How to Captive Portal Self Registration Using Free radius & Mysql (Tutorial)



  • Captive Portal Self Registration Using Free radius & Mysql Tested with 2.0.2-RELEASE (i386) built on Fri Dec 7 16:30:14 EST 2012 in vmware 8.

    Caution : this procedure was perfect for me. Please use at your own risk & make backup.

    You need few thing to do this

    1. php-mysql support in pfsense. Default is disabled. follow this post to do it

    http://forum.pfsense.org/index.php/topic,47150.0.html

    your command should be

    pkg_info -r http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/php52-mysql-5.2.13_3.tbz

    and

    pkg_add -rfi http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/php52-mysql-5.2.13_3.tbz

    tips: according to his (sash99) post some package dependencies should occur. But I did not found 1. what I did..

    1. in command added package with

    pkg_add -rfi http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/php52-mysql-5.2.13_3.tbz

    1. in command

    /etc/rc.php_ini_setup

    1. installed freeradius2 package from system/package
    2. rebooted pfsense
    3. in command

    touch /etc/php_dynamodules/php52-mysql

    1. rebooted pfsense.

    Step 2
    Config pfsense freeradius according to this doc
    http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package
    and for sql  support
    http://forum.pfsense.org/index.php/topic,43675.msg235475.html#msg235475
    add extra table using reg_users.sql.txt file sql command or u can rename this to reg_users.sql and import via phpmyadmin

    I hav added database file  also.

    step 3

    now rename every file & remove “.txt” from file name ie

    captiveportal-cp_reg_suc.php.txt to captiveportal-cp_reg_suc.php
    captiveportal-bootstrap.min.css.txt to captiveportal-bootstrap.min.css

    and so …

    now edit
    captiveportal-cp_reg_suc.php in line 104 insert your sql server ipaddress & password.

    Upload evry file in captive file manager except
    cp_portal.php
    cp_error.php

    in captive portal main page
    enable captive portal in Lan
    check Disable concurrent logins
    in Authentication section
    check RADIUS Authentication
    in ipaddress box –----------- 127.0.0.1
    port box ----------- 1812
    sharedsecret box -----------your shared secret
    in Accounting check send RADIUS accounting packets
    in port ----------- 1813
    Accounting updates ----- check strat stop
    In RADIUS NAS IP attribute select your lan.

    insert cp_portal.php in “Portal page contents”
    cp_error.php in “Authentication error page contents”.
    Save. And you are ready to go.

    Important
    1. you should change php file content according to your need.

    2. be aware about adding php-mysql package you may not be lucky as i was. if anything goes wrong follow "sash99" post carefully.

    3. in my captive portal page i have some security like a client with a mac address can only register one account.

    please let me know your experiences.
    captiveportal-bootstrap-responsive.min.css.txt
    captiveportal-bootstrap.min.js.txt
    captiveportal-bootstrap-responsive.min.css.txt
    captiveportal-jquery.validate.js.txt
    captiveportal-jquery.min.js.txt





  • @khan

    I didn't test your tutorial or the one from the forum user you pointed some links to but I would ask if it would be ok to add this to the pfsense freeradius2 doc ? The pfsense documentation could be an centralized point where everyone can find information about freeradius2 package and information about things which go further.

    I just would like to add a link to the documentation if you allow :-)



  • @Nachtfalke

    Sure. any kinds of help i can,  for pfsense & its community.





  • glad someone found my post useful - just a note this later post about  how to get a fully functional webserver might be a bit easier for people to understand then my original post..  for setting up mysql and for phpmyadmin within your pfsense  machine

    http://forum.pfsense.org/index.php/topic,47086.0.html



  • Hello
    I am wondering the reason no one has commented on his experience of using the solution provided by Khan, the forum needs to know user experiences so we can improve if there is any bug or errors or even difficulties, Please, if you have tested or tried this, share your experience, if you are scared to give it a try, also share your fear(s).

