Netgate SG-1000 microFirewall

Author Topic: How to Captive Portal Self Registration Using Free radius & Mysql (Tutorial)  (Read 67403 times)

0 Members and 1 Guest are viewing this topic.

Offline khan

  • Jr. Member
  • **
  • Posts: 32
  • Karma: +13/-0
    • View Profile
Captive Portal Self Registration Using Free radius & Mysql Tested with 2.0.2-RELEASE (i386) built on Fri Dec 7 16:30:14 EST 2012 in vmware 8.

Quote
Caution : this procedure was perfect for me. Please use at your own risk & make backup.
You need few thing to do this

1.   php-mysql support in pfsense. Default is disabled. follow this post to do it

http://forum.pfsense.org/index.php/topic,47150.0.html

your command should be

Quote
pkg_info -r http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/php52-mysql-5.2.13_3.tbz

and

Quote
pkg_add -rfi http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/php52-mysql-5.2.13_3.tbz

tips: according to his (sash99) post some package dependencies should occur. But I did not found 1. what I did..
1.   in command added package with
Quote
pkg_add -rfi http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/php52-mysql-5.2.13_3.tbz
2.   in command
 
Quote
/etc/rc.php_ini_setup
3.   installed freeradius2 package from system/package
4.   rebooted pfsense
5.   in command

Quote
touch /etc/php_dynamodules/php52-mysql
6.   rebooted pfsense.

Step 2
Config pfsense freeradius according to this doc
http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package
and for sql  support
http://forum.pfsense.org/index.php/topic,43675.msg235475.html#msg235475
add extra table using reg_users.sql.txt file sql command or u can rename this to reg_users.sql and import via phpmyadmin

I hav added database file  also.




step 3

now rename every file & remove “.txt” from file name ie

 captiveportal-cp_reg_suc.php.txt to captiveportal-cp_reg_suc.php
captiveportal-bootstrap.min.css.txt to captiveportal-bootstrap.min.css

and so …

now edit
captiveportal-cp_reg_suc.php in line 104 insert your sql server ipaddress & password.

Upload evry file in captive file manager except
cp_portal.php
cp_error.php

in captive portal main page
enable captive portal in Lan
check Disable concurrent logins
in Authentication section
check RADIUS Authentication
in ipaddress box ------------- 127.0.0.1
port box ----------- 1812
sharedsecret box -----------your shared secret
in Accounting check send RADIUS accounting packets
in port ----------- 1813
Accounting updates ----- check strat stop
In RADIUS NAS IP attribute select your lan.

insert cp_portal.php in “Portal page contents”
cp_error.php in “Authentication error page contents”.
 Save. And you are ready to go.

Important
1. you should change php file content according to your need.

2. be aware about adding php-mysql package you may not be lucky as i was. if anything goes wrong follow "sash99" post carefully.

3. in my captive portal page i have some security like a client with a mac address can only register one account.


please let me know your experiences.
« Last Edit: December 31, 2012, 01:40:09 pm by khan »

Offline khan

  • Jr. Member
  • **
  • Posts: 32
  • Karma: +13/-0
    • View Profile
php & sql file added

Offline Nachtfalke

  • Hero Member
  • *****
  • Posts: 2888
  • Karma: +28/-1
    • View Profile
@khan

I didn't test your tutorial or the one from the forum user you pointed some links to but I would ask if it would be ok to add this to the pfsense freeradius2 doc ? The pfsense documentation could be an centralized point where everyone can find information about freeradius2 package and information about things which go further.

I just would like to add a link to the documentation if you allow :-)

Offline khan

  • Jr. Member
  • **
  • Posts: 32
  • Karma: +13/-0
    • View Profile
@Nachtfalke

Sure. any kinds of help i can,  for pfsense & its community.

Offline Nachtfalke

  • Hero Member
  • *****
  • Posts: 2888
  • Karma: +28/-1
    • View Profile

Offline sash99

  • Jr. Member
  • **
  • Posts: 36
  • Karma: +3/-0
    • View Profile
glad someone found my post useful - just a note this later post about  how to get a fully functional webserver might be a bit easier for people to understand then my original post..  for setting up mysql and for phpmyadmin within your pfsense  machine

http://forum.pfsense.org/index.php/topic,47086.0.html
« Last Edit: January 04, 2013, 07:55:50 pm by sash99 »

Offline jemsenator

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Hello
I am wondering the reason no one has commented on his experience of using the solution provided by Khan, the forum needs to know user experiences so we can improve if there is any bug or errors or even difficulties, Please, if you have tested or tried this, share your experience, if you are scared to give it a try, also share your fear(s).

Thank you

Offline sash99

  • Jr. Member
  • **
  • Posts: 36
  • Karma: +3/-0
    • View Profile
well I decided to give it a try to see how it would work. on a fresh install of amd64 machine  i have the  phpmyadmin and mysql installed o locally on pfsense  freeradius2 and mysql are function as they should. just not  getting the the captive portal  self registration to work

several problems so far that I noticed

I try to register and it gives me this error
_____________________

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/db/cpelements/captiveportal-cp_reg_suc.php on line 115
×
Registration Successfull. Please visit Login page to login

__________________________

but you do not get access and no errors are displayed when logging in

also if I enter in on purpose the incorrect user name and password on  it does not  redirect me to the error page.

would you have a general idea what might be wrong ???

