Posted on by Michael Newton

Setting NAS ID on pfSense

pfSense has a captive portal option that allows RADIUS authentication. However, it doesn’t include the option to set the NAS ID of your firewall, instead creating something automatically based on the hostname. Apply these changes (against 1.2.3-RELEASE) to enable a custom NAS ID.

--- /etc/inc/captiveportal.inc
+++ ~/captiveportal.inc
@@ -1066,11 +1066,17 @@
  */
 function getNasID()
 {
-    $nasId = "";
-    exec("/bin/hostname", $nasId);
-    if(!$nasId[0])
-        $nasId[0] = $g['product_name'];
-    return $nasId[0];
+    global $config;
+    if(!isset($config['captiveportal']['radiusnasid'])) {
+        $nasId = "";
+        exec("/bin/hostname", $nasId);
+        if(!$nasId[0])
+            $nasId[0] = $g['product_name'];
+        return $nasId[0];
+    }
+    else {
+        return $config['captiveportal']['radiusnasid'];
+    }
 }
 
 /**
--- /usr/local/www/services_captiveportal.php
+++ ~/services_captiveportal.php
@@ -76,6 +76,7 @@
 $pconfig['radiuskey'] = $config['captiveportal']['radiuskey'];
 $pconfig['radiuskey2'] = $config['captiveportal']['radiuskey2'];
 $pconfig['radiusvendor'] = $config['captiveportal']['radiusvendor'];
+$pconfig['radiusnasid'] = $config['captiveportal']['radiusnasid'];
 
 //$pconfig['radiussession_timeout'] = isset($config['captiveportal']['radiussession_timeout']);
 
@@ -177,6 +178,7 @@
 		$config['captiveportal']['radiuskey'] = $_POST['radiuskey'];
 		$config['captiveportal']['radiuskey2'] = $_POST['radiuskey2'];
 		$config['captiveportal']['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false;
+		$config['captiveportal']['radiusnasid'] = $_POST['radiusnasid'];
 		//$config['captiveportal']['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false;
 
 		/* file upload? */
@@ -223,6 +225,7 @@
 	//document.iform.bwdefaultdn.disabled = endis;
 	//document.iform.bwdefaultup.disabled = endis;
 	document.iform.reauthenticate.disabled = radius_endis;
+	document.iform.radiusnasid.disabled = radius_endis;
 	document.iform.auth_method[0].disabled = endis;
 	document.iform.auth_method[1].disabled = endis;
 	document.iform.auth_method[2].disabled = endis;
@@ -428,6 +431,15 @@
 			  <td colspan="2" class="list" height="12"></td>
 
 			<tr>
+				<td colspan="2" valign="top" class="optsect_t2">NAS ID</td>
+			</tr>
+			<tr>
+			  <td class="vncell" valign="top">NAS Identifier</td>
+			  <td class="vtable"><input name="radiusnasid" type="text" class="formfld" id="radiusnasid" size="16" value="<?=htmlspecialchars($pconfig['radiusnasid']);?/>"><br />
+			  Leave blank to generate automatically based on hostname.</td>
+			  </tr>
+			<tr>
+			</tr><tr>
 				<td colspan="2" valign="top" class="optsect_t2">Accounting</td>
 			</tr>
 			<tr>
</tr>

--- /etc/inc/captiveportal.inc +++ ~/captiveportal.inc @@ -1066,11 +1066,17 @@ */ function getNasID() { - $nasId = ""; - exec("/bin/hostname", $nasId); - if(!$nasId[0]) - $nasId[0] = $g['product_name']; - return $nasId[0]; + global $config; + if(!isset($config['captiveportal']['radiusnasid'])) { + $nasId = ""; + exec("/bin/hostname", $nasId); + if(!$nasId[0]) + $nasId[0] = $g['product_name']; + return $nasId[0]; + } + else { + return $config['captiveportal']['radiusnasid']; + } } /** --- /usr/local/www/services_captiveportal.php +++ ~/services_captiveportal.php @@ -76,6 +76,7 @@ $pconfig['radiuskey'] = $config['captiveportal']['radiuskey']; $pconfig['radiuskey2'] = $config['captiveportal']['radiuskey2']; $pconfig['radiusvendor'] = $config['captiveportal']['radiusvendor']; +$pconfig['radiusnasid'] = $config['captiveportal']['radiusnasid']; //$pconfig['radiussession_timeout'] = isset($config['captiveportal']['radiussession_timeout']); @@ -177,6 +178,7 @@ $config['captiveportal']['radiuskey'] = $_POST['radiuskey']; $config['captiveportal']['radiuskey2'] = $_POST['radiuskey2']; $config['captiveportal']['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false; + $config['captiveportal']['radiusnasid'] = $_POST['radiusnasid']; //$config['captiveportal']['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false; /* file upload? */ @@ -223,6 +225,7 @@ //document.iform.bwdefaultdn.disabled = endis; //document.iform.bwdefaultup.disabled = endis; document.iform.reauthenticate.disabled = radius_endis; + document.iform.radiusnasid.disabled = radius_endis; document.iform.auth_method[0].disabled = endis; document.iform.auth_method[1].disabled = endis; document.iform.auth_method[2].disabled = endis; @@ -428,6 +431,15 @@ <td colspan="2" class="list" height="12"></td> <tr> + <td colspan="2" valign="top" class="optsect_t2">NAS ID</td> + </tr> + <tr> + <td class="vncell" valign="top">NAS Identifier</td> + <td class="vtable"><input name="radiusnasid" type="text" class="formfld" id="radiusnasid" size="16" value="<?=htmlspecialchars($pconfig['radiusnasid']);?/>"><br /> + Leave blank to generate automatically based on hostname.</td> + </tr> + <tr> + </tr><tr> <td colspan="2" valign="top" class="optsect_t2">Accounting</td> </tr> <tr> </tr>