[HOWTO] Captive portal + FreeRADIUS + local MySQL user friendly single step
-
i got the latest git files and works perfect ..
i did some mods on sql tables(more fields, to administrative purposes) and working too
i'm using pf 2.3.2p1
i used toghther Squid and LightSquid to do Reports and work too
great Job
-
Ok, i found the table name. It is radcheck.
Captive Portal is successfully authenticating username password stored in this table.Now one question: how do i set usage type to users.
for e.g I want some user to have
1GB per day or
2 HR access or
100MB for 2 Hrs
etc. -
@sanketgroup This is out of the captive portal discussion but after a short google request I found this one:
INSERT INTO radcheck ( id , UserName , Attribute , op , Value ) VALUES ( NULL , 'user', 'user-password', '==', 'user'); INSERT INTO radreply (username, attribute, op, value) VALUES ('user', 'Rate-Limit', '=', '1024k/1024k');
It may be adapted to fit actual radius table scheme, you may find info on how to configure it on freeradius documentation.
-
First of all, amazing job, it works perfectly.
However I have a small problem: in french and in spanish accents dont work.
I use UTF-8 in HTML header.
It only works if for example I replace á with á in the config file
Im also using the files from your githubIs there anything that should be added?
-
@ardorin Strange, I actually developped this on french computers and did never get any trouble. What navigator do you use to check this ?
Also, can you try to add the following after line 327 ?
-
I tried adding that line and then in both Chrome and Firefox without any luck.
If I type any input in the HTML file with accents, it works, so the HTML header seems fine. The problem are the accents in the strings of the config file, for some reason they are not being coded correctly when introduced in the main file. Characters with accents are being replaced by a question mark.
I did edit your code a bit, but I didnt touch anything of the HTML part. -
@ardorin What platform are you running ?
I hope you didn't copy paste some of the code :)
Please check that all files are UTF-8 without BOM encoded. -
I edited the database part, so those changes I made should not be irrelevant (and that part is working perfectly)
Yes, every file is UTF without BOM encoded -
Dear, I have the problem "/index.php: Submission to captiveportal with unknown parameter zone:".
I got the newest files and still the error continues.
I looked over the correction post and I also could not solve it.
Home page opens to register the form and fell on a white page with the url: http://192.168.123.1:8002/index.php?zone=&redirurl=&language=en.
In the log the message "/index.php: Submission to captiveportal with unknown parameter zone:"
Can someone help me I'm out of ideas? -
@ardorin: out of ideas here. Have tested it on linux / windows, using various languages and systems. Didn't happen to me. Maybe start with a fresh install and try again ?
@Alexandre4sol: Are you running on 2.2 ? Cause zone parameter was introduced in 2.3. Also, what's your exact zone name ? -
@deajan: Hi, thanks for helping me out.
I'm using version 2.3.2-RELEASE (i386)
the captive portal zone is "guest"
This is the link to open the registration form. http://192.168.123.1:8002/index.php?zone=guest&redirurl=http%3A%2F%2Fwww.gstatic.com%2Fgenerate_204![Captura de Tela 2017-02-04 a?s 10.28.56.png](/public/imported_attachments/1/Captura de Tela 2017-02-04 a?s 10.28.56.png)
![Captura de Tela 2017-02-04 a?s 10.28.56.png_thumb](/public/imported_attachments/1/Captura de Tela 2017-02-04 a?s 10.28.56.png_thumb) -
@Alexandre4sol: I think dhipo on this thread did have the same error. Maybe you should talk to him to see how he managed to solve this. As for me I'll have to make some tests because I never encountered that problem.
-
Hi had issues with the one downloaded from git.
https://codeload.github.com/deajan/pfSense-cp-auth-onestep/zip/master
The old version worked fine but the new one didn't.
http://netpower.fr/sites/default/files/soft/bin/pfSense-cp-auth-onestep.gz
Fatal error: Call to undefined function mysql_real_escape_string() in /var/etc/captiveportal_wifi.html on line 35 Call Stack: 0.0002 226208 1. {main}() /usr/local/captiveportal/index.php:0 0.0170 1469432 2. portal_reply_page() /usr/local/captiveportal/index.php:288 0.0171 1469680 3. get_include_contents() /etc/inc/captiveportal.inc:1944 0.0172 1487664 4. include('/var/etc/captiveportal_wifi.html') /etc/inc/pfsense-utils.inc:2601 0.0277 1500240 5. cleanInput() /var/etc/captiveportal_wifi.html:45 PHP ERROR: Type: 1, File: /var/etc/captiveportal_wifi.html, Line: 35, Message: Call to undefined function mysql_real_escape_string()
-
@guterkerl That's why releases exist on github, in order to not pick up a project at a random moment in the dev process. You should take release v0.46 on github which is latest and functionnal.
