Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal + FreeRadius + Database

    Captive Portal
    4
    6
    4821
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      j4nus
      last edited by

      Dear,

      I'm interested in the creation of a captive portal with radius authentication.

      The goal is to create 2 types of account: user and admin accounts

      An user account is limited to x minutes and the account must be disabled or deleted when the time expires.
      Ideally the user account should also be limited in the upload/download. When the quota is reached, the account must also be disabled or delted.

      An admin account is not limited (in transfer quota or time quota).

      I know that for this kind of rules I need a database.

      Is it possible to easily install a database coupled with the freeradius on the same machine (everything on the pfsense machine).

      Thanks to share your experience.

      J4nus

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        It's for obvious reasons not such a good idea to install a database on a firewall.

        Search the forum on this.
        There are quite a few threads about this exact topic.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • J
          j4nus
          last edited by

          Yes I know it's certainly not the best solution but I don't have any another choice following the requirements.

          1 Reply Last reply Reply Quote 0
          • J
            j4nus
            last edited by

            Ok mysql and freeradius are now up and running.

            I created some account in the database, the idle time-out (Idle-Timeout radius argument) seems to work well but the Session-Timeout (the other radius argument that should disconnect the client when he reaches its time limits) doesn't work.

            I tried the "hard time out" in the pfsense gui, that works well but it's not what I need. I only need a session timeout for the "users" account.

            Does somebody tried before ?

            I'm also looking for a solution to disconnect an user when his upload/download limit is exceeded.

            1 Reply Last reply Reply Quote 0
            • H
              hoba
              last edited by

              You can use the reauthenticate every minute option with accounting to the radius server. The radius server can then reject the reauthentication if the user's quota is used up. This however will not work for really huge deployments (more than 50-60 concurrent wireless users will start to become tricky).

              1 Reply Last reply Reply Quote 0
              • C
                craibo
                last edited by

                Did you manage to achieve an upload/download quota? I have been trying to do it for a while now with no success.

                If you did achieve it please could you let me know how.

                Many thanks

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post