How to Captive Portal Self Registration Using Free radius & Mysql (Tutorial)

khan

Captive Portal Self Registration Using Free radius & Mysql Tested with 2.0.2-RELEASE (i386) built on Fri Dec 7 16:30:14 EST 2012 in vmware 8.

Caution : this procedure was perfect for me. Please use at your own risk & make backup.

You need few thing to do this

1. php-mysql support in pfsense. Default is disabled. follow this post to do it

http://forum.pfsense.org/index.php/topic,47150.0.html

your command should be

pkg_info -r http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/php52-mysql-5.2.13_3.tbz

and

pkg_add -rfi http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/php52-mysql-5.2.13_3.tbz

tips: according to his (sash99) post some package dependencies should occur. But I did not found 1. what I did..

1. in command added package with

pkg_add -rfi http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/php52-mysql-5.2.13_3.tbz

2. in command

/etc/rc.php_ini_setup

3. installed freeradius2 package from system/package
4. rebooted pfsense
5. in command

touch /etc/php_dynamodules/php52-mysql

6. rebooted pfsense.

Step 2
Config pfsense freeradius according to this doc
http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package
and for sql  support
http://forum.pfsense.org/index.php/topic,43675.msg235475.html#msg235475
add extra table using reg_users.sql.txt file sql command or u can rename this to reg_users.sql and import via phpmyadmin

I hav added database file  also.

step 3

now rename every file & remove “.txt” from file name ie

captiveportal-cp_reg_suc.php.txt to captiveportal-cp_reg_suc.php
captiveportal-bootstrap.min.css.txt to captiveportal-bootstrap.min.css

and so …

now edit
captiveportal-cp_reg_suc.php in line 104 insert your sql server ipaddress & password.

Upload evry file in captive file manager except
cp_portal.php
cp_error.php

in captive portal main page
enable captive portal in Lan
check Disable concurrent logins
in Authentication section
check RADIUS Authentication
in ipaddress box –----------- 127.0.0.1
port box ----------- 1812
sharedsecret box -----------your shared secret
in Accounting check send RADIUS accounting packets
in port ----------- 1813
Accounting updates ----- check strat stop
In RADIUS NAS IP attribute select your lan.

insert cp_portal.php in “Portal page contents”
cp_error.php in “Authentication error page contents”.
Save. And you are ready to go.

Important
1. you should change php file content according to your need.

2. be aware about adding php-mysql package you may not be lucky as i was. if anything goes wrong follow "sash99" post carefully.

3. in my captive portal page i have some security like a client with a mac address can only register one account.

please let me know your experiences.
captiveportal-bootstrap-responsive.min.css.txt
captiveportal-bootstrap.min.js.txt
captiveportal-bootstrap-responsive.min.css.txt
captiveportal-jquery.validate.js.txt
captiveportal-jquery.min.js.txt

khan

php & sql file added

reg_users.sql.txt
raddd.sql.txt
cp_error.php.txt
cp_portal.php.txt
captiveportal-cp_terms.php.txt
captiveportal-cp_registration_form.php.txt
captiveportal-cp_reg_suc.php.txt
captiveportal-cp_contact.php.txt

Nachtfalke

@khan

I didn't test your tutorial or the one from the forum user you pointed some links to but I would ask if it would be ok to add this to the pfsense freeradius2 doc ? The pfsense documentation could be an centralized point where everyone can find information about freeradius2 package and information about things which go further.

I just would like to add a link to the documentation if you allow :-)

khan

@Nachtfalke

Sure. any kinds of help i can,  for pfsense & its community.

Nachtfalke

Great!

