Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't understand users/access management

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 626 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      choin
      last edited by

      Novice user here.

      I can't seem to grasp the concept of how pfSense deals with users.

      I only had experience with a 3rd party Windows-based proxy software that allowed local (LAN) users to connect to the internet (WAN). It had a settings page where I could add and configure each user. I didn't have to configure DHCP because it could authorize users by IP or MAC addresses. So each user entry had IP or MAC address configured, along with access settings. With pfSense, I need to do the very same thing - grant LAN users access to WAN.

      But in pfSense, I don't see any settings menu that could allow me to configure a set of users in a similar way. I see that I can block a user from logging in into pfSense, or set up per-user GUI options... Am I missing something important? Is it supposed to be used with DHCP only? Is Captive Portal required to manage users and grant them access to the Internet? Should I install some additional module?

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • GrimsonG Offline
        Grimson Banned
        last edited by

        RTFM:
        https://www.netgate.com/docs/pfsense/book/usermanager/index.html
        https://www.netgate.com/docs/pfsense/book/captiveportal/index.html

        1 Reply Last reply Reply Quote 0
        • JKnottJ Offline
          JKnott
          last edited by

          @grimson said in Can't understand users/access management:

          RTFM

          Or, as we say in the Linux world, man RTFM. 😉

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          1 Reply Last reply Reply Quote 0
          • C Offline
            choin
            last edited by

            I'm sorry but I've read most of these and this is still not clear to me. User management section does not mention anything about management of access to actual WAN Internet. It said that an account can be used to access Captive Portal. Do I need "Authentication Servers" at all if I only expect to authenticate users by static addresses? I think not.

            Captive Portal section does not say that Captive Portal is required to allow users to access WAN Internet. It said that Captive Portal is usually used for wireless connections and additional authentication. For now I don't need either of that so my logic was that I don't need Captive Portal feature.

            I've checked all menus at pfSense control panel and didn't find a management page which would hold data like (and allow to configure each entry)

            • user1 : group1 : 192.168.1.10
            • user2 : group1 : 192.168.1.20
              ...

            Is this actually a thing in pfSense? Or do I need to enable Captive Portal to access a management page such as that? I didn't need anything like "captive portal" to allow users any access with a different suite, so I didn't expect it to be required with pfSense. Is my logic wrong?

            1 Reply Last reply Reply Quote 0
            • DerelictD Offline
              Derelict LAYER 8 Netgate
              last edited by

              You could use Captive Portal for that I guess, but most people would use the squid proxy for something like that.

              I think the user permissions are probably the wrong tree to be barking up.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.