Bug #2377

Captive portal fails on empty RADIUS password

Added by Michael Newton about 1 year ago. Updated 3 months ago.

Status:Closed Start date:04/16/2012
Priority:Normal Due date:
Assignee:- % Done:

100%
Category:Captive Portal
Target version:2.1
Affected version:2.1 Affected Architecture:

Description

An empty password is not sent to the RADIUS server for verification, it just produces an error. PHP code is checking for a password value, when it means to check if the field was sent. The attached patch will fix things up; also fixed some whitespace problems in the vicinity.

pfsense_radius_empty_password.diff Magnifier (1.3 kB) Michael Newton, 04/16/2012 08:07 pm

History

#1 Updated by Michael Newton about 1 year ago

Sorry, should be under category "Captive Portal" but I can't make that change now.

#2 Updated by Chris Buechler about 1 year ago

  • Category set to Captive Portal
  • Target version set to 2.1
  • Affected version set to 2.1

#3 Updated by Ermal Luçi about 1 year ago

Why do you need an empty pass?

#4 Updated by Michael Newton 9 months ago

When using a captive portal, the need is often to display T&C and prevent casual users from getting access, not to provide comprehensive AAA.

Since the RFC doesn't require any password value, I guess the relevant question is "why doesn't pfSense allow an empty pass?"

#5 Updated by Michael Newton 5 months ago

No updates on this? There seems to be little interest in any changes to RADIUS handling, I keep seeing "why do you need this" when users ask for anything...

Also, with such a low-risk patch there's no reason it couldn't be included in a 2.0x release.

#6 Updated by Cyrill B 5 months ago

Do you still have a copy of your patch? The attached file produces a 404 here.

I recently submitted a pull request [1] that fixes the problem that an empty secret key for RADIUS servers 2-4 results in them not being used at all (as they are not written to file without a secret key), although the GUI states that an empty secret key is allowed and also accepts it.

[1] https://github.com/bsdperimeter/pfsense/pull/320

#7 Updated by Ermal Luçi 5 months ago

  • Status changed from New to Feedback

Merged the pull request.

#8 Updated by Michael Newton 5 months ago

That pull request was not for this issue. Please see https://github.com/bsdperimeter/pfsense/pull/357 for the patch allowing an empty password on the captive portal to be passed to RADIUS. Thanks.

#9 Updated by Renato Botelho 5 months ago

Pull request 357 was merged.

#10 Updated by Renato Botelho 4 months ago

  • % Done changed from 0 to 100

#11 Updated by Renato Botelho 3 months ago

  • Status changed from Feedback to Closed

Also available in: Atom PDF