Captive Portal: No Authentication fails to allow user access

[mibsyboy]

Describe the bug
I'm running the Captive Portal on 19.1.1. I have it configured for no authentication/no login with a splash page and an "Accept" button in place of the "Sign in" button. All was working well in 18.7, but not any longer. What happens is the captive portal page pops up and when someone selects the "Accept" button, they get a "Login Failed" error box in pink and access is denied. This happens for everyone.

To Reproduce
Steps to reproduce the behavior:

1. Go to 'https://fire.wall.ip/ui/captiveportal'
2. Configure/enable captive portal with: Interface: guest wifi interface (VLAN for my config), Authenticate using: none, Always send accounting requests: unchecked, Enforce local group: none, Idle Timeout and Hard Timeout: Don't care, Concurrent Logins: Don't care, SSL Certificate and Hostname: Configured appropriately, Allowed Addresses: I have two IP's in there, Transparent Proxy (HTTP/HTTPS): unchecked, Custom Template: none or custom, Description: Text.
3. Save and Apply
4. User connects to WiFi and is presented with Portal Page. Once they select the "Accept" (without username/password due to no authentication selection), the user receives "Login Failed" in a pink box and Internet Access is not available.

Expected behavior
The user should be able to click the button and gain internet access

Screenshots
If applicable, add screenshots to help explain your problem.

Relevant log files
Logs from configd.log:
Feb 14 18:26:43 guardian configd.py: [feac4694-43b3-408d-b75a-38a38aaa52d0] allow client access to captive portal Feb 14 18:26:43 guardian configd.py: [feac4694-43b3-408d-b75a-38a38aaa52d0] Script action failed with Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py /zoneid '0' /username 'anonymous@192.168.111.81' /ip_address '192.168.111.81' /authenticated_via '' /output_type 'json'' returned non-zero exit status 1 at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 481, in execute stdout=output_stream, stderr=error_stream) File "/usr/local/lib/python2.7/subprocess.py", line 190, in check_call raise CalledProcessError(retcode, cmd) CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py /zoneid '0' /username 'anonymous@192.168.111.81' /ip_address '192.168.111.81' /authenticated_via '' /output_type 'json'' returned non-zero exit status 1 Feb 14 18:27:19 guardian configd.py: [3b5831bd-0fed-422b-a9c6-778effb280b1] fetch captiveportal web template package default Feb 14 18:28:04 guardian configd.py: [5f4e762f-f8b3-470c-bd00-229a065d6894] request mac table root@guardian:/var/log # Feb 14 18:26:43 guardian configd.py: [bda40bd2-dbb3-4311-adf4-dd1ecc21cddb] Script action failed with Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/listClients.py /zoneid '0' /output_type 'json'' returned non-zero exit status 1 at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 481, in execute stdout=output_stream, stderr=error_stream) File "/usr/local/lib/python2.7/subprocess.py", line 190, in check_call raise CalledProcessError(retcode, cmd) CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/listClients.py /zoneid '0' /output_type 'json'' returned non-zero exit status 1 Too many )'s. root@guardian:/var/log # Feb 14 18:26:43 guardian configd.py: [feac4694-43b3-408d-b75a-38a38aaa52d0] allow client access to captive portal Feb: No match. root@guardian:/var/log # Feb 14 18:26:43 guardian configd.py: [feac4694-43b3-408d-b75a-38a38aaa52d0] Script action failed with Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py /zoneid '0' /username 'anonymous@192.168.111.81' /ip_address '192.168.111.81' /authenticated_via '' /output_type 'json'' returned non-zero exit status 1 at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 481, in execute stdout=output_stream, stderr=error_stream) File "/usr/local/lib/python2.7/subprocess.py", line 190, in check_call raise CalledProcessError(retcode, cmd) CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py /zoneid '0' /username 'anonymous@192.168.111.81' /ip_address '192.168.111.81' /authenticated_via '' /output_type 'json'' returned non-zero exit status 1

And portalauth.log contains:
Feb 14 18:23:18 guardian captiveportal[72660]: AUTH anonymous@192.168.111.81 (192.168.111.81) zone 0 Feb 14 18:26:42 guardian captiveportal[72660]: AUTH anonymous@192.168.111.81 (192.168.111.81) zone 0

Additional context
Worked in 18.7, but can not make it work in 19.1.1. Tried deleting all Captive port configs and rebuilding from scratch. No change. Also, I am using VLANs to separate the Guest and the Internal WiFi networks. Shouldn't matter, but mentioning it just in case.

Environment
OPNsense 19.1.1 (i386, OpenSSL)

[AdSchellevis]

Can you run the following and paste the output here:

/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py /zoneid '0' /username 'anonymous@192.168.111.81' /ip_address '192.168.111.81

Then go to the captive portal admin page, apply and do the same.

[mibsyboy]

I ran the command and added a trailing quote that I think didn't show up in the message and got the following:

`/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py /zoneid '0' /username 'anonymous@192.168.111.81' /ip_address '192.168.111.81'

Traceback (most recent call last):
File "/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py", line 62, in
mac_address=mac_address
File "/usr/local/opnsense/scripts/OPNsense/CaptivePortal/lib/db.py", line 131, in add_client
""", response)
sqlite3.DatabaseError: database disk image is malformed`

Which sounds bad. This is an install of 18.7 that I upgraded to 19.1.1 and is only about 4 or 5 weeks old when I switched from another open-source FW, but something appears to be amiss obviously.

The second part of your instructions I think I understood and did, but got the same response. I went into the captive portal, hit the apply button, then ran the same command again at the command line. It gave the same error.

Thanks

[AdSchellevis]

@mibsyboy your sqlite database is corrupt, maybe some power failure corrupted the file.

If you remove /var/captiveportal/captiveportal.sqlite, you should be able to create new sessions

[mibsyboy]

Thanks, I was reviewing https://forum.opnsense.org/index.php?topic=5744.0 after finding the error above (thank you). Were the database integrity checks ever implemented on the captive portal as you mention in that post that exist on network insight?

[AdSchellevis]

yes,

core/src/opnsense/scripts/OPNsense/CaptivePortal/cp-background-process.py

Line 198 in fd2e261

check_and_repair('/var/captiveportal/captiveportal.sqlite')

but if a restart of captive portal doesn't solve your issue, it probably can't detect it's broken.

[mibsyboy]

I removed the database and it was rebuilt. All is good now. I appreciate it greatly.

[jwisbeck]

I have a similar issue but the database is not corrupt,
configd.py: [ff7b4dc7-f7f7-46a7-abee-48a541a80f0d] Script action failed with Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py /zoneid '0' /username '101010' /ip_address '192.168.1.101' /authenticated_via 'Local Database' /output_type 'json'' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 484, in execute stdout=output_stream, stderr=error_stream) File "/usr/local/lib/python3.7/subprocess.py", line 363, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/CaptivePortal/allow.py /zoneid '0' /username '101010' /ip_address '192.168.1.101' /authenticated_via 'Local Database' /output_type 'json'' returned non-zero exit status 1.