Authenticate to pfsense webGUI using RADIUS
-
Are there any current plans to allow authentication to the pfsense web GUI using RADIUS? At this time there is no way to associate a successful RADIUS authentication with a local pfsense group that has access. Obviously it would be even better if pfsense had a radius dictionary with attributes, but that seems a bit much to hope for.
The primary reason for allowing RADIUS over LDAP authentication (which currently does work with my AD server) is because RADIUS supports multifactor authentication (e.g. RSA, OpenOTP, SMS/email challenges, etc) whereas LDAP only supports password authentication. Since pfsense exerts a massive amount of control over the network, I would think multifactor would be a requirement for some organizations.
I did see feature #935 (https://redmine.pfsense.org/issues/935) but it has not been touched in 4 years.
-
LDAP only supports password authentication.
Here's one two-factor solution that does:
https://www.duosecurity.com/docs/ldap
I've been using a free account to add two-factor to pfSense OpenVPN using RADIUS for a while now. Works great. Can't imagine LDAP would be any different.