    Thank you



  • well I decided to give it a try to see how it would work. on a fresh install of amd64 machine  i have the  phpmyadmin and mysql installed o locally on pfsense  freeradius2 and mysql are function as they should. just not  getting the the captive portal  self registration to work

    several problems so far that I noticed

    I try to register and it gives me this error


    Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/db/cpelements/captiveportal-cp_reg_suc.php on line 115
    ×
    Registration Successfull. Please visit Login page to login


    but you do not get access and no errors are displayed when logging in

    also if I enter in on purpose the incorrect user name and password on  it does not  redirect me to the error page.

    would you have a general idea what might be wrong ???



  • when I do radtest while connected to mysql all seams fine to that point

    radtest test test123 127.0.0.1:1812 0 testing123
    Sending Access-Request of id 129 to 127.0.0.1 port 1812
           User-Name = "test"
           User-Password = "test123"
           NAS-IP-Address = 192.168.1.1
           NAS-Port = 0
           Message-Authenticator = 0x00000000000000000000000000000000
    rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=129, length=20

    as you can see here

    and these radtest entries are the only ones that can be found in the mysql data base

    also
    captiveportal-cp_reg_suc.php  line was modified to

    $con = mysql_connect("127.0.0.1","radius","radpass");

    to match  my settings



  • @sash99:

    several problems so far that I noticed

    I try to register and it gives me this error


    Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/db/cpelements/captiveportal-cp_reg_suc.php on line 115
    ×

    this line in captiveportal-cp_reg_suc.php checks the mac address  of the system trying to register if already in database.
    What is your database table structure? in my database i have added an extra table named "reg_users". do u have that table in your database? if not please add that using sql file provided.

    anyway (if not resolved)

    in line114 in captiveportal-cp_reg_suc.php

    replace

    $result = mysql_query("SELECT * FROM reg_users WHERE macaddress = '$macaddress'");

    with

    $result = mysql_query("SELECT * FROM reg_users WHERE macaddress = '$macaddress'")or die(mysql_error());

    this will tell you the cause of error. please post the error.



  • good morning khan
    well I see that I forgot to import your sql tables.  which I did now. I no longer get the error mentioned above no errors mentioned at all actually. but I still do not get access either. I looked through my sql data base  and I can not find  my log in entries any where. does not seam to enter them into the data base

    theses are the tables I have in my radius data base
    cui
    nas
    radacct
    radcheck
    radgroupcheck
    radgroupreply
    radippool
    radpostauth
    radreply
    radusergroup
    reg_users
    wimax

    are all the table there that suppose to be..??? is there possibly another table I missed importing….
    I thought I imported them all, some that that I importerd do not display as tables though

    thank you for your time
    sash



  • well rebuilt pfsense amd64 firewall again , with full web host abilities and mysql. ( basically the same as doing it for i386 just change the i386 to amd86 ie:

    pkg_info -r http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/php52-mysql-5.2.13_3.tbz

    to

    pkg_info -r http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/amd64/8.1-RELEASE/packages/All/php52-mysql-5.2.13_3.tbz

    but still no go with the self register. no entries added into the  database.  mysql server/client working  with in pfsense fine as I can build websites with mysql database in them ( ie joolma etc ) plus phpmyadmin is working fine too on the pfsense machine..

    it probably something simple I just do not know what going wrong and where..

    where can I manual add a user into the data base and its format.  atleast then I would be able to narrow down the problem, by verify that that login works via the database. I know that the page talks to the data base as it was popping up the error earlier due to the missing table (reg_users). now I want to see if it reads the database. then at least I will know that it only a write problem.

    thank you for your time
    sash



  • okay this has me stumped for now..
    I reinstalled  the computer as i386 pfsense instead of amd64
    and what I have learned
    for some strange reason the error page works on the I386  version and not the amd64 version

    radtest  seams to work  fine it sends data to mysql so  freeradius and mysql are working fine as it enter mysql data entries into it automatically

    if I install the radius data base with out  reg_user table  the self registration  captive portal page see that it missing table  and fails on  registration .so    captive portal seems to be configure correctly as the  self registration webpage has access to the radius database because  of the table error

    if If have the reg_user  table imported.  into radius database  I no longer  get an error.

