Captive portal "authentication failed"

Started by rwhitton, April 16, 2025, 07:17:25 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 16, 2025, 07:17:25 PM
I've been using a captive portal for a guest wifi network for a long time without a problem. Recently due to a hardware failure I had to move to new (identical) hardware. I restored my config from backup. Subsequently I just found, some weeks later, that my captive portal no longer works. I get the landing page without a problem but all attempts to sign in (local database) get "authentication failed". I've tried deleting and recreating the captive portal, deleting the database etc all with no joy. Nothing in the captive portal log file at all.

Then I noticed that in the backend log file I get these clearly related errors:

2025-04-16T17:55:36   Error   configd.py   [d556c8a3-baa1-4358-b8fa-fb2d3b421855] Script action failed with Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py --zoneid='0' --username='guest' --ip_address='192.168.200.103' --authenticated_via='Local Database'' returned non-zero exit status 2. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 78, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.11/subprocess.py", line 413, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py --zoneid='0' --username='guest' --ip_address='192.168.200.103' --authenticated_via='Local Database'' returned non-zero exit status 2.

Huh - but those arguments should be passed with a single "-" and not with "--". Let's test it from the command line:

root@bosk:/usr # /usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py --zoneid='0' --username='guest' --ip_address='192.168.200.103' --authenticated_via='Local Database'root@bosk:/usr # /usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py --zoneid='0' --username='guest' --ip_address='192.168.200.103' --authenticated_via='Local Database'
usage: allow.py [-h] -username USERNAME -zoneid ZONEID [-authenticated_via AUTHENTICATED_VIA] [-ip_address IP_ADDRESS]
allow.py: error: the following arguments are required: -username, -zoneid
root@bosk:/usr # echo $?
2
root@bosk:/usr #

So now if I try it with single dashes:

root@bosk:/usr # /usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py -zoneid='0' -username='guest' -ip_address='192.168.200.103' -authenticated_via='Local Database'
{"zoneid":"0","authenticated_via":"Local Database","userName":"guest","ipAddress":"192.168.200.103","macAddress":null,"startTime":1744823522.2908046,"sessionId":"YYEtFOnxAm9ihn+yuvvgPg==","clientState":"AUTHORIZED"}
root@bosk:/usr # echo $?
0
root@bosk:/usr #

So that works fine. Does anybody know how to fix this? Or know how it got into this state? Does anybody know where the allow.py script is invoked from?

Many thanks,

Rob





April 16, 2025, 08:01:49 PM #1
Well I found allow.py was invoked from: /usr/local/opnsense/service/conf/actions.d/actions_captiveportal.conf

I took a backup and then edited the file to replace all instances of "--" with "-". This fixed up allow.py and set_session_restrictions.py which seemed to have the same issue.

I couldn't quickly see a way to restart the captive portal service so I rebooted the server.

Problem solved, but rather concerning how it got into this state.

If anybody has any ideas or further info I'd love to hear from you.

April 17, 2025, 12:15:19 PM #2
Did you install the hotfix?
April 17, 2025, 05:32:25 PM #3
When the problem came to my attention I was running 25.1.4
Print
Go Up Pages1
User actions