installed mysql & vhost according to your post.
3. installed php52-mysql as i mentioned before.
4. installed free radius2.
5. config them all
6. uploaded all the captive portal file.but everything seems ok for me. i can register & data also available in database.
if u are interested i can upload the vmware image.
sorry to mention before….. i file (main css "bootrtrap.min.css") missing in my captiveportal file list, for which design was not perfect. added in this post.
can any moderator would be kind to attach this file in my main post please??
Hi! Please help us with the vmware image to test..Thanks Harsh
-
After replacing 127.0.0.1 for 192.168.100.1 @ radius settings by captive portal and nas /client en interface settings by FreeRadius it works!
Is there any solution that multiple users can register from one PC without changing the mac address in DirectAdmin?
sure edit captiveportal-cp_reg_suc.php remove mac chek code.
Hi! Please help us with the vmware image to test..Thanks Harsh
ok need some time.
-
Is there any solution that multiple users can register from one PC without changing the mac address in DirectAdmin?
sure edit captiveportal-cp_reg_suc.php remove mac chek code.
It would be better to change the mac-check to mail-check since this will help many users register from the same machine, but with one mail ID per single user. This will prevent multi-registrations from the same mail ID.
I have done this with pfSense 2.1 beta1 and it works well.
I am trying to get the hostname also collected through the registration page. But this does not work as expected.
Also, is it possible to ask users to register and send the login-password to them through the e-mail ID collected.
Khan, could you help please?
Thanks for your time.
-
please help
after step 1, is the packages are installed via the WebGUI? Which packages?
why when I execute step 2 /etc/rc.php_ini_setup with Shell Execute command, WebGUI in my browser not stop loading (does not produce anything)?thank's
-
I just get this working !! It can register users, there seems to be no problem with it.
@khan you were right about the writing privileges that you mentioned on the first page. After I gave every permission to 'radius' user vi phpMyAdmin everything worked like a charm :)
@afry it is bit tricky to install everything. Can you check this post i think it can help you :)
http://forum.pfsense.org/index.php/topic,62456.msg344907.html#msg344907
-
Thank you very much for your tutorial.
Got it working. Still missing some functionality but I guess I have to read the correct manuals.
a question for example:
How do you see who is online, and how to disable or throw them out?
-
I can´t figure out how to access phpmyadmin so i can proceed with step 2 "add for sql support"
probably a silly question but how can i
-
Hi EveryOne,
Thanks to Khan,
I'm very much new to pfSense.
But I've Experimented your VMImage.
The Following Feature I've Implemented in Captive Portal.
1. Self Registration By User, The User Id is user's Mobile No.
2. System Generates the Password & Send to Registered Mobile No as SMS.( I prefer to use Mobile No as User may not be able to access Email).I request to all for the guidance to implement following feature:
1. How the Validity of the Password can be Control.
2. System Logout Popup Window is not Open.
3. can Both Voucher & Radius Authentication Implemented at a time.
4. Is there any process to send user the Voucher No.
5. Is there any process to extend the validity of voucher/password.Thanks in advance.
Prakash
-
Hi! Khan
Thanks for your wonderful work which I was looking for a long time to add into my pfsense machine which I am using for providing Internet access to students in university. I ll really appreciate if you can help me with the working VMware image to enable me to test the same.
Regards