I added this to my freeradius2 documentation:
http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#CaptivePortal_Self-Registration:FreeRADIUS.2B_MySQL

sash99

glad someone found my post useful - just a note this later post about  how to get a fully functional webserver might be a bit easier for people to understand then my original post..  for setting up mysql and for phpmyadmin within your pfsense  machine

http://forum.pfsense.org/index.php/topic,47086.0.html

jemsenator

Hello
I am wondering the reason no one has commented on his experience of using the solution provided by Khan, the forum needs to know user experiences so we can improve if there is any bug or errors or even difficulties, Please, if you have tested or tried this, share your experience, if you are scared to give it a try, also share your fear(s).

Thank you

sash99

well I decided to give it a try to see how it would work. on a fresh install of amd64 machine  i have the  phpmyadmin and mysql installed o locally on pfsense  freeradius2 and mysql are function as they should. just not  getting the the captive portal  self registration to work

several problems so far that I noticed

I try to register and it gives me this error

---

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/db/cpelements/captiveportal-cp_reg_suc.php on line 115
×
Registration Successfull. Please visit Login page to login

---

but you do not get access and no errors are displayed when logging in

also if I enter in on purpose the incorrect user name and password on  it does not  redirect me to the error page.

would you have a general idea what might be wrong ???

sash99

when I do radtest while connected to mysql all seams fine to that point

radtest test test123 127.0.0.1:1812 0 testing123
Sending Access-Request of id 129 to 127.0.0.1 port 1812
       User-Name = "test"
       User-Password = "test123"
       NAS-IP-Address = 192.168.1.1
       NAS-Port = 0
       Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=129, length=20

as you can see here

and these radtest entries are the only ones that can be found in the mysql data base

also
captiveportal-cp_reg_suc.php  line was modified to

$con = mysql_connect("127.0.0.1","radius","radpass");

to match  my settings

khan

@sash99:

several problems so far that I noticed

I try to register and it gives me this error

---

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/db/cpelements/captiveportal-cp_reg_suc.php on line 115
×

this line in captiveportal-cp_reg_suc.php checks the mac address  of the system trying to register if already in database.
What is your database table structure? in my database i have added an extra table named "reg_users". do u have that table in your database? if not please add that using sql file provided.

anyway (if not resolved)

in line114 in captiveportal-cp_reg_suc.php

replace

$result = mysql_query("SELECT * FROM reg_users WHERE macaddress = '$macaddress'");

with

$result = mysql_query("SELECT * FROM reg_users WHERE macaddress = '$macaddress'")or die(mysql_error());

this will tell you the cause of error. please post the error.

sash99

good morning khan
well I see that I forgot to import your sql tables.  which I did now. I no longer get the error mentioned above no errors mentioned at all actually. but I still do not get access either. I looked through my sql data base  and I can not find  my log in entries any where. does not seam to enter them into the data base

theses are the tables I have in my radius data base
cui
nas
radacct
radcheck
radgroupcheck
radgroupreply
radippool
radpostauth
radreply
radusergroup
reg_users
wimax

are all the table there that suppose to be..??? is there possibly another table I missed importing….
I thought I imported them all, some that that I importerd do not display as tables though

thank you for your time
sash

sash99

well rebuilt pfsense amd64 firewall again , with full web host abilities and mysql. ( basically the same as doing it for i386 just change the i386 to amd86 ie:

pkg_info -r http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/php52-mysql-5.2.13_3.tbz

to

pkg_info -r http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/amd64/8.1-RELEASE/packages/All/php52-mysql-5.2.13_3.tbz

but still no go with the self register. no entries added into the  database.  mysql server/client working  with in pfsense fine as I can build websites with mysql database in them ( ie joolma etc ) plus phpmyadmin is working fine too on the pfsense machine..

it probably something simple I just do not know what going wrong and where..

where can I manual add a user into the data base and its format.  atleast then I would be able to narrow down the problem, by verify that that login works via the database. I know that the page talks to the data base as it was popping up the error earlier due to the missing table (reg_users). now I want to see if it reads the database. then at least I will know that it only a write problem.

thank you for your time
sash

sash99

okay this has me stumped for now..
I reinstalled  the computer as i386 pfsense instead of amd64
and what I have learned
for some strange reason the error page works on the I386  version and not the amd64 version

radtest  seams to work  fine it sends data to mysql so  freeradius and mysql are working fine as it enter mysql data entries into it automatically

if I install the radius data base with out  reg_user table  the self registration  captive portal page see that it missing table  and fails on  registration .so    captive portal seems to be configure correctly as the  self registration webpage has access to the radius database because  of the table error

if If have the reg_user  table imported.  into radius database  I no longer  get an error.

