Captive Portal autologin function better than MAC passthrough
|Status:||Needs Patch||Start date:||08/16/2012|
|Affected version:||2.1||Affected Architecture:|
We use pfsense in an apartment hotel to organize the network. As portal server we use Antamedia at the moment. We want to replace it by the captive portal function of pfense what is in principle possible, but users request an autologin function supporting multiple devices.The current "Pass-through MAC" function isn't usable for this because
- in pfsense is no log when authentificated computer logs in neither in "system -> portal auth" nor "status -> captive portal"
- A MAC id in passthrough list ist linked to a user. If user will be deleted the linked mac id should be deleted also
- MAC authentificated aren't in any accounting list because it doesn't replace the MAC id to a user/pw towards a radius server.
An autologin function could be realized in two possible ways:
Option 1: (like in Mikrotik)
Write a cook ie while login. When reentering the captive portal the cookie is checked and if valid it logs the user in. Each user can have multiple cookies for several devices.
Disadvantage: user must always open the browser
Option 2: (like in Antamedia)
Store a list of Mac Ids per user during first login with a new device. When connecting next time read the mac id of the unauthentificated device. If found in the mac id list use the linked user with same handling as he would have entered user/pw. There user mangager (or radius server), logs and dashboard work as usual.
Advantage: works with other software then browser (eg. Skype, FTP etc.)
Disadv.: more complex then the cookie option
Thank you for thinking about this feature.