Quote:

If I simply put their MAC in the captive portal bypass list, they get access but no longer get the AUP/TOU that they need to consent to.


I know all about pass-through and am doing it now. The problem with that is as soon as you enter their MAC, they no longer get the AUP/TOU. Also, there is no authentication at all, so all someone needs to do is spoof an allowed MAC. Since I plan to change the password every week, spoofing a MAC that I hoped to pass as the UserID means they still need the password.

If everyone used the same hidden ID, only the PWD would need to be shared. If the users get to type in a unique UserID, they are still likely to share their ID/PWD and that is what I hope to avoid.