Project

General

Profile

Actions
Copy link

Bug #14178

open

Captive Portal Pass-through MAC Auto Entry registering MAC address for unauthenticated users when using Pass-through credits

Added by Dean Arnold about 1 year ago. Updated 12 months ago.

Status:
New
Priority:
High
Assignee:
-
Category:
Captive Portal
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.6.x
Affected Architecture:
amd64

Description

The Captive Portal "Pass-through MAC Auto Entry" feature is adding an Allowed Client MAC address registration for unauthenticated users, when the Captive Portal is configured for "Pass-through credits per MAC address". The net result is the user is not sent to the portal authentication page when their Pass Through Credits and timeouts expire.

High level Captive Portal Setup:
  • Hard Timeout: 1
  • Pass-through credits per MAC address: 1
  • Waiting period to restore pass-through credits. (Hours): 1
  • Pass-through MAC Auto Entry: Checked/Enabled
  • Authentication: Use authentication backend -> RADIUS
Expected Behavior:
  • When client fist attaches to the guest network they should see no login/portal prompt. They are can use network/internet until their pass-through credits expire. No MAC address is registered as the user not not yet unauthenticated with the backend.
  • When pass-through credits expire, they are sent to the portal login page, and authenticate with the backend (RADIUS).
  • On Successful authentication, the client's MAC address is registered as an allowed/Pass.
  • The client can continue to use the network/internet and will not be prompted again.
Actual Behavior:
  • When client fist attaches to the guest network do not see the portal login prompt. They are can use network/internet.
  • An allowed/Pass MAC address registration is created for the user, even though in the Captive Portal Authentication log they are noted as being unauthenticated.
  • They see the login/portal prompt.

The description & documentation of the "Pass-through MAC Auto Entry" feature states "When enabled, a MAC passthrough entry is automatically added after the user has successfully authenticated". The emphasis being "after the user has successfully authenticated".

Summary: The "Pass-through MAC Auto Entry" should not create an Allowed MAC address registration for unauthenticated users. Being temporally allowed to use the portal with "Pass-through credits per MAC address" is not the same and being authenticated against a backend.

See screenshots showing Unauthenticated client log message, and the Auto added MAC address Pass record.

Note the portal works as expected, shows login/prompt pages and authenticates against RADIUS etc, when "Pass-through MAC Auto Entry" is not used.

This issues occurs on 22.05 & 23.01. I suspect it also affects 2.6 & 2.7.

Files

Download all files
Auto Added MAC Pass 8a.png (58.4 KB) Auto Added MAC Pass 8a.png Dean Arnold, 03/24/2023 08:18 PM
Unauthenticated Guest Client 8a.png (92.9 KB) Unauthenticated Guest Client 8a.png Dean Arnold, 03/24/2023 08:18 PM
Actions
Copy link
 #1

Updated by Dean Arnold about 1 year ago

Typo in the third bullet of Actual Behavior "They don't ever see the login/portal prompt."

Actions
Copy link
 #2

Updated by Dean Arnold 12 months ago

Hello, Is it possible for someone to review and prioritize this issue?

Actions
Copy link

Also available in: Atom PDF