Change CP authentication type by time of day



  • I looked at this post:
    https://208.123.73.68/index.php?topic=60695.msg331188#msg331188

    And it seemed to do what I need. Certain hours of the day we still want a captive portal screen, just no password required. Use a cron job to copy 2 different HTML pages served up by captive portal as the authentication screen. One page contains a hidden (obfuscated) password, the other a normal login prompt.

    So it works in that looking at the /var/etc/captiveportal_zone.html file via the PFsense file viewer, I see my obfuscated login page, then I execute the "password_required" script and I see the normal password required page.

    But the captive portal never serves up any different pages. I always get the normal original login page, as if nothing changed.
    I tried restarting the captive portal service, it didn't make any difference. Rebooting the whole box didn't help either.

    Anything else I can do to make this work?



  • Are your "zone" names correct?



  • Yes, oddly enough, my captive portal zone is just named zone.



  • What happends when u run your script manually?

    Is your cronjob correct? (absolute paths)



  • So I never got that process in the OP to work.
    It seems that all config data is stored in the XML config file, changing the HTML files on disk doesn't do anything.

    I then tried  some other hack that involved disabling the captive portal and then re-enabling it using cron. That didn't work either.

    I just wanted a normal captive portal login during the day, and after hours, a simple page showing the AUP and a button to accept it and get online.

    But this did:

    • Install and configure freeradius; create 2 users, one for normal guest access, one for after-hours access. The normal account has a password we change periodically and only give to known guests. The after-hours account has a simple password, but is restricted in radius to only be allowed to login after hours.
    • Configure captive portal to use radius for authentication.
    • Create custom captive portal login screen with a bit of javascript which hides an entire DIV. During the day it shows a DIV containing the normal captive portal login form. After hours, it hides that DIV and displays another one which shows a different login form, using the after-hours username/password as hidden fields, and a plain ACCEPT button.
    • In morning, I reboot the firewall to boot everyone who might be using the after-hours login still off the guest network.

    Since the after-hours radius user is restricted to certain login hours, even if someone does a view source and gets the account info, it won't help them.

    Only downside is it relies on the time on the client being correct, but I'm willing to live with that.

    I can post the source of the captive portal login page if anyone is interested.