Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal and Radius, username in lowercase and uppercase validation

    Scheduled Pinned Locked Moved Captive Portal
    3 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ianstrainor
      last edited by

      Hi

      Using a Captive Portal back to Windows Server 2008 NPS. Working perfectly
      Have "Enable Pass-through MAC automatic additions" enabled and that works, it will add to the Pass thru mac list XX:XX:XX:XX:XX:XX for user xxxxxx.

      THe issue is that I have  Disable concurrent logins enabled. As I only want users to have 1 device on network. But if enroll one device using the name joe, it will add that, but you can then add another one using the name Joe, and JOe and JOE. There seems to be no case sensitive validation on the username field in the portal

      Anyone come across this? Or a solution to it?

      THanks

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        Yep, it possible.
        But, it isn't a settings somewhere, you have edit the source.

        Open this file : /usr/local/captiveportal/index.php
        (while loading, read this : http://stackoverflow.com/questions/1486723/does-php-include-toupper-and-tolower-functions )

        Find line 181, it should read this:

        		$auth_list = radius($user,$paswd,$clientip,$clientmac,"USER LOGIN", $radiusctx);
        
        		$auth_list = radius($user,strtolower($paswd),$clientip,$clientmac,"USER LOGIN", $radiusctx);
        

        This will force all entered 'password' characters into lower case.
        In your authentication database, all passwords should be stored in lowercase.

        There are NO side effects, just keep in mind that when you update pfSense, your manual edits could be lost.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          Or this, maybe:

          $auth_list = radius(strtolower($user),$paswd,$clientip,$clientmac,"USER LOGIN", $radiusctx);
          

          You could also strtolower() the password, but that would just be to let people log in with capslock on.  If you do you need to make sure you also strtolower() the password before you save it/hash it/etc in whatever RADIUS is using as a backend.

          Back in the dialup days we used to have some logic that would lowercase the password and try again if the initial login failed and the entered password wasn't mixed case.  Kept the phone from ringing unnecessarily.  Today, that would just give the assholes two tries for every attempt.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.