But it does not write anything into reg_user table upon completion of registration  ( so it tells me i have  no write capability or  some sort un seen  mysql error happening  that prevents it from writing)

if I manual enter in a  user via insert in phpmyadmin into the  reg_users . I also have  have no access and the  self registration  web page  flags that as an unknown user.. so it  it can not read reg_user table for some reason either ..

it a funny problems and I know very little of mysql to be able debug it easily  – well lets see if any one can successfully get  this self registration page to work.. as at this point I can not  , or at least on a single  pfsense machine  firewall/web serve/database machine anyways..

khan

if I manual enter in a  user via insert in phpmyadmin into the  reg_users . I also have  have no access and the  self registration  web page  flags that as an unknown user.. so it  it can not read reg_user table for some reason either ..

actually "reg_users" table is not necessary for captive portal this table is for monitoring user registration with extra field & cheks mac based security. free radius checks only "radcheck" for user & password. you can manually enter there.

But it does not write anything into reg_user table upon completion of registration  ( so it tells me i have  no write capability or  some sort un seen  mysql error happening  that prevents it from writing)

from your configuration i think you dont have permition to write in mysql database. this can be caused if  you dont have permission to write in that folder/disk. or your mysql user privilege is not enough.

can u please send me your mysql server details.

my system is running with 20 registered user & increasing every day.

khan

@sash99

I have tested your config in vmware 9 environment with 2.0.2-RELEASE (i386). what i did
1. installed pfsense.
2. installed mysql & vhost according to your post.
3. installed php52-mysql as i mentioned before.
4. installed free radius2.
5. config them all
6. uploaded all the captive portal file.

but everything seems ok for me. i can register & data also available in database.

if u are interested i can upload the vmware image.

sorry to mention before….. i file (main css "bootrtrap.min.css") missing in my captiveportal file list, for which design was not perfect. added in this post.

can any moderator would be kind to attach this file in my main post please??

captiveportal-bootstrap.min.css.txt

sash99

sure I will try your vmware image. hopefully it run in my vm machine  ( I am not using Vmware but usually not to much  problem with different  Vmdisk images from other  programs )

khan

Sorry For my delayed reply. i have uploaded virtual image as open virtual format in Google drive. link

https://docs.google.com/file/d/0B7TKCwKoq_lNdDRmVERaT0ZaeU0/edit

first network adapter is WAN
2nd network adapter is LAN

webgui:

https://192.168.26.1:1337/index.php

username : admin
password: pfsense

phpmyadmin:

192.168.26.1:8001/phpmyadmin/

username: root
password: pfsense

best of luck. don forget to update ur result. let me know if face any error.

thenomad

I am on an VMWare exi5.1.0 server … fo some reason I cannot get either network interfaces in you vm to come up.  It looks to be there but no traffic passes... any ideas??

khan

@thenomad:

I am on an VMWare exi5.1.0 server … fo some reason I cannot get either network interfaces in you vm to come up.  It looks to be there but no traffic passes... any ideas??

what is your virtual network settings? i used wan bridged with my netbook wifi and lan as a host only network.l

thenomad

I fixed it I think… the interface mappings got flipped somehow ... thanks for your reply It got me in the right direction !

thenomad

Ok it IS working as advertised ;D

but I have one question (from a NON FreeBSD admin) What is the path for the portal php files  does it just sit in /var/etc ??

thenomad

Well I THOUGHT it was working …
User cannot log in

error message from the portal

Your Email & Password Doesnot Match. If you Dont Have Any please Register

If you think This is an Error Of This System Please Contact Us.

