Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Captive Portal and Radius, username in lowercase and uppercase validation

    Captive Portal
    3
    3
    974
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ianstrainor last edited by

      Hi

      Using a Captive Portal back to Windows Server 2008 NPS. Working perfectly
      Have "Enable Pass-through MAC automatic additions" enabled and that works, it will add to the Pass thru mac list XX:XX:XX:XX:XX:XX for user xxxxxx.

      THe issue is that I have  Disable concurrent logins enabled. As I only want users to have 1 device on network. But if enroll one device using the name joe, it will add that, but you can then add another one using the name Joe, and JOe and JOE. There seems to be no case sensitive validation on the username field in the portal

      Anyone come across this? Or a solution to it?

      THanks

      1 Reply Last reply Reply Quote 0
      • Gertjan
        Gertjan last edited by

        Hi,

        Yep, it possible.
        But, it isn't a settings somewhere, you have edit the source.

        Open this file : /usr/local/captiveportal/index.php
        (while loading, read this : http://stackoverflow.com/questions/1486723/does-php-include-toupper-and-tolower-functions )

        Find line 181, it should read this:

        		$auth_list = radius($user,$paswd,$clientip,$clientmac,"USER LOGIN", $radiusctx);
        
        		$auth_list = radius($user,strtolower($paswd),$clientip,$clientmac,"USER LOGIN", $radiusctx);
        

        This will force all entered 'password' characters into lower case.
        In your authentication database, all passwords should be stored in lowercase.

        There are NO side effects, just keep in mind that when you update pfSense, your manual edits could be lost.

        No "help me" PM's please. Use the forum.

        1 Reply Last reply Reply Quote 0
        • Derelict
          Derelict LAYER 8 Netgate last edited by

          Or this, maybe:

          $auth_list = radius(strtolower($user),$paswd,$clientip,$clientmac,"USER LOGIN", $radiusctx);
          

          You could also strtolower() the password, but that would just be to let people log in with capslock on.  If you do you need to make sure you also strtolower() the password before you save it/hash it/etc in whatever RADIUS is using as a backend.

          Back in the dialup days we used to have some logic that would lowercase the password and try again if the initial login failed and the entered password wasn't mixed case.  Kept the phone from ringing unnecessarily.  Today, that would just give the assholes two tries for every attempt.

          Chattanooga, Tennessee, USA
          The pfSense Book is free of charge!
          DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post