-
oh ok thanks deajan
-
@deajan, I followed your instruction on PFS2.3.3 and it worked like a champ. I tried to customize to my enviroment and was wondering on I would change the font size of "Hotel WiFi"?
-
@probie Late reply, sorry. You can mod the text size directly in the css of ozy-captive.php. Find the line with```
.vertical-text -
Hi Deajan, Thank you for sharing your work.
My mistake I messed up mysql password during 'secure installation'.How can I reset it to carry on with your [How To]
Thank you again.
Krotin
-
@krotin google is your friend http://www.pastbedti.me/2008/11/resetrecover-mysql-root-password-in-freebsd/
-
Thank you, I know google is my friend but i'm not trusting every source granted i'm new to freebsd.
At least I know I can safely follow those instructions with your recommendations.
Thank you for your kindness Sir.
Krotin.
-
Hello. Is your work runnig both 32bit and 64bit platforms? Coz i noticed that some installation commands end with "amd64". So it means that installation package is for 64bit platform? When i wanna use 32bit platform do i have to use 32bit installion package?
-
Hi, I try to instal but when i try to instal mysql56-server, or mysql57-server go in conflict with the library libevent2-2.0.22_1 and libevent-2.1.8 in 64 bit version.
To no one else does the same?
-
I resolved the situation by using the development version 2.3.4-DEVELOPMENT (amd64), that does'nt have library conflict.
Also I have a problem with freeradius version 1.7.8 that don't allow to input into the interface the ip 127.0.0.1 so after installing freeradius I modificate the file /usr/local/pkg/freeradius.inc at line 4384 from
if (!is_ipaddr_configured($post['varinterfaceip'])) {
to
if (!is_ipaddr_configured($post['varinterfaceip']) && $post['varinterfaceip'] != "127.0.0.1") {
I found the information in tha post https://forum.pfsense.org/index.php?topic=127875.0
the last problem with freeradius version 1.7.8 is that need in the EAP section on "certificates for tls" all the voice with a hit
in the first you need to create a CA certificate, in the second a revacation list for the certificate and in the thir a ssl server certificate
Hi, I try to instal but when i try to instal mysql56-server, or mysql57-server go in conflict with the library libevent2-2.0.22_1 and libevent-2.1.8 in 64 bit version.
To no one else does the same?
-
Also I have a problem with freeradius version 1.7.8 that don't allow to input into the interface the ip 127.0.0.1 so after installing freeradius I modificate the file /usr/local/pkg/freeradius.inc at line 4384 from
if (!is_ipaddr_configured($post['varinterfaceip'])) {
to
if (!is_ipaddr_configured($post['varinterfaceip']) && $post['varinterfaceip'] != "127.0.0.1") {
I found the information in tha post https://forum.pfsense.org/index.php?topic=127875.0
Thanks for sharing. I have to setup a new pfSense test platform these days because of some changes I recently made on the mysql code. I'll update the howto then.
-
You have not updated this documentation page at this time
http://netpower.fr/sites/default/files/soft/html-doc/pfSense-cp-auth-onestep_0.html
-
You have not updated this documentation page at this time
http://netpower.fr/sites/default/files/soft/html-doc/pfSense-cp-auth-onestep_0.html
I'm aware of that :) Still have to redo the whole howto on a recent pfSense build in order to rewrite it properly and address new issues, but as always, time is a b****, and I was more eager to rewrite the portal itself for security reasons than the manual.
-
Hi deajan, thanks a lot for this project.
Is it possible to use this Captive Portal for self registration on a unencrypted WLAN SSID with username and password, and use these credentials to authenticate on a encrypted WPA2 Enterprise SSID (with PEAP authentification or something like that)? -
Hi deajan, thanks a lot for this project.
Is it possible to use this Captive Portal for self registration on a unencrypted WLAN SSID with username and password, and use these credentials to authenticate on a encrypted WPA2 Enterprise SSID (with PEAP authentification or something like that)?Hi,
I'm not really sure what's your usecase here, but if I understand right, you want users to self sign in on a first wireless network, then have them connect on the secured wireless network with the credentials they created earlier.
You would have to modify the code of the captive portal to add a password option (let's say instead of the room number or so).
Then you'd need to add the pfSense FreeRADIUS server to your WPA2 setup.
Could you elaborate a bit please ? -
Hi,
I'm not really sure what's your usecase here, but if I understand right, you want users to self sign in on a first wireless network, then have them connect on the secured wireless network with the credentials they created earlier.
You would have to modify the code of the captive portal to add a password option (let's say instead of the room number or so).
Then you'd need to add the pfSense FreeRADIUS server to your WPA2 setup.
Could you elaborate a bit please ?That's exactly what I want to implement.
