Captive Portal - machine login issues



  • Release 2.0.3

    I have a dozen CPs located at different sites, all authenticating users in Active Directory via central RADIUS servers. This works very well for users logging in via the CP web page.

    However, I have a hundred or so Android tablets that need to get through CP without user input. At first I had all the MACs listed as exceptions at each of the dozen CPs, and it worked, but admin is a pain so I wanted the MACs defined in a central location.

    So, I made use of the CP ability to use MAC authentication via RADIUS - set the accounts up in AD, ticked the boxes in CP, removed the local MAC exceptions.

    Everything seemed to work, but I soon started to get reports of some (but seemingly not all) tablets taking a long time to get access - sometimes hours.

    For the failing tablets: I know they're connected to the CP because I can see DHCP allocating addresses, but I see no attempts by CP to request authentication from the RADIUS servers. The tablets are running a custom app that I have no control over and I can't tell what response they're getting when they try to access a web page - maybe they're being fed the normal CP login page, maybe not.

    Has anyone else seen problems when using CP with MAC authentication via RADIUS?



  • I've found the problem, though not the solution.

    The tablets are configured to connect to a https site, and CP redirects only access to port 80, not port 443, as mentioned here: http://forum.pfsense.org/index.php?topic=53630.0

    For the tabelts that do work, I guess there's some background process that's communicating with a site via port 80, this allows CP to authenticate the MAC, so https access then works as expected.