Bug #2377
closed
Captive portal fails on empty RADIUS password
Added by Michael Newton over 12 years ago.
Updated over 11 years ago.
Description
An empty password is not sent to the RADIUS server for verification, it just produces an error. PHP code is checking for a password value, when it means to check if the field was sent. The attached patch will fix things up; also fixed some whitespace problems in the vicinity.
Files
Sorry, should be under category "Captive Portal" but I can't make that change now.
- Category set to Captive Portal
- Target version set to 2.1
- Affected Version set to 2.1
Why do you need an empty pass?
When using a captive portal, the need is often to display T&C and prevent casual users from getting access, not to provide comprehensive AAA.
Since the RFC doesn't require any password value, I guess the relevant question is "why doesn't pfSense allow an empty pass?"
No updates on this? There seems to be little interest in any changes to RADIUS handling, I keep seeing "why do you need this" when users ask for anything...
Also, with such a low-risk patch there's no reason it couldn't be included in a 2.0x release.
Do you still have a copy of your patch? The attached file produces a 404 here.
I recently submitted a pull request [1] that fixes the problem that an empty secret key for RADIUS servers 2-4 results in them not being used at all (as they are not written to file without a secret key), although the GUI states that an empty secret key is allowed and also accepts it.
[1] https://github.com/bsdperimeter/pfsense/pull/320
- Status changed from New to Feedback
Pull request 357 was merged.
- % Done changed from 0 to 100
- Status changed from Feedback to Closed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by Ermal Luçi 
Updated by 
Updated by