I've got three LANCOM L-322agn Access Points, one LANCOM WLC-4006+ Controller and a pfSense Setup. This will be used for a public WLAN in a small industrial area. The idea is to provide these two SSIDs with the access points at the same time. I do not want to use a "normal" WPA with pre shared key to provide more security when using the WLAN without VPN. I Think 802.1x/EAP with MSCHAPv2 or somethink like that would be better. What would be the best way to do that with your Captive portal solution? My PHP and JavaScript knowledge is unfortunately limited :-\ -
Is there any way with this setup to limit the amount of data one user can use at one time? say i want user bob to only have a max download limit of 1 GB for the duration of his time at the hotel?
-
Especially for Bob ? or All Bobs ? :)
-
Especially for Bob ? or All Bobs ? :)
All Bobs lets say have a max download each of 1gb and all daves have max download of 500mbs
i have tried this
INSERT INTOradcheck
(id
,username
,attribute
,op
,value
)VALUES (NULL, 'bob', 'Acct-Output-Octets', ':<', '5242880');
INSERT INTOradcheck
(id
,username
,attribute
,op
,value
)VALUES (NULL, 'bob', 'Acct-Output-Octets', ':=', '5242880');
INSERT INTOradcheck
(id
,username
,attribute
,op
,value
)VALUES (NULL, 'bob', 'Acct-Output-Octets', ':!=', '5242880');
INSERT INTOradcheck
(id
,username
,attribute
,op
,value
)VALUES (NULL, 'test3', 'Max-forever-Octets', ':=', '5242880');I guess im not supposed to do this as Freenas documentation says i cant use < as a operator for check…. any idear ?
-
You should check FreeRADIUS docu for this: https://wiki.freeradius.org/modules/Rlm_sqlcounter
Also, check that rlm_sqlcounter module is present in pfSense :) -
Hi Deajan!
I am trying to implement your solution at a hotel.
So also Freeradius and MySQL are working fine, but the Captive Portal didn't.
I tried twice, building two VMs in Virtual Box and pfSense 2.3 (last stable version). The first machine, after fill the form and accept the terms of use, when I click on confirm button appears 404 error. After hours and hours looking for what could be happening I gave up and decided to start over again, building a new VM.
In the second VM I took the same case: MySql and Freeradius are working fine, but now when I click on confirm button appears a blank page without any error. In browser address bar appears the Server IP + /$ symbol.
Can you advice me to find a solution? I had past entire Sunday doing this!
My best regards!
GiovaniPS: I found in my downloads a 2.2 pfSense version. I was thougthing in do a downgrade.
-
…. when I click on confirm button appears 404 error. After hours and hours looking for what could be happening I gave up and decided to start over again, building a new VM.
In the second VM I took the same case: MySql and Freeradius are working fine, but now when I click on confirm button appears a blank page without any error. In browser address bar appears the Server IP + /$ symbol.
....(The captive portal) web server log didn't mention what happened ??
Are you using the default built-in captive portal page ? -
@giovani.junior: Don't use the integrated view button as behavior changed in 2.3.2+, see https://forum.pfsense.org/index.php?topic=132106.0
Also, have you configured the redirection address for the CP ? -
Hi everyone, I modified the template for adding profilation and for ask a question to a clients.
Here is the file
https://github.com/mastrus/pfSense-cp-auth-onestep
Now I want to ask if is possible to have first autentication after 2 hours and one autentication after 8 hours with a different form page.
You can say how Do it?
I have also automated by shell script the creation of the machine with captive portal (after also i post the code).
Thanks in advance
Alessandro
-
…. when I click on confirm button appears 404 error. After hours and hours looking for what could be happening I gave up and decided to start over again, building a new VM.
In the second VM I took the same case: MySql and Freeradius are working fine, but now when I click on confirm button appears a blank page without any error. In browser address bar appears the Server IP + /$ symbol.
....(The captive portal) web server log didn't mention what happened ??
Are you using the default built-in captive portal page ?@Gertjan, the web server log doesn't show anything interesting or any error.
No, I am using the captive portal developed by deajan!
My best rgds! -
@giovani.junior: Don't use the integrated view button as behavior changed in 2.3.2+, see https://forum.pfsense.org/index.php?topic=132106.0
Also, have you configured the redirection address for the CP ?@deajan, sorry me because my ignorance, but where is this view button? Is it a captive portal configuration or a resource in web page?
Yes, I had configured the redirection address to http://www.google.com.
My best regards! -
Hi guys!
I took a print screen from login e post login captive portal page.
Please, any idea?![CP Image Login.png](/public/imported_attachments/1/CP Image Login.png)
![CP Image Login.png_thumb](/public/imported_attachments/1/CP Image Login.png_thumb)
![CP Post Login.png](/public/imported_attachments/1/CP Post Login.png)
![CP Post Login.png_thumb](/public/imported_attachments/1/CP Post Login.png_thumb)