Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Access only after login…

    General pfSense Questions
    3
    6
    3.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bushtor
      last edited by

      Hi,

      We have a w2k school network which we plan to migrate over to Linux / samba domain controllers.  Each student will have his/her own user account in the DC.  In the dorm areas we want to provide internet access only to those who have authenticated against the samba DC.

      Can we use pfSense as firewall for the dorm area network and somehow require authentication from the domain controllers to gain internet access through the firewall?

      If possible we want to keep only one authentication for both the classroom network and the dorm area internet access.

      Which options do we have?  Thanks a lot for hints and tips

      best regards

      Tor

      1 Reply Last reply Reply Quote 0
      • S
        sullrich
        last edited by

        Sounds like you want the captive portal feature + radius auth.

        See http://www.pfsense.com/mirror.php?section=tutorials/cp_config/radius_win2k3.htm for more info.

        1 Reply Last reply Reply Quote 0
        • B
          bushtor
          last edited by

          Thanks a lot,

          Seems to be exactly the functionality that I need ;-)  Just to confirm, in this scenario the granted (or denied) access covers ALL internet traffic (any port / any service), not just http(s), right?

          Now to the tricky part,  I hioped to use this in connection with a Linux (ubuntu)  Samba 3 domain controller, is this possible and does it exist a how-to for implementing a similar Radius server functionality in a Linux DC?

          Thanks again for comments

          regards

          Tor

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            It does block any traffic from an unauthenticated client. The client has to authenticate first. After that the firewall rules of the interface you run the captive portal on are applied. There is no Sambe Radius howto available yet, but maybe you want to write it and submit it so we can put it on air at pfsense.com ;)

            1 Reply Last reply Reply Quote 0
            • B
              bushtor
              last edited by

              @hoba:

              There is no Sambe Radius howto available yet, but maybe you want to write it and submit it so we can put it on air at pfsense.com ;)

              ;) - point taken.  But seriously, does anybody here know about a Radius to Samba HowTo?  I haven't found one…

              Another solution:  Somebody suggested that I should use squid authentication.  What about pfSense and squid against the Samba domain controller user database?

              Tor

              1 Reply Last reply Reply Quote 0
              • H
                hoba
                last edited by

                Squid authentication is not yet included in the squid package though theoretically possible. However, doing it via squid would only affect proxied connections (http, https) and not every connection attempt at any port like the captive portal does.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post