Captive Portal + FreeRadius + Database
I'm interested in the creation of a captive portal with radius authentication.
The goal is to create 2 types of account: user and admin accounts
An user account is limited to x minutes and the account must be disabled or deleted when the time expires.
Ideally the user account should also be limited in the upload/download. When the quota is reached, the account must also be disabled or delted.
An admin account is not limited (in transfer quota or time quota).
I know that for this kind of rules I need a database.
Is it possible to easily install a database coupled with the freeradius on the same machine (everything on the pfsense machine).
Thanks to share your experience.
GruensFroeschli last edited by
It's for obvious reasons not such a good idea to install a database on a firewall.
Search the forum on this.
There are quite a few threads about this exact topic.
Yes I know it's certainly not the best solution but I don't have any another choice following the requirements.
Ok mysql and freeradius are now up and running.
I created some account in the database, the idle time-out (Idle-Timeout radius argument) seems to work well but the Session-Timeout (the other radius argument that should disconnect the client when he reaches its time limits) doesn't work.
I tried the "hard time out" in the pfsense gui, that works well but it's not what I need. I only need a session timeout for the "users" account.
Does somebody tried before ?
I'm also looking for a solution to disconnect an user when his upload/download limit is exceeded.
You can use the reauthenticate every minute option with accounting to the radius server. The radius server can then reject the reauthentication if the user's quota is used up. This however will not work for really huge deployments (more than 50-60 concurrent wireless users will start to become tricky).
Did you manage to achieve an upload/download quota? I have been trying to do it for a while now with no success.
If you did achieve it please could you let me know how.