Require every user connecting via wireless access point to use their own captive portal account

1

I have a LAN cable that if I plug it into my computer and try to access the Internet a captive portal opens and asks for a username and password. I connected an access point to this LAN so everyone can connect wirelessly to this LAN. But the problem is if I connect to the access point through Wi-Fi and enter my username and password in the captive portal, any other user connecting to that Wi-Fi network can access the Internet using my account!

How can I prevent this? I want everyone to use their own account on the captive portal.

j doe

Posted 2018-12-05T12:12:44.813

Reputation: 135

Question was closed 2018-12-05T14:19:44.077

1Are you sure you have an Access Point? Because it sounds like you have a regular NAT router. // Also keep in mind that you are most likely not authorized to add a wireless extension to this protected network. – Daniel B – 2018-12-05T12:21:57.903

1Anyone able to comment on what is unclear about this question? – I say Reinstate Monica – 2018-12-05T14:58:29.080

@TwistyImpersonator What captive portal? How can we answer anything about the users configuration if we don't know what it is? – Jan Doggen – 2018-12-05T15:29:29.537

The information in the question clearly implies the captive portal is performing IP or MAC based authentication. This is all one needs to know in order to answer the question. See the answer I posted to understand why this is all that is needed. – I say Reinstate Monica – 2018-12-05T15:34:18.263

Answers

1

Based on your description, the captive portal is configured on your network's Internet gateway, possibly your router. Further, it is performing IP-based (or MAC-based) authentication, meaning that when a device is authenticated, all further traffic from that device's IP address is permitted to the Internet.

This leads me to conclude that your wireless access point is using NAT to connect wireless clients to your LAN. In other words the AP makes all of the wireless clients appear as a single IP address on the LAN, hence the reason you are required to authenticate only once and also why all further Internet access from the wireless devices is associated with your portal account.

To resolve this, configure your wireless access point to place Wi-Fi clients directly on the LAN so that they each get their own IP address on its subnet. This will in turn require each wireless client to authenticate separately with the captive portal.

I say Reinstate Monica

Posted 2018-12-05T12:12:44.813

Reputation: 21 477

It doesn't really matter here whether IP and/or MAC authentication is in use – a router+NAT will rewrite both, a pure bridge AP will rewrite neither. (The middle option of a router with no NAT is probably unlikely given the question.) – user1686 – 2018-12-05T13:57:24.123

Oh yes, I forgot about MAC based authentication. Thanks! – I say Reinstate Monica – 2018-12-05T14:57:35.973

@TwistyImpersonator Yes i think this is the correct answer. but is this configuration possible on most access points? and where is this kind of settings? – j doe – 2018-12-05T20:02:30.583

You're asking a new question there. Please do so by posting a new question.

– I say Reinstate Monica – 2018-12-05T20:03:31.323

Asked: 2018-12-05T12:12:44.813

Viewed: 195 times

Active: 2018-12-05T20:05:21.740