    But it does not write anything into reg_user table upon completion of registration  ( so it tells me i have  no write capability or  some sort un seen  mysql error happening  that prevents it from writing)

    if I manual enter in a  user via insert in phpmyadmin into the  reg_users . I also have  have no access and the  self registration  web page  flags that as an unknown user.. so it  it can not read reg_user table for some reason either ..

    it a funny problems and I know very little of mysql to be able debug it easily  – well lets see if any one can successfully get  this self registration page to work.. as at this point I can not  , or at least on a single  pfsense machine  firewall/web serve/database machine anyways..



  • if I manual enter in a  user via insert in phpmyadmin into the  reg_users . I also have  have no access and the  self registration  web page  flags that as an unknown user.. so it  it can not read reg_user table for some reason either ..

    actually "reg_users" table is not necessary for captive portal this table is for monitoring user registration with extra field & cheks mac based security. free radius checks only "radcheck" for user & password. you can manually enter there.

    But it does not write anything into reg_user table upon completion of registration  ( so it tells me i have  no write capability or  some sort un seen  mysql error happening  that prevents it from writing)

    from your configuration i think you dont have permition to write in mysql database. this can be caused if  you dont have permission to write in that folder/disk. or your mysql user privilege is not enough.

    can u please send me your mysql server details.

    my system is running with 20 registered user & increasing every day.



  • @sash99

    I have tested your config in vmware 9 environment with 2.0.2-RELEASE (i386). what i did
    1. installed pfsense.
    2. installed mysql & vhost according to your post.
    3. installed php52-mysql as i mentioned before.
    4. installed free radius2.
    5. config them all
    6. uploaded all the captive portal file.

    but everything seems ok for me. i can register & data also available in database.

    if u are interested i can upload the vmware image.

    sorry to mention before….. i file (main css "bootrtrap.min.css") missing in my captiveportal file list, for which design was not perfect. added in this post.

    can any moderator would be kind to attach this file in my main post please??

    captiveportal-bootstrap.min.css.txt



  • sure I will try your vmware image. hopefully it run in my vm machine  ( I am not using Vmware but usually not to much  problem with different  Vmdisk images from other  programs )



  • Sorry For my delayed reply. i have uploaded virtual image as open virtual format in Google drive. link

    https://docs.google.com/file/d/0B7TKCwKoq_lNdDRmVERaT0ZaeU0/edit

    first network adapter is WAN
    2nd network adapter is LAN

    webgui:

    https://192.168.26.1:1337/index.php

    username : admin
    password: pfsense

    phpmyadmin:

    192.168.26.1:8001/phpmyadmin/

    username: root
    password: pfsense

    best of luck. don forget to update ur result. let me know if face any error.



  • I am on an VMWare exi5.1.0 server … fo some reason I cannot get either network interfaces in you vm to come up.  It looks to be there but no traffic passes... any ideas??



  • @thenomad:

    I am on an VMWare exi5.1.0 server … fo some reason I cannot get either network interfaces in you vm to come up.  It looks to be there but no traffic passes... any ideas??

    what is your virtual network settings? i used wan bridged with my netbook wifi and lan as a host only network.l



  • I fixed it I think… the interface mappings got flipped somehow ... thanks for your reply It got me in the right direction !



  • Ok it IS working as advertised ;D

    but I have one question (from a NON FreeBSD admin) What is the path for the portal php files  does it just sit in /var/etc ??



  • Well I THOUGHT it was working …
    User cannot log in

    error message from the portal

    Your Email & Password Doesnot Match. If you Dont Have Any please Register

    If you think This is an Error Of This System Please Contact Us.

