Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suggestion for base system user managment.

    Scheduled Pinned Locked Moved
    Forum Feedback
    3
    4
    3.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sadara
      last edited by

      I was wondering if anyone has considered putting the freeradius package into the base system.
      Pros:

      • It would allow ALL user management to be done from one page, rather than have separate pages for each subsystem.
      • PPTP, OPENVPN, PPPOE, L2TP, WIRELESS 802.11, and (possibly) openssh and IPSEC could be managed. (it might be best to keep openssh and console access off radius system)
      • There is a radius php module that could be used to check if an admin had access rights to a page.
      • accounting and usage data could be logged (including page access by admins)
      • would be easy to add an external auth source (LDAP/Active directory/MYSQL)
      • would allow per user bandwidth shaping in base config
      • you could still proxy requests to a different radius server, and/or supply a external radius server.

      Cons:

      • memory usage and disk writes/persistence on embedded platform.
      • a lot of work to implement php/radius web page access restrictions (need not be implemented)
      • if the radius subsystem breaks, everything stops
      • you still would need a web config user (admin?) to be able to auth without radius (see above line)
      • you need to run another service (freeradius) on the firewall. (a lot off people will be against this)

      I'm just thinking out aloud here, most of these options can still be implemented with freeradius as a package, or even with an external radius server.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You might take a look at how things have changed in the 2.0 code base. There have been a lot of changes to user management and such.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • ?
          Guest
          last edited by

          Many of your suggestions are already in pfSense 2.0 and the framework is there for many more of them.

          1 Reply Last reply Reply Quote 0
          • S
            sadara
            last edited by

            Even with the new users and groups features of 2.0, for some of the other features I am working on, I will need to have a second users/groups page for radius, which I was trying to avoid.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post