Using Captive Portal AND the Active Directory Logon Script

[appleoddity]

I must've been unsubscribed to the thread. I'm glad there is some renewed interest here.

I will concur that the solution I listed in the initial post has not been successful. It does work, but for some reason, at random times the captive portal will pop up on users that are still authenticated through the logon script. I lack a proper understanding of how this is all tied together in untangle and so this truly is a hack.

Dmorris, I am curious if you can provide more details about the database inconsistency. Its been a while now, but I remember also looking at the database and finding where the entries were for captive portal. Are you suggesting that if the script is enhanced to also delete the necessary items from the database that this might be successful?

@Frust, yes, anybody can call the script and disable the captive portal page. However, there are two reasons this is unimportant to me. First, there isn't much chance any user on my network is going to have enough skill to figure out the URL. Secondly, even if they do, with the proper policies you are able to block any "unauthenticated" traffic. So, just because they disable the captive portal does not mean they can just do whatever they want. It just means that they have failed to authenticate and the traffic can be handled accordingly.

For quite some time I have disabled the captive portal and given unauthenticated users open, but filtered access to the internet. The idea of forcing people to login who are already authenticated through the AD script is ridiculous and I really hope there is an "official" fix for this problem soon. Until then, no captive portal for me, unless I start hacking again myself.

[mseelig]

Hi everybody,

I really was looking for a solution to that subject. Finally I wrote a adautologin.jsp, which does exactly what we all want.

Installation:
--------------
Copy the attachment adautologin.jsp into the folder
/usr/share/untangle/web/adpb

Integration in Active Directory Logon Script:
-----------------------------------------------
Replace 'registration' with 'adautologin.jsp', and remove the action=login parameter:

Code:

  command = URL_PREFIX+"://"+ServerName+"/adpb/adautologin.jsp?username="+strUser+"&domain="+strDomain+"&hostname="+strHostname

Be aware, that this script does not check any passwords, as it expects that it is executed from the AD login script! So therefore the script might be a potentionally security hole, but this risk you have already if you work with the Active Directory Login Script without Captive Portal, because they also do not pass passwords from the active directory login script.

You can test the feature with the following url directly:
untangleserver/adpb/adautologin.jsp?username=xxxxx&domain=xyz.com&hostname=myworkstation


There is one little dirty hack in the Script, I want point you. Unfortunately the cache object to update the Captive Portal Login Information "assistant" is a private class member of the CPDPhoneBookAssistant object, so we have to access this assistant object by java reflection api.

The script works very stable, and the results are as expected.

Feel free to use it and have fun!

Regards,
Michael

[mseelig]

Hi everybody,

unfornately there was a bug in the adautologin.jsp, so the user was not logged in the first time after captive portal session was expired. Find a fixed version attached to this post.

Regards,
mseelig

[mseelig]

I made a new solution, which is working perfectly with the current 9.0.1 build of untangle. Please take a look at the following thread:
http://forums.untangle.com/hacks/248...-untangle.html