[HOWTO] Captive portal + FreeRADIUS + local MySQL user friendly single step

caraffandee

Hi Deajan.
Firstly a big thank for this great howto. Detailed and comprehensive.
Now, I apologize, I'm a newbee about pfSense (although an experienced Linux/PHP/DB/ecc. programmer), so my question might be trivial.
The network I'm trying to setup with your captive portal feature has a router (Zyxel) with REDIUS support. The router is also configured to act as DHCP server for my local network. Actually my pfSense machine/installation will be used ONLY for RADIUS/CaptivePortal authentication. In other words, my pfSense installation is configured in "appliance" mode, i.e. with the only one eth interface (WAN) enabled. I've configured the router to assign a static IP to my pfSense server.
The point now is this. When I create a CP zone in the WebConfigurator, at the bottom of the page I read the following hint:

Don't forget to enable the DHCP server on the captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the hard timeout entered on this page. Also, the DNS Forwarder or Resolver must be enabled for DNS lookups by unauthenticated clients to work.

What about the DHCP server on the CP interface? Do I need to disable the router's DHCP server, in order to have pfSense assign all the mess, or is there another way to configure the DNS resolver?
Thanks again for the great howto and any suggestion you'll give.

deajan

Sorry for the late reply.
As long as the DNS is pfSense, I think you can use whatever DHCP server you like.

deajan

@nhimcoi30889

I'm pretty sure that you have two instances of mysql running. Check with ps aux.

astatine

Hi deajan,

First thank you very much for this perfect HOWTO.

But I got a problem when i import the admin.sql script. Please have a look below:

 mysql radius < admin.sql
ERROR 1064 (42000) at line 31: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'PRIVIELGES' at line 1

Do you have any idea how to fix it? I am running a brand new pfsense 2.3 on a PC. Thank you in advance.

deajan

There was a typo in admin.sql, should read PRIVILEGES and not PRIVIELGES.
Corrected on github. You may redownload the latest archive at https://github.com/deajan/pfSense-cp-auth-onestep/archive/master.zip

astatine

@deajan:

There was a typo in admin.sql, should read PRIVILEGES and not PRIVIELGES.
Corrected on github. You may redownload the latest archive at https://github.com/deajan/pfSense-cp-auth-onestep/archive/master.zip

Merci!!! Problem solved!!

xAm56

Hello deajan,

First thank you a lot for your work, the system works great !

I try to use your template only with the "room number" field  to log in on the portal.

I successfully disable the others fields (familyName, surName, emailAddress and newsletter) but when i validate the form, I've a blank page.

However, I pass the portal and I can access to the web but the result is not very clean

Could you please explain me which modifications I have to make in ozy-captive.php and perhaps in captiveportal-config.php .

Thanks in advance !

deajan

Hello xAm56,

As far as I remember, the username is a combination of emailAdress and roomNumber and password is a combination of familyName and surName, in order to get some degree of randomness.
Basically, only using room number would mean that Radius records would not be unique.

I'll have a to push an update until monday which adds the language parameter in the url.
I'll try to check your usecase in the same time.

Regards,
Orsiris.

deajan

Have a look at the latest commits on github at https://github.com/deajan/pfSense-cp-auth-onestep/releases/tag/v0.44

saygon

Hi @deajan and thank you for your amazing work!

Unfortunately I'm not able to run mysql server.
I have made a clean install of pfSense 2.3, configured wan and lan, internet works. I'm also able to install all what do you mentioned on this guide.
Each time I try start mysql server it comes some error:

[2.3.2-RELEASE][admin@pfSense.localdomain]/root: service mysql-server.sh start
Starting mysql.
Bad -c option
/usr/local/etc/rc.d/mysql-server.sh: WARNING: failed to start mysql

I have already research on Google regarding to this error, but don't found nothing useful.
Please let me know if you need some additional info or log output.

deajan

@saygon I remember having dealt with that error while developping this project.
Don't remember the exact root cause… probably a bad mysql version installed.

Remove and reinstall the version corresponding to your setup.
If the problem still occurs, post the content of your mysql_server.sh file, and mysql -v output.

astatine

+–--+----------+-------+---------------+---------------------+
| id | username | pass  | reply        | authdate            |
+----+----------+-------+---------------+---------------------+
|  1 | testu    | testp | Access-Accept | 2015-09-29 15:13:24 |
+----+----------+-------+---------------+---------------------+

Hello deajan,

would you please tell me , how can I set MD5 encrypt here for user password?

deajan

@astatine Your question isn't in the scope of this howto. Please make your own question regarding FreeRADIUS + MySQL setup only.

joel.dq

Hello !

I'm new to pfSense and forum. I was tasked to set up this type of access for an organization and I'm having a small trouble that  I probably think it's pretty stupid but can't make it work.

I followed the instructions to the letter and I got the captive portal working as is- No modification of the files except for mysql password etc.

On the LAN PC I get successfully forwarded to the Captive Portal but as soon as I press Connect nothing happens, the form is cleared (as if new connection) and remain there.

I tried to see if the PHP inserted something in the radius DB but I found nothing there and for the life of me I can't find in the logs, or where in the logs, I can tail if there are connectivity errors with mysql +  php etc.

I do want t thank you though, the guide is very detailed and I was able to set everything up quick. I just now need to to make that work.

Thanks !

deajan

Hello joel.dq,

Can you activate debug mode in captiveportal-config.php ?

joel.dq

I think I did already. Where should I see that logging?

deajan

There's no logging, it's about getting the error messages onscreen.
What version of the captive portal code are you using ? What user input do you ask for to connect ?

joel.dq

@deajan:

There's no logging, it's about getting the error messages onscreen.
What version of the captive portal code are you using ? What user input do you ask for to connect ?

Hello

I'm using 2.3.2-RELEASE-p1 version.

The inputs I'm asking are

1. Room # (renamed to Age) . I put it because I can read in the code that the room# is used to create the radius account.
2. Name
3. Surname
4. Mail

Debug is enabled

/usr/local/captiveportal: cat captiveportal-config.php | grep DEBUG
DEFINE("DEBUG", true);
DEFINE("DEBUG", true);

What is happening is that I do get the Captive Portal. I fill the details and click Connect. Nothing happens, no error on the screen and simply clears the form as if first reaching the CP page.

http://i.imgur.com/a/TfTn4

and form gets cleared

http://imgur.com/a/Z8Udw

I normally try to debug myself, I have rudimentary php skills to understand what code does, but I'm lost when JS is involved.

deajan

Hello,

What version of captiveportal do you use ? Latest from git ?

Can you mail me your captiveportal-config.php file at ozy at netpower dot fr ?

Also, assuming you did a Spanish translation, can you give me that so I add it to git ?

joel.dq

@deajan:

Hello,

What version of captiveportal do you use ? Latest from git ?

Can you mail me your captiveportal-config.php file at ozy at netpower dot fr ?

Also, assuming you did a Spanish translation, can you give me that so I add it to git ?

Latest from GIT. Sending and many thanks for your assistance.

I'll send you the spanish translation a bit later. Modified it outside hotel for educative institute.