Project

General

Profile

Bug #2155

CP sends voucher as username to RADIUS when "re-auth every minute enabled"

Added by Alexander Wilke over 7 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Captive Portal
Target version:
-
Start date:
01/30/2012
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:

Description

When using Captive Portal + RADIUS + vouchers then CaptivePortal sends the voucher code as username to RADIUS when "reauthenticate user every minute" is enabled. This leads to that RADIUS disconnects the "voucher" because it is an unknown username which is not in FreeRADIUS users.

When someone enters the voucher for the very first time than CP is not sending the voucher code to freeradius, which is correct. So we should make sure that vouchers will not be sent to RADIUS or vouchers first will be checked against voucher database and if it doesn't match then will be sent to RADIUS.

In an environment where an WLAN-AP is protected with WPA2-Enterprise (PEAP) the users can authenticate to the WLAN-AP using a username/password which is in FreeRADIUS -> Users. So WLAN traffic is encrypted and cannot be sniffed easily. And to gain access to the internet there will be a voucher and CP.

Associated revisions

Revision 6fe72c1c (diff)
Added by fischeol over 3 years ago

Bug #2155

Fix of Bug #2155

History

#1 Updated by Steve Beaver over 3 years ago

  • Status changed from New to Feedback
  • Assignee set to Jim Pingle

Fixed via PR https://github.com/pfsense/pfsense/pull/2127

JimP: Please review

#2 Updated by Jim Pingle over 3 years ago

  • Status changed from Feedback to Resolved

Seems to be OK. Tested it and it seems to work OK here with RADIUS and vouchers enabled.

Also available in: Atom PDF