Project

General

Profile

Actions

Bug #2155

closed

CP sends voucher as username to RADIUS when "re-auth every minute enabled"

Added by Alexander Wilke about 12 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Captive Portal
Target version:
-
Start date:
01/30/2012
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

When using Captive Portal + RADIUS + vouchers then CaptivePortal sends the voucher code as username to RADIUS when "reauthenticate user every minute" is enabled. This leads to that RADIUS disconnects the "voucher" because it is an unknown username which is not in FreeRADIUS users.

When someone enters the voucher for the very first time than CP is not sending the voucher code to freeradius, which is correct. So we should make sure that vouchers will not be sent to RADIUS or vouchers first will be checked against voucher database and if it doesn't match then will be sent to RADIUS.

In an environment where an WLAN-AP is protected with WPA2-Enterprise (PEAP) the users can authenticate to the WLAN-AP using a username/password which is in FreeRADIUS -> Users. So WLAN traffic is encrypted and cannot be sniffed easily. And to gain access to the internet there will be a voucher and CP.

Actions #1

Updated by Anonymous over 8 years ago

  • Status changed from New to Feedback
  • Assignee set to Jim Pingle

Fixed via PR https://github.com/pfsense/pfsense/pull/2127

JimP: Please review

Actions #2

Updated by Jim Pingle over 8 years ago

  • Status changed from Feedback to Resolved

Seems to be OK. Tested it and it seems to work OK here with RADIUS and vouchers enabled.

Actions

Also available in: Atom PDF