    This is right after the user creates himself through registration.
    Peeking at the database the information (including the password is there)

    BTW phpmyadmin is NOT installed as was indicated used webmin

    If you attempt to re register it tells you that you already have a account under the username

    message is : You are already registered. with <what ever="" the="" name="" user="" registered="" with="">Hellp  :'(</what>



  • @thenomad:

    Well I THOUGHT it was working …
    User cannot log in

    error message from the portal

    Your Email & Password Doesnot Match. If you Dont Have Any please Register

    If you think This is an Error Of This System Please Contact Us.

    This is right after the user creates himself through registration.
    Peeking at the database the information (including the password is there)

    What is your log in system in portal auth log?
    anyway i just test it to selfregistration didnt checked full functionality. please adjust the shared secret in free radius nas & captive portal page.

    BTW phpmyadmin is NOT installed as was indicated used webmin

    of course i have installed phpmyadmin. after your comment i have dloaded from google drive and checked again.

    If you attempt to re register it tells you that you already have a account under the username

    message is : You are already registered. with<what ever="" the="" name="" user="" registered="" with=""></what>

    i have designed this pages for a hotspot solution. so i add some mac based security, like a client with a mac can only register 1 account. if u want to create multiple account change ur mac address. or delete previous account from sqlserver via phpmyadmin

    did Anybody got this tutorial helpful? bcos i have seen more then 10 download of my cp pages. only 2 of them replied.



  • HI khan..
    tried your Vmware image. I can not get it work for me.. the virtualimage works and all but the  root partion in  not set at drive position 0  (ad0s1a) in pfsense    but at the 3rd disk  (ad3s1a).  and your ovf is incompatible.  i tried with a couple virtual machine always the same error  non compliant ovf.  even tried it in Vmplayer same difference….  and when I force it to boot ad0s1a  ( with the mountroot> ufs:/dev/ad0s1a )  in other virtual machines.  pfsense is all broken.. and/or vmware  server just  make it really incompatible with anything other then itself..

    I even open it up in live boot BSD (frenzy) and edited as much as could but it still refuses to work for me

    perhaps if you like to to make a vm appliance with virtualbox or simular



  • @sash99:

    perhaps if you like to to make a vm appliance with virtualbox or simular

    ok i am creating a oracle virtual box image. need some time.



  • Thnx! I would like to test with a virtualbox image!



  • ไม่มีใช้กับ captive portal บ้างเหรอครับ ทำไมมีแต่ free radius



  • Sorry for delayed reply.

    I have uploaded file for virtual machine created with oracle virtual box. Double checked. rar file with recovery record.

    https://docs.google.com/file/d/0B7TKCwKoq_lNYjJ3cE53T013Y28/edit

    first network adapter is WAN (192.168.0.0/23 subnet) change as your requirement.
    2nd network adapter is LAN (192.168.100.0/24 subnet)

    Webgui:

    http://192.168.100.1:1337

    Username: admin
    Password: pfsense

    phpmyadmin:

    http://192.168.100.1:8001/phpmyadmin/

    Username: root
    Password: pfsense

    Captiveportal

    http://192.168.100.1:8000

    Mac based security is enable. so if u need multiple account from one mac please login to phpmyadmin change mac value in reg_user table first.

    I am writing a step by step "how to ". but need some time.
    anyway post your comment.



  • yes and be running



  • I'm testing with the virtualbox image but I get exactly the same message as Thenomand:

    _Your Email & Password Doesnot Match. If you Dont Have Any please Register

    If you think This is an Error Of This System Please Contact Us._

    This is also right after the user creates himself through registration.
    Peeking at the database the information (including the password is there)

    If you attempt to re register it tells you that you already have a account under the username

    message is : You are already registered. with <what ever="" the="" name="" user="" registered="" with="">Anyone how to solve this?</what>



  • After replacing 127.0.0.1 for 192.168.100.1 @ radius settings by captive portal and nas /client en interface settings by FreeRadius it works!

