[PFsense] Captive Portal Local認證+Radius
最近替一間學校的圖書館放了一台PFsense
要幫fat AP做captive portal..
PFsense預設只能選擇一種認證方式,
所以免不了要改程式…
請用shell方式登入
編輯/usr/local/captiveportal/index.php
找
} else if ($_POST['accept'] && $config['captiveportal']['auth_method'] == "local") {
//check against local usermanager
$userdb = &$config['captiveportal']['user'];
$loginok = false;
//erase expired accounts
if (is_array($userdb)) {
$moddb = false;
for ($i = 0; $i < count($userdb); $i++) {
if ($userdb[$i]['expirationdate'] && (strtotime("-1 day") > strtotime($userdb[$i]['expirationdate']))) {
unset($userdb[$i]);
$moddb = true;
}
}
if ($moddb)
write_config();
$userdb = &$config['captiveportal']['user'];
for ($i = 0; $i < count($userdb); $i++) {
if (($userdb[$i]['name'] == $_POST['auth_user']) && ($userdb[$i]['password'] == md5($_POST['auth_pass']))) {
$loginok = true;
break;
}
}
}
if ($loginok){
captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN");
portal_allow($clientip, $clientmac,$_POST['auth_user']);
} else {
captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE");
portal_reply_page($redirurl, "error");
}
把他們全部註解掉 or 刪除
再找
} else if ($_POST['accept'] && $radius_enable) {
if ($_POST['auth_user'] && $_POST['auth_pass']) {
$auth_list = radius($_POST['auth_user'],$_POST['auth_pass'],$clientip,$clientmac,"USER LOGIN");
if ($auth_list['auth_val'] == 1) {
captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR",$auth_list['error']);
portal_reply_page($redirurl, "error", $auth_list['error']);
}
else if ($auth_list['auth_val'] == 3) {
captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE",$auth_list['reply_message']);
portal_reply_page($redirurl, "error", $auth_list['reply_message']);
}
} else {
captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR");
portal_reply_page($redirurl, "error");
}
改成
} else if ($_POST['accept'] && $radius_enable) {
//check against local usermanager
$userdb = &$config['captiveportal']['user'];
$loginok = false;
//erase expired accounts
if (is_array($userdb)) {
$moddb = false;
for ($i = 0; $i < count($userdb); $i++) {
if ($userdb[$i]['expirationdate'] && (strtotime("-1 day") > strtotime($userdb[$i]['expirationdate']))) {
unset($userdb[$i]);
$moddb = true;
}
}
if ($moddb)
write_config();
$userdb = &$config['captiveportal']['user'];
for ($i = 0; $i < count($userdb); $i++) {
if (($userdb[$i]['name'] == $_POST['auth_user']) && ($userdb[$i]['password'] == md5($_POST['auth_pass']))) {
$loginok = true;
break;
}
}
}
if ($loginok){
captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN");
portal_allow($clientip, $clientmac,$_POST['auth_user']);
} else {
if ($_POST['auth_user'] && $_POST['auth_pass']) {
$auth_list = radius($_POST['auth_user'],$_POST['auth_pass'],$clientip,$clientmac,"USER LOGIN");
if ($auth_list['auth_val'] == 1) {
captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR",$auth_list['error']);
portal_reply_page($redirurl, "error", $auth_list['error']);
}
else if ($auth_list['auth_val'] == 3) {
captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE",$auth_list['reply_message']);
portal_reply_page($redirurl, "error", $auth_list['reply_message']);
}
} else {
captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR");
portal_reply_page($redirurl, "error");
}
}
觀念很簡單…
只是把原本註解的Local認證…
改到判斷radius的地方..
優先從Local認證…
失敗後…再判斷radius…
改完後…
請把預設選項設定成RADIUS authentication
尚無回應.