This is right after the user creates himself through registration.
Peeking at the database the information (including the password is there)

BTW phpmyadmin is NOT installed as was indicated used webmin

If you attempt to re register it tells you that you already have a account under the username

message is : You are already registered. with <what ever="" the="" name="" user="" registered="" with="">Hellp  :'(</what>

khan

@thenomad:

Well I THOUGHT it was working …
User cannot log in

error message from the portal

Your Email & Password Doesnot Match. If you Dont Have Any please Register

If you think This is an Error Of This System Please Contact Us.

This is right after the user creates himself through registration.
Peeking at the database the information (including the password is there)

What is your log in system in portal auth log?
anyway i just test it to selfregistration didnt checked full functionality. please adjust the shared secret in free radius nas & captive portal page.

BTW phpmyadmin is NOT installed as was indicated used webmin

of course i have installed phpmyadmin. after your comment i have dloaded from google drive and checked again.

If you attempt to re register it tells you that you already have a account under the username

message is : You are already registered. with<what ever="" the="" name="" user="" registered="" with=""></what>

i have designed this pages for a hotspot solution. so i add some mac based security, like a client with a mac can only register 1 account. if u want to create multiple account change ur mac address. or delete previous account from sqlserver via phpmyadmin

did Anybody got this tutorial helpful? bcos i have seen more then 10 download of my cp pages. only 2 of them replied.

sash99

HI khan..
tried your Vmware image. I can not get it work for me.. the virtualimage works and all but the  root partion in  not set at drive position 0  (ad0s1a) in pfsense    but at the 3rd disk  (ad3s1a).  and your ovf is incompatible.  i tried with a couple virtual machine always the same error  non compliant ovf.  even tried it in Vmplayer same difference….  and when I force it to boot ad0s1a  ( with the mountroot> ufs:/dev/ad0s1a )  in other virtual machines.  pfsense is all broken.. and/or vmware  server just  make it really incompatible with anything other then itself..

I even open it up in live boot BSD (frenzy) and edited as much as could but it still refuses to work for me

perhaps if you like to to make a vm appliance with virtualbox or simular

khan

@sash99:

perhaps if you like to to make a vm appliance with virtualbox or simular

ok i am creating a oracle virtual box image. need some time.

whoei

Thnx! I would like to test with a virtualbox image!

novicenaja

ไม่มีใช้กับ captive portal บ้างเหรอครับ ทำไมมีแต่ free radius

khan

Sorry for delayed reply.

I have uploaded file for virtual machine created with oracle virtual box. Double checked. rar file with recovery record.

https://docs.google.com/file/d/0B7TKCwKoq_lNYjJ3cE53T013Y28/edit

first network adapter is WAN (192.168.0.0/23 subnet) change as your requirement.
2nd network adapter is LAN (192.168.100.0/24 subnet)

Webgui:

http://192.168.100.1:1337

Username: admin
Password: pfsense

phpmyadmin:

http://192.168.100.1:8001/phpmyadmin/

Username: root
Password: pfsense

Captiveportal

http://192.168.100.1:8000

Mac based security is enable. so if u need multiple account from one mac please login to phpmyadmin change mac value in reg_user table first.

I am writing a step by step "how to ". but need some time.
anyway post your comment.

neewbie

yes and be running

whoei

I'm testing with the virtualbox image but I get exactly the same message as Thenomand:

_Your Email & Password Doesnot Match. If you Dont Have Any please Register

If you think This is an Error Of This System Please Contact Us._

This is also right after the user creates himself through registration.
Peeking at the database the information (including the password is there)

If you attempt to re register it tells you that you already have a account under the username

message is : You are already registered. with <what ever="" the="" name="" user="" registered="" with="">Anyone how to solve this?</what>

whoei

After replacing 127.0.0.1 for 192.168.100.1 @ radius settings by captive portal and nas /client en interface settings by FreeRadius it works!

