log in to PFsense management console based on AD group membership
-
hi
i have pfsense that is setup as captive portal.
i want two AD group with different privilege level could login to PFsense. each group must see their own menu.
i read this Article.
here is my scenario :
Pfsense group || AD Group || Access level
Helpdesk || grp-helpdesk || status menu only
admin || grp-NOC || full access to any menumy Question is : how pfsense underestand which user is in which AD group to apply appropriate local group privilege?
-
The AD server will return the groups that user is a member of. If user groups exist with identical matching names in pfSense it will apply the permissions of that group to the user when they login.
Steve
-
@stephenw10 said in log in to PFsense management console based on AD group membership:
The AD server will return the groups that user is a member of. If user groups exist with identical matching names in pfSense it will apply the permissions of that group to the user when they login.
thanks @stephenw10
as i understand my pfsense local group name must be the same of my AD group name.
so this group configuration must working ?
am i right ?Pfsense group || AD Group || Access level
grp-helpdesk || grp-helpdesk || status menu only
grp-NOC || grp-NOC || full access to any menu -
Yes that's how I would expect it to work as long as the AD server really is returning those groups.
You can test in Diag > AuthenticationSteve
-
thanks @stephenw10
thats work exactly as it might be.