ZFS is definitely not related and not used at all…

Same here. I've created a group called "admins" in LDAP and I'm getting successful auth, but no group matching.

Edit:
I've tried creating a new group called "RouterAdmins" in both LDAP and PF.
Additionally I've told PF to look in the the groups portion of the tree to find the CN's for groups.

Hack that worked but I don't like it.
I added an attribute to a user I'm testing with, and made it ou… cn=RouterAdmins,blahblah. PF picked up on that and matched the groups up.

@ptt:

https://github.com/pfsense/pfsense/tree/master/usr/local/www

Thank you very much :)

Looks like it's from that failed log line parse that happened. We're completely overhauling the log format for 2.2 so it won't be an issue there.

@GruensFroeschli:

The + will only show up if there are actually interfaces to assign.
Since it does not, i suppose the interface on which the ADSL modem is connected is already assigned.

Boy, do I feel stupid right now. This was it! Thanks.

Thanks for the reply!

I'd think about updating but I've inherited this thing from a long chain of people who never touched it because it "just worked" and now nobody knows what the hell is going on. I'm loathe to just wing it since this is a "production" service and taking it down is really going to tick people off.

As for clog:```
clog /var/log/lighttpd.log

For any others experiencing this issue,  I managed to resolved the problem by reducing the PPPoE MTU from 1492 to 1452

You might want to disable auto CSRF…

I assume you are asking about how to provide access to the webGUI for remote support. I would connect with OpenVPN. But for that you need to be able to define a port forward on the provider's front-end box to forward some fixed port number in to the pfSense WAN2 and/or WAN3. If that is possible, then add Dynamic DNS entry to the pfSense on WAN2 and/or WAN3 so you have a name available on the public internet that points to the provider's current public IP in front of you.
I had the trouble that a provider did not have any provision to port-forward anything to a site. In that case you would have to put an OpenVPN server at your home/office and have a client OpenVPN at the site that is making a connection out, back to your home/office. Then you bring up the server at your home/office, wait 1 or 2 minutes, the client will be trying to connect and then "bingo" a connection appears.
Then only add rules on OpenVPN for what you want to allow - to just manage the webGUI it would just be allowing the tunnel subnet only to talk, I expect.

pfSense uses its own config file (/cf/conf/config.xml) to build all other conf files at boot time. If you want anything to survive a boot, you have to do it through the web configurator (or from the console menu) so that the settings you want are recorded in config.xml.
If the web configurator does not have the thing you need, then there are ways to invoke your own script at various points in the boot.
What do you want to change in lighty-webConfigurator.conf?

Is there a way to grant limited admins access to all installed packages, but not the ability to install any themselves?

Here: https://github.com/pfsense/pfsense/blob/RELENG_2_1/usr/local/www/widgets/widgets/traffic_graphs.widget.php
traffic_graphs.widget.php was updated in Dec 2013 to add this functionality, even the 2.1 branch was updated, so it will appear in 2.1.1, whenever that happens. It will work find applied on a 2.1-RELEASE system.

You can download a config backup from Diagnostics > Backup/Restore and then edit the users in and restore that edited config.

Assuming your edits are good, it will reboot and then have all the users.

Same for me:
http://forum.pfsense.org/index.php/topic,70356.msg383827.html#msg383827

Please help us to have a relay for each interface!

@Paul47:

I wish your explanation was provided by the help button on that page.

Ask and you shall receive https://doc.pfsense.org/index.php/Firewall_Rule_Basics

That is the page linked too, since phil was kind of enough to write it up, I figured I could take a couple of minutes and add them to the wiki.  Thanks Phil!  Your other great post about multiwan and rules needs to be added too, off next week its on my todo list ;)

AFAIR it was added at one point to correspond to the rule IDs linking NAT Port Forward and firewall rule entries. Really it's largely unnecessary. I have never seen anything in the column and it's just a waste of space at the moment.