Is there any solution that multiple users can register from one PC without changing the mac address in DirectAdmin?

harshkukreja

@khan:

@sash99

I have tested your config in vmware 9 environment with 2.0.2-RELEASE (i386). what i did
1. installed pfsense.
2. installed mysql & vhost according to your post.
3. installed php52-mysql as i mentioned before.
4. installed free radius2.
5. config them all
6. uploaded all the captive portal file.

but everything seems ok for me. i can register & data also available in database.

if u are interested i can upload the vmware image.

sorry to mention before….. i file (main css "bootrtrap.min.css") missing in my captiveportal file list, for which design was not perfect. added in this post.

can any moderator would be kind to attach this file in my main post please??

Hi! Please help us with the vmware image to test..Thanks Harsh

khan

@whoei:

After replacing 127.0.0.1 for 192.168.100.1 @ radius settings by captive portal and nas /client en interface settings by FreeRadius it works!

Is there any solution that multiple users can register from one PC without changing the mac address in DirectAdmin?

sure edit captiveportal-cp_reg_suc.php remove mac chek code.

Hi! Please help us with the vmware image to test..Thanks Harsh

ok need some time.

kmnair

@khan:

@whoei:

Is there any solution that multiple users can register from one PC without changing the mac address in DirectAdmin?

sure edit captiveportal-cp_reg_suc.php remove mac chek code.

It would be better to change the mac-check to mail-check since this will help many users register from the same machine, but with one mail ID per single user. This will prevent multi-registrations from the same mail ID.

I have done this with pfSense 2.1 beta1 and it works well.

I am trying to get the hostname also collected through the registration page.  But this does not work as expected.

Also, is it possible to ask users to register and send the login-password to them through the e-mail ID collected.

Khan, could you help please?

Thanks for your time.

afry

please help

after step 1, is the packages are installed via the WebGUI? Which packages?
why when I execute step 2  /etc/rc.php_ini_setup with Shell Execute command, WebGUI in my browser not stop loading (does not produce anything)?

thank's

eowyn36

I just get this working !! It can register users, there seems to be no problem with it.

@khan you were right about the writing privileges that you mentioned on the first page. After I gave every permission to 'radius' user vi phpMyAdmin everything worked like a charm :)

@afry it is bit tricky to install everything. Can you check this post i think it can help you :)
http://forum.pfsense.org/index.php/topic,62456.msg344907.html#msg344907

michel2013

Thank you very much for your tutorial.

Got it working. Still missing some functionality but I guess I have to read the correct manuals.

a question for example:
How do you see who is online, and how to disable or throw them out?

almomdegal

I can´t figure out how to access phpmyadmin so i can proceed with step 2 "add for sql support"
probably a silly question but how can i

Prakash

Hi EveryOne,
Thanks to Khan,
I'm very much new to pfSense.
But I've Experimented your VMImage.
The Following Feature I've Implemented in Captive Portal.
1. Self Registration By User, The User Id is user's Mobile No.
2. System Generates the Password & Send to Registered Mobile No as SMS.( I prefer to use Mobile No as User may not be able to access Email).

I request to all for the guidance to implement following feature:
1. How the Validity of the Password can be Control.
2. System Logout Popup Window is not Open.
3. can Both Voucher & Radius Authentication Implemented at a time.
4. Is there any process to send user the Voucher No.
5. Is there any process to extend the validity of voucher/password.

Thanks in advance.
Prakash

harshkukreja

Hi! Khan

Thanks for your wonderful work which I was looking for a long time to add into my pfsense machine which I am using for providing Internet access to students in university. I ll really appreciate if you can help me with the working VMware image to enable me to test the same.

Regards

Harsh
harshkukreja2008@gmail.com