    Is there any solution that multiple users can register from one PC without changing the mac address in DirectAdmin?



  • @khan:

    @sash99

    I have tested your config in vmware 9 environment with 2.0.2-RELEASE (i386). what i did
    1. installed pfsense.
    2. installed mysql & vhost according to your post.
    3. installed php52-mysql as i mentioned before.
    4. installed free radius2.
    5. config them all
    6. uploaded all the captive portal file.

    but everything seems ok for me. i can register & data also available in database.

    if u are interested i can upload the vmware image.

    sorry to mention before….. i file (main css "bootrtrap.min.css") missing in my captiveportal file list, for which design was not perfect. added in this post.

    can any moderator would be kind to attach this file in my main post please??

    Hi! Please help us with the vmware image to test..Thanks Harsh



  • @whoei:

    After replacing 127.0.0.1 for 192.168.100.1 @ radius settings by captive portal and nas /client en interface settings by FreeRadius it works!

    Is there any solution that multiple users can register from one PC without changing the mac address in DirectAdmin?

    sure edit captiveportal-cp_reg_suc.php remove mac chek code.

    Hi! Please help us with the vmware image to test..Thanks Harsh

    ok need some time.



  • @khan:

    @whoei:

    Is there any solution that multiple users can register from one PC without changing the mac address in DirectAdmin?

    sure edit captiveportal-cp_reg_suc.php remove mac chek code.

    It would be better to change the mac-check to mail-check since this will help many users register from the same machine, but with one mail ID per single user. This will prevent multi-registrations from the same mail ID.

    I have done this with pfSense 2.1 beta1 and it works well.

    I am trying to get the hostname also collected through the registration page.  But this does not work as expected.

    Also, is it possible to ask users to register and send the login-password to them through the e-mail ID collected.

    Khan, could you help please?

    Thanks for your time.



  • please help

    after step 1, is the packages are installed via the WebGUI? Which packages?
    why when I execute step 2  /etc/rc.php_ini_setup with Shell Execute command, WebGUI in my browser not stop loading (does not produce anything)?

    thank's



  • I just get this working !! It can register users, there seems to be no problem with it.

    @khan you were right about the writing privileges that you mentioned on the first page. After I gave every permission to 'radius' user vi phpMyAdmin everything worked like a charm :)

    @afry it is bit tricky to install everything. Can you check this post i think it can help you :)
    http://forum.pfsense.org/index.php/topic,62456.msg344907.html#msg344907



  • Thank you very much for your tutorial.

    Got it working. Still missing some functionality but I guess I have to read the correct manuals.

    a question for example:
    How do you see who is online, and how to disable or throw them out?



  • I can´t figure out how to access phpmyadmin so i can proceed with step 2 "add for sql support"
    probably a silly question but how can i



  • Hi EveryOne,
    Thanks to Khan,
    I'm very much new to pfSense.
    But I've Experimented your VMImage.
    The Following Feature I've Implemented in Captive Portal.
    1. Self Registration By User, The User Id is user's Mobile No.
    2. System Generates the Password & Send to Registered Mobile No as SMS.( I prefer to use Mobile No as User may not be able to access Email).

    I request to all for the guidance to implement following feature:
    1. How the Validity of the Password can be Control.
    2. System Logout Popup Window is not Open.
    3. can Both Voucher & Radius Authentication Implemented at a time.
    4. Is there any process to send user the Voucher No.
    5. Is there any process to extend the validity of voucher/password.

    Thanks in advance.
    Prakash



  • Hi! Khan

    Thanks for your wonderful work which I was looking for a long time to add into my pfsense machine which I am using for providing Internet access to students in university. I ll really appreciate if you can help me with the working VMware image to enable me to test the same.

    Regards

    Harsh
    harshkukreja2008@gmail.com