Can't understand users/access management
-
Novice user here.
I can't seem to grasp the concept of how pfSense deals with users.
I only had experience with a 3rd party Windows-based proxy software that allowed local (LAN) users to connect to the internet (WAN). It had a settings page where I could add and configure each user. I didn't have to configure DHCP because it could authorize users by IP or MAC addresses. So each user entry had IP or MAC address configured, along with access settings. With pfSense, I need to do the very same thing - grant LAN users access to WAN.
But in pfSense, I don't see any settings menu that could allow me to configure a set of users in a similar way. I see that I can block a user from logging in into pfSense, or set up per-user GUI options... Am I missing something important? Is it supposed to be used with DHCP only? Is Captive Portal required to manage users and grant them access to the Internet? Should I install some additional module?
Thanks in advance.
-
RTFM:
https://www.netgate.com/docs/pfsense/book/usermanager/index.html
https://www.netgate.com/docs/pfsense/book/captiveportal/index.html -
@grimson said in Can't understand users/access management:
RTFM
Or, as we say in the Linux world, man RTFM.
-
I'm sorry but I've read most of these and this is still not clear to me. User management section does not mention anything about management of access to actual WAN Internet. It said that an account can be used to access Captive Portal. Do I need "Authentication Servers" at all if I only expect to authenticate users by static addresses? I think not.
Captive Portal section does not say that Captive Portal is required to allow users to access WAN Internet. It said that Captive Portal is usually used for wireless connections and additional authentication. For now I don't need either of that so my logic was that I don't need Captive Portal feature.
I've checked all menus at pfSense control panel and didn't find a management page which would hold data like (and allow to configure each entry)
- user1 : group1