Captive Portal - machine login issues
I have a dozen CPs located at different sites, all authenticating users in Active Directory via central RADIUS servers. This works very well for users logging in via the CP web page.
However, I have a hundred or so Android tablets that need to get through CP without user input. At first I had all the MACs listed as exceptions at each of the dozen CPs, and it worked, but admin is a pain so I wanted the MACs defined in a central location.
So, I made use of the CP ability to use MAC authentication via RADIUS - set the accounts up in AD, ticked the boxes in CP, removed the local MAC exceptions.
Everything seemed to work, but I soon started to get reports of some (but seemingly not all) tablets taking a long time to get access - sometimes hours.
For the failing tablets: I know they're connected to the CP because I can see DHCP allocating addresses, but I see no attempts by CP to request authentication from the RADIUS servers. The tablets are running a custom app that I have no control over and I can't tell what response they're getting when they try to access a web page - maybe they're being fed the normal CP login page, maybe not.
Has anyone else seen problems when using CP with MAC authentication via RADIUS?
I've found the problem, though not the solution.
The tablets are configured to connect to a https site, and CP redirects only access to port 80, not port 443, as mentioned here: http://forum.pfsense.org/index.php?topic=53630.0
For the tabelts that do work, I guess there's some background process that's communicating with a site via port 80, this allows CP to authenticate the MAC, so https access then works as expected.