Users authenticating via radius but CP redirecting to the login page



  • Pfsense 2.1
    Captive portal setup with radius authentication via a Windows 2008 box on active directory
    Squid proxy server on the pfsense box
    DHCP relay to Windows DHCP server

    My users connect to the wifi network and then are asked to authenticate with their Active Directory username/password. This works for 99% of users. When they authenticate, they get sent to google.

    Every now and then I get a user who inputs their username and password but the captive portal page just flashes and asks them for their credentials again instead of sending them to Google. I have checked the logs on the Radius server and I can see then being granted access as they match the policy but the user does not show up on the status of Captive Portal. I just had one user who had a iphone 3gs which he has been using for months no problem. I could not get him logged in. I asked him to try on an android tablet and it logged him in fine. I could then seem him in the captive portal status page with the mac address of the android tablet.

    The only way I am able to resolve this is to reboot the pfsense box but I would love to know a better way of doing it. I average about 300 users daily and if I reboot, they need to re-authenticate.

    Any Ideas?