Messages

The solution to the authorization problem is solved here

https://github.com/opnsense/core/commit/413f49c3ef68c0269a7163410b01a19c7a2fa4b5#diff-a83c0e9291cd5f0655cbd690b0bfaaef4b91db4ca9e04a4f36520ec2777d29c9

works! thanks

Hotfix is now available.

ty!
Just to be sure, it doesn't need a full restart, right? Just the captiveportal restart by hotfix?

Same problem with CP and 25.1.5_4

The log shows successful authentication:
2025-04-14T11:55:45 Informational captiveportal AUTH myuser (xx.xx.xx.xx) zone 0

The CP web frontend displays "Authentication failed" and access to other networks is not possible.

Setup:
Captive Portal is configured on a WireGuard interface for clients
Authentication method: LDAP + OTP

LDAP without OTP also fails → not related to OTP or token order
Local database authentication doesn't work either

OPNsense LDAP authentication works (ldap user login on OPNsense with Lobby:Password priveleges)
If on the CP a wrong password is entered on purpose, CP does correct logging:
2025-04-14T12:00:39    Informational    captiveportal    DENY myuser (xx.xx.xx.xx) zone 0

If I enter a wrong password too many times, the ldap user is locked out on the ldap server. So the whole auth CP - opnsense ldap config - ldap server seems to work fine. At least with wrong login.

Workaround:
Rollback to previous version or add WireGuard peers to CP's allowed IPs.

[block]

Thanks Legally a Shrimp for the great work with the php script!

For the instruction, point 5, firewall rule:
Please consider to choose block as action.
Since reject will send an anwser and you usually don't want this.


Also, if direction in
Source: <your alias / spamhaus_drop>
Destination is your OPNsense (or any)