Bug #9064
closed
voucher to device binding
Added by ishtiaq ahmad almost 7 years ago.
Updated almost 7 years ago.
Affected Architecture:
All
Description
dear all,
in version 2.4.4 we cant enforce one voucher per same device always. some naughty user switch from one to other device with same voucher but in 2.4.3-1 and previous versions this feature was working perfectly only by checking two options
1. Disable concurrent user login
2. Enable pass-through mac
Files
|
1.jpg (22.4 KB)
1.jpg |
|
ishtiaq ahmad, 10/24/2018 01:09 PM
|
|
- Category set to Captive Portal
- Priority changed from Urgent to Normal
- Affected Version set to 2.4.4
- Affected Architecture All added
- Affected Architecture deleted (
This is actually not a bug.
If the MAC address of the previous computer has been added as pass-through, "Disable concurrent user login" is not supposed to disconnect it.
This is precisely the purpose of "pass-through MAC" option : any pass-through MAC will bypass the captive portal, regardless of what the captive portal says.
As far as I understand your use case, I would recommend you to disable "Pass-through MAC" and to set up a very long timeout for your vouchers (e.g., 1 year or more?).
This way, you would still enforce one device per voucher.
If the voucher adds a pass-thru MAC, then you could also make the voucher only last 1 minute. Smaller window for abuse that way. The voucher doesn't need to be active any longer than the minimum time possible, after the first login, the pass-through MAC allows them.
Given that the behavior changed between 2.4.3 and 2.4.4 there may be an issue here but I'm not sure it is worth spending a ton of effort tracking down when there are superior alternative solutions.
A FL wrote:
This is actually not a bug.
If the MAC address of the previous computer has been added as pass-through, "Disable concurrent user login" is not supposed to disconnect it.
This is precisely the purpose of "pass-through MAC" option : any pass-through MAC will bypass the captive portal, regardless of what the captive portal says.
As far as I understand your use case, I would recommend you to disable "Pass-through MAC" and to set up a very long timeout for your vouchers (e.g., 1 year or more?).
This way, you would still enforce one device per voucher.
i tried you way @A FL by unchecking the disabling the concurrent logins,, but the result is same most recent login is login is active in status>Captive portal> Active user..
Jim Pingle wrote:
If the voucher adds a pass-thru MAC, then you could also make the voucher only last 1 minute. Smaller window for abuse that way. The voucher doesn't need to be active any longer than the minimum time possible, after the first login, the pass-through MAC allows them.
Given that the behavior changed between 2.4.3 and 2.4.4 there may be an issue here but I'm not sure it is worth spending a ton of effort tracking down when there are superior alternative solutions.
my voucher are for 43200 mints and i want to enforce to enforce at same device.
If you add a pass-through MAC, the time on the voucher is irrelevant. Don't set it that long.
Jim Pingle wrote:
If you add a pass-through MAC, the time on the voucher is irrelevant. Don't set it that long.
always create 43200 mints voucher and mac is automatically removed form Service>Captive Portal>MAC as soon as time expire.
problem only arises in version 2.4.4
would it be possible to close this issue?
Alternate solutions have been given and this behaviour will likely not be updated.
- Status changed from New to Not a Bug
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 