How to allow captive poral users to change their own passwords?
-
Anyone who can tell me if it is possible to allow captive portal users to change their own passwords? I am currenty using local database but can use freeradius.The system is running squid with squidguard as well.So will that be an issue? Alternatly otp i mobile can also be a solution if anyone knows how to do it?
-
i doubt that there is a good way. (unless the clients are in an active-directory environment)
-
This would require a high level of customisation - you might be able to set up a self-service portal using a web front end to a Freeradius system, though you'd have to incorporate safeguards against anyone making password changes to any account they don't own. As heper suggests, you could possibly tie it into an AD environment, but you'd still need to integrate this with your authentication portal.
I have set up an OTP system using FreeRadius, following this:
http://motp.sourceforge.net/
You can get users to download and install the OTP client on their mobiles to use the system. I set up a cron job which checks for membership of an active directory group (eg: OTPusers), scrapes those users from AD and populates their names into the radius database, automatically sending an email to these users with their secret and PIN. That's as far as I got, anyway.
-
If you're using the local database it's actually easy.
Grant your captive portal users (or group) the "WebCfg - System: User Password Manager" privilege. Then they can login to the pfSense GUI and when they go to System > User Manager they receive a page where they can change their password. If they have no other GUI access privileges then that is the page they'll see immediately after login.
-
If you're using the local database it's actually easy.
Grant your captive portal users (or group) the "WebCfg - System: User Password Manager" privilege. Then they can login to the pfSense GUI and when they go to System > User Manager they receive a page where they can change their password. If they have no other GUI access privileges then that is the page they'll see immediately after login.
then will tey able to change other's password as well?
-
No, that specific privilege is not the privilege to access all of user management. It is a special page where a user can only change their own password. Try it out.
-
how to do this if using free radius with captive portal?
-
FreeRADIUS on pfSense? You can't. If you use it externally, there might be a GUI that lets you do that somewhere, but it's not a pfSense feature, it would be some other bit of software.