Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Use Cron to auto kick all users?

    Scheduled Pinned Locked Moved Captive Portal
    7 Posts 3 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      Alan87i
      last edited by

      Is there a command to either restart CP or simply kick all the users.

      I've got a 2.0.3 system  testing CP with free radius2 running behind my lan  I'm using Mac auth with FR2 and have usage setup and it seems to work fine.

      I ran the command to remove the used octets files and noticed that the user who was still connected at the time was not counting traffic . User has 0 of x MB . Only after forcing that user to disconnect and reconnect did the counter start to work again.

      My best idea would be to have cron kick all the users 2 minutes after resetting the usage octets files.

      1 Reply Last reply Reply Quote 0
      • B Offline
        Bonline
        last edited by

        first of all, look here

        your question is really close / related to this

        http://forum.pfsense.org/index.php/topic,61465.0.html

        second:

        mac auth :  let it !!  very unsecure !!

        use it on a "right combination"  username+password + mac check on radius  … uid/pwd will only work with one device (better ! )

        third :

        use : reauthentiate every minute  (this update the counts  and your radius user will be kicked (at least one minut after he reached his limits (time or volume)

        regards

        1 Reply Last reply Reply Quote 0
        • B Offline
          Bonline
          last edited by

          reauthenticate every minute + interim update

          thats the right way

          1 Reply Last reply Reply Quote 0
          • A Offline
            Alan87i
            last edited by

            I have reauth every minute set .
            I lowered the idle timeout and that seems to solve the constantly connected issue.

            1 Reply Last reply Reply Quote 0
            • B Offline
              Bonline
              last edited by

              use 5min idle, so you emulate a logout

              and a 24h hard timeout

              let radius handle billing timout itself

              use interim

              • reauthenticate every minute

              your pb will be solved

              and dont use mac only auth
              i could crack your access control in 2 minutes

              use mac check on radius as a supplementary "device right" checking

              (users shares accounts !!!  always !!)  like this you reduce the sharings

              1 Reply Last reply Reply Quote 0
              • B Offline
                Bonline
                last edited by

                and ssl-ize your CP …

                so users wont be able to sniff negociations

                even if you use mac auth..  a sniffer could see all submitted mac addresses to control requests...

                you need a valid ssl if you use only mac auth

                on this way the login will be transparent, (on first request)  and ssl-ized

                1 Reply Last reply Reply Quote 0
                • L Offline
                  Lectrician
                  last edited by

                  I use cron to kick users at just past midnight for our WiFi access (when the pub closes).  I also have a time lock implemented which shows a "Our WiFi is off" message instead of the captive portal once users are kicked.

                  See this post here: http://forum.pfsense.org/index.php/topic,61730.msg333062.html#msg333062 I have posted the code I used to kick users at a set time.

                  In saying this, when I run my script to kick all users, it does kick all users perfectly, and when you look in the captiveportal.db file, it is completely empty, so obviously works.  It does make me wonder if it would be simpler to just open the .db file and delete the contents, or even just delete the file (assuming pfsense will re-create it when required).  Not tried this though, so don't take my work for it!  The script linked to above works perfectly though!

                  you can remove all the echo outputs from the script, and also remove the portion that writes a log file (that was more for me to check it was running through cron).

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.