Bug #2155
closed
CP sends voucher as username to RADIUS when "re-auth every minute enabled"
0%
Description
When using Captive Portal + RADIUS + vouchers then CaptivePortal sends the voucher code as username to RADIUS when "reauthenticate user every minute" is enabled. This leads to that RADIUS disconnects the "voucher" because it is an unknown username which is not in FreeRADIUS users.
When someone enters the voucher for the very first time than CP is not sending the voucher code to freeradius, which is correct. So we should make sure that vouchers will not be sent to RADIUS or vouchers first will be checked against voucher database and if it doesn't match then will be sent to RADIUS.
In an environment where an WLAN-AP is protected with WPA2-Enterprise (PEAP) the users can authenticate to the WLAN-AP using a username/password which is in FreeRADIUS -> Users. So WLAN traffic is encrypted and cannot be sniffed easily. And to gain access to the internet there will be a voucher and CP.
Updated by Anonymous over 9 years ago
- Status changed from New to Feedback
- Assignee set to Jim Pingle
Fixed via PR https://github.com/pfsense/pfsense/pull/2127
JimP: Please review
Updated by Jim Pingle over 9 years ago
- Status changed from Feedback to Resolved
Seems to be OK. Tested it and it seems to work OK here with RADIUS and vouchers enabled.