Use LDAP for GUI auth to AD.

@nutsonnet:

Thank you for reply can you please provide more detail.

two usefull links  ;)

http://bit.ly/VEOcgx

http://sourceforge.net/p/sarg/discussion/363374/thread/ce485ee9

TAG: user_authentication yes|no

#    Allow user authentication in User Reports using .htaccess
#    Parameters: 
#    AuthUserFile    - where the user password file is
#    AuthName    - authentication realm. Eg "Members Only"
#    AuthType    - authenticaion type - basic
#    Require        - authorized users to see the report.
#                                          %u - user report

user_authentication no AuthUserFile /usr/local/sarg/passwd AuthName "SARG, Restricted Access" AuthType Basic Require user admin %u

This is a very old topic…

Since 2.0 it's possible to use aliases inside aliases (groups of groups).

Another possibility from ssh would be to chose option "select LAN IP address".
When you set the new old LAN IP it resets the webGUI port back to the original state. And you do not need a reboot  :)

What the description is:
URL:
Enter as many URLs as you wish. After saving pfSense will download the URL and import the items into the alias. Use only with small sets of IP addresses (less than 3000).

URL-table:
Enter a single URL containing a large number of IPs and/or Subnets. After saving pfSense will download the URL and create a table file containing these addresses. This will work with large numbers of addresses (30,000+) or small numbers.

Basically its to define aliases outside of the pfSense and import them.

You might have to edit config.xml and upload it back again, but not sure if that even works.
at least csv shouldn't work with this hint.

@nutt318:

Tried creating a new user, added it to the new group with a few permissions, but still getting this error.

No page assigned to this user! Click here to logout.

I also have an LDAP server setup to authenticate users for VPN, so I tried my domain login creds on the admin login page and received the same error as above even though Im not in any group on the User Manager Page.

Does the LDAP auth I have setup conflict with a local users rights?

exactly same problem here.

Thank you very much for your hint and link.
Exactly what I've searched for and exactly the same problems.

Ben

D'oh.
I feel stupid.
Sorry i mixed terms up…
i guess the answer is in the other thread in which you wrote where it's described how to change the code.

@jimp:

It's a security measure to prevent CSRF/XSS and similar attacks that can rely on embedding the firewall into some other untrusted page.

You can add this to the top of a PHP page:

$nocsrf = true;

And then it'll turn off that protection.

How i can turn off CSRF at all? Not only at one php page.

If IE decided to turn on compatibility mode for one and not the other, that would also explain it. Ditch IE, use Chrome or Firefox (or Opera, or Safari, or really anything except IE)

Glad that i could help you

It can't be an issue on 2.1 because I moved that code to a common function so the code isn't duplicated between the two pages any longer. So the test only exists in one place, in an .inc file /etc/inc there. :-)

Thank you! I am not yet sure if I need that, the problem is that I need to provide unrestricted internet access and at least in the past there were problems with FTPS. Just evaluating which ways are there to allow FTPS. Also see http://forum.pfsense.org/index.php/topic,54964.0.html Thanks :-)