Offline sash99

  • Jr. Member
  • **
  • Posts: 36
  • Karma: +3/-0
    • View Profile
when I do radtest while connected to mysql all seams fine to that point

radtest test test123 127.0.0.1:1812 0 testing123
Sending Access-Request of id 129 to 127.0.0.1 port 1812
        User-Name = "test"
        User-Password = "test123"
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=129, length=20

as you can see here

and these radtest entries are the only ones that can be found in the mysql data base

also
captiveportal-cp_reg_suc.php  line was modified to

$con = mysql_connect("127.0.0.1","radius","radpass");

to match  my settings
« Last Edit: January 10, 2013, 11:09:40 pm by sash99 »

Offline khan

  • Jr. Member
  • **
  • Posts: 32
  • Karma: +13/-0
    • View Profile


several problems so far that I noticed

I try to register and it gives me this error
_____________________

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/db/cpelements/captiveportal-cp_reg_suc.php on line 115
×
this line in captiveportal-cp_reg_suc.php checks the mac address  of the system trying to register if already in database.
What is your database table structure? in my database i have added an extra table named "reg_users". do u have that table in your database? if not please add that using sql file provided.

anyway (if not resolved)

in line114 in captiveportal-cp_reg_suc.php

replace
Quote
$result = mysql_query("SELECT * FROM reg_users WHERE macaddress = '$macaddress'");
with
Quote
$result = mysql_query("SELECT * FROM reg_users WHERE macaddress = '$macaddress'")or die(mysql_error());

this will tell you the cause of error. please post the error.
« Last Edit: January 11, 2013, 06:30:05 am by khan »

Offline sash99

  • Jr. Member
  • **
  • Posts: 36
  • Karma: +3/-0
    • View Profile
good morning khan
well I see that I forgot to import your sql tables.  which I did now. I no longer get the error mentioned above no errors mentioned at all actually. but I still do not get access either. I looked through my sql data base  and I can not find  my log in entries any where. does not seam to enter them into the data base

theses are the tables I have in my radius data base
cui
nas
radacct
radcheck
radgroupcheck
radgroupreply
radippool
radpostauth
radreply
radusergroup
reg_users
wimax

are all the table there that suppose to be..??? is there possibly another table I missed importing....
I thought I imported them all, some that that I importerd do not display as tables though

thank you for your time
sash

Offline sash99

  • Jr. Member
  • **
  • Posts: 36
  • Karma: +3/-0
    • View Profile
well rebuilt pfsense amd64 firewall again , with full web host abilities and mysql. ( basically the same as doing it for i386 just change the i386 to amd86 ie:

pkg_info -r http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/php52-mysql-5.2.13_3.tbz

to

pkg_info -r http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/amd64/8.1-RELEASE/packages/All/php52-mysql-5.2.13_3.tbz

 but still no go with the self register. no entries added into the  database.  mysql server/client working  with in pfsense fine as I can build websites with mysql database in them ( ie joolma etc ) plus phpmyadmin is working fine too on the pfsense machine..

it probably something simple I just do not know what going wrong and where..

where can I manual add a user into the data base and its format.  atleast then I would be able to narrow down the problem, by verify that that login works via the database. I know that the page talks to the data base as it was popping up the error earlier due to the missing table (reg_users). now I want to see if it reads the database. then at least I will know that it only a write problem.

thank you for your time
sash


Offline sash99

  • Jr. Member
  • **
  • Posts: 36
  • Karma: +3/-0
    • View Profile
okay this has me stumped for now..
I reinstalled  the computer as i386 pfsense instead of amd64
 and what I have learned
for some strange reason the error page works on the I386  version and not the amd64 version

radtest  seams to work  fine it sends data to mysql so  freeradius and mysql are working fine as it enter mysql data entries into it automatically

 if I install the radius data base with out  reg_user table   the self registration  captive portal page see that it missing table   and fails on  registration .so    captive portal seems to be configure correctly as the  self registration webpage has access to the radius database because  of the table error

if If have the reg_user  table imported.  into radius database   I no longer  get an error.

  But it does not write anything into reg_user table upon completion of registration  ( so it tells me i have  no write capability or  some sort un seen  mysql error happening  that prevents it from writing)

if I manual enter in a  user via insert in phpmyadmin into the  reg_users . I also have  have no access and the  self registration  web page  flags that as an unknown user.. so it  it can not read reg_user table for some reason either ..

it a funny problems and I know very little of mysql to be able debug it easily   -- well lets see if any one can successfully get  this self registration page to work.. as at this point I can not  , or at least on a single  pfsense machine  firewall/web serve/database machine anyways..


Offline khan

  • Jr. Member
  • **
  • Posts: 32
  • Karma: +13/-0
    • View Profile
Quote
if I manual enter in a  user via insert in phpmyadmin into the  reg_users . I also have  have no access and the  self registration  web page  flags that as an unknown user.. so it  it can not read reg_user table for some reason either ..

actually "reg_users" table is not necessary for captive portal this table is for monitoring user registration with extra field & cheks mac based security. free radius checks only "radcheck" for user & password. you can manually enter there.

Quote
But it does not write anything into reg_user table upon completion of registration  ( so it tells me i have  no write capability or  some sort un seen  mysql error happening  that prevents it from writing)

from your configuration i think you dont have permition to write in mysql database. this can be caused if  you dont have permission to write in that folder/disk. or your mysql user privilege is not enough.

can u please send me your mysql server details.


my system is running with 20 registered user & increasing every day.

Offline khan

  • Jr. Member
  • **
  • Posts: 32
  • Karma: +13/-0
    • View Profile
@sash99

I have tested your config in vmware 9 environment with 2.0.2-RELEASE (i386). what i did
1. installed pfsense.
2. installed mysql & vhost according to your post.
3. installed php52-mysql as i mentioned before.
4. installed free radius2.
5. config them all
6. uploaded all the captive portal file.

but everything seems ok for me. i can register & data also available in database.

if u are interested i can upload the vmware image.

sorry to mention before..... i file (main css "bootrtrap.min.css") missing in my captiveportal file list, for which design was not perfect. added in this post.

can any moderator would be kind to attach this file in my main post please??