Captive portal fails on empty RADIUS password
|Affected version:||2.1||Affected Architecture:|
An empty password is not sent to the RADIUS server for verification, it just produces an error. PHP code is checking for a password value, when it means to check if the field was sent. The attached patch will fix things up; also fixed some whitespace problems in the vicinity.
#1 Updated by Michael Newton about 1 year ago
Sorry, should be under category "Captive Portal" but I can't make that change now.
#2 Updated by Chris Buechler about 1 year ago
- Category set to Captive Portal
- Target version set to 2.1
- Affected version set to 2.1
#4 Updated by Michael Newton 9 months ago
When using a captive portal, the need is often to display T&C and prevent casual users from getting access, not to provide comprehensive AAA.
Since the RFC doesn't require any password value, I guess the relevant question is "why doesn't pfSense allow an empty pass?"
#5 Updated by Michael Newton 5 months ago
No updates on this? There seems to be little interest in any changes to RADIUS handling, I keep seeing "why do you need this" when users ask for anything...
Also, with such a low-risk patch there's no reason it couldn't be included in a 2.0x release.
Do you still have a copy of your patch? The attached file produces a 404 here.
I recently submitted a pull request  that fixes the problem that an empty secret key for RADIUS servers 2-4 results in them not being used at all (as they are not written to file without a secret key), although the GUI states that an empty secret key is allowed and also accepts it.
#8 Updated by Michael Newton 5 months ago
That pull request was not for this issue. Please see https://github.com/bsdperimeter/pfsense/pull/357 for the patch allowing an empty password on the captive portal to be passed to RADIUS. Thanks.