Bug #9064
closed
voucher to device binding
0%
Description
dear all,
in version 2.4.4 we cant enforce one voucher per same device always. some naughty user switch from one to other device with same voucher but in 2.4.3-1 and previous versions this feature was working perfectly only by checking two options
1. Disable concurrent user login
2. Enable pass-through mac
Files
Updated by Jim Pingle almost 7 years ago
- Category set to Captive Portal
- Priority changed from Urgent to Normal
- Affected Version set to 2.4.4
- Affected Architecture All added
- Affected Architecture deleted (
)
Updated by A FL almost 7 years ago
This is actually not a bug.
If the MAC address of the previous computer has been added as pass-through, "Disable concurrent user login" is not supposed to disconnect it.
This is precisely the purpose of "pass-through MAC" option : any pass-through MAC will bypass the captive portal, regardless of what the captive portal says.
As far as I understand your use case, I would recommend you to disable "Pass-through MAC" and to set up a very long timeout for your vouchers (e.g., 1 year or more?).
This way, you would still enforce one device per voucher.
Updated by Jim Pingle almost 7 years ago
If the voucher adds a pass-thru MAC, then you could also make the voucher only last 1 minute. Smaller window for abuse that way. The voucher doesn't need to be active any longer than the minimum time possible, after the first login, the pass-through MAC allows them.
Given that the behavior changed between 2.4.3 and 2.4.4 there may be an issue here but I'm not sure it is worth spending a ton of effort tracking down when there are superior alternative solutions.
Updated by ishtiaq ahmad almost 7 years ago
A FL wrote:
This is actually not a bug.
If the MAC address of the previous computer has been added as pass-through, "Disable concurrent user login" is not supposed to disconnect it.
This is precisely the purpose of "pass-through MAC" option : any pass-through MAC will bypass the captive portal, regardless of what the captive portal says.
As far as I understand your use case, I would recommend you to disable "Pass-through MAC" and to set up a very long timeout for your vouchers (e.g., 1 year or more?).
This way, you would still enforce one device per voucher.
i tried you way @A FL by unchecking the disabling the concurrent logins,, but the result is same most recent login is login is active in status>Captive portal> Active user..
Updated by ishtiaq ahmad almost 7 years ago
Jim Pingle wrote:
If the voucher adds a pass-thru MAC, then you could also make the voucher only last 1 minute. Smaller window for abuse that way. The voucher doesn't need to be active any longer than the minimum time possible, after the first login, the pass-through MAC allows them.
Given that the behavior changed between 2.4.3 and 2.4.4 there may be an issue here but I'm not sure it is worth spending a ton of effort tracking down when there are superior alternative solutions.
my voucher are for 43200 mints and i want to enforce to enforce at same device.
Updated by Jim Pingle almost 7 years ago
If you add a pass-through MAC, the time on the voucher is irrelevant. Don't set it that long.
Updated by ishtiaq ahmad almost 7 years ago
Jim Pingle wrote:
If you add a pass-through MAC, the time on the voucher is irrelevant. Don't set it that long.
always create 43200 mints voucher and mac is automatically removed form Service>Captive Portal>MAC as soon as time expire.
problem only arises in version 2.4.4
Updated by A FL almost 7 years ago
would it be possible to close this issue?
Alternate solutions have been given and this behaviour will likely not be updated.
Updated by Renato Botelho almost 7 years ago
- Status changed from New to Not a Bug