Big trouble with Captive Portal

Started by josuanbn, August 15, 2017, 12:41:13 AM

Previous topic - Next topic
Hi

In a few of opnsense installations, after a hard reset or power failure, authentication on Captive Portal does not work anymore (even if I maintain Captive Portal enabled, but with no authentication). If you check the user and password directly at the GUI it works.

In System-> Log I found this messages:
With authentication enabled (Local database and vouchers):

Quoteconfigd.py: [fce26331-e5a4-474b-9d94-d24b594f9f7a] Script action failed with Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py /zoneid "0" /username "anonymous@172.16.200.152" /ip_address "172.16.200.152" /authenticated_via "" /output_type "json"' returned non-zero exit status 1 at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 477, in execute stdout=output_stream, stderr=error_stream) File "/usr/local/lib/python2.7/subprocess.py", line 541, in check_call raise CalledProcessError(retcode, cmd) CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py /zoneid "0" /username "anonymous@172.16.200.152" /ip_address "172.16.200.152" /authenticated_via "" /output_type "json"' returned non-zero exit status 1

Without authentication:
Quoteconfigd.py: [2970966c-ce01-4e04-b2e2-88e40ef606d3] Script action failed with Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py /zoneid "0" /username "anonymous@172.16.10.146" /ip_address "172.16.10.146" /authenticated_via "" /output_type "json"' returned non-zero exit status 1 at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 477, in execute stdout=output_stream, stderr=error_stream) File "/usr/local/lib/python2.7/subprocess.py", line 541, in check_call raise CalledProcessError(retcode, cmd) CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py /zoneid "0" /username "anonymous@172.16.10.146" /ip_address "172.16.10.146" /authenticated_via "" /output_type "json"' returned non-zero exit status 1

I tried to delete and re create the Captive Portal, install the last update of opnsense, restart the FW, check disk in mono user mode, but at the moment, only a full reinstall solves the problem.

Can you help me?

Thanks for your time

Josua

Hi Josua,

Can you execute the following in a console and post the output?

/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py /zoneid "0" /username "anonymous@172.16.200.152" /ip_address "172.16.200.152" /authenticated_via "" /output_type "json"


This should return crash output.

Best regards,

Ad

August 15, 2017, 11:32:47 PM #2 Last Edit: August 16, 2017, 11:07:04 AM by josuanbn
Hi

The output is:

Traceback (most recent call last):
  File "/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py", line 62, in <module>
    mac_address=mac_address
  File "/usr/local/opnsense/scripts/OPNsense/CaptivePortal/lib/db.py", line 126, in add_client
    """, response)
sqlite3.DatabaseError: database disk image is malformed


I think I solved the problem executing this:

cd /var/captiveportal
echo '.dump'|sqlite3 captiveportal.sqlite|sqlite3 repaired.sqlite
mv captiveportal.sqlite corrupt_captiveportal.sqlite
mv repaired.sqlite captiveportal.sqlite


[edit]
The repair of the bbdd has worked only a few minutes.

The solution I found is:

1.- Manually remove o rename captiveportal.sqlite at /var/captiveportal
2.- Delete captive portal zones in Opnsense Gui
3.- Re-create captive portal zones: this create a new captiveportal.sqlite bbdd without errors.

[end of edit]

Thanks for your help!

Josua

Hi Josua,

Good to hear you solved your problem, it looks like we should add an integrity check in captive portal as we have for network insight (both use sqlite).

Your repair probably created an empty database, which happens when there are parts of the data that can't be recovered (there's a rollback at the end of the dump).

I've recently improved our repair option for network insight, I will add the same in the captive portal process too, which should help when the database get corrupted.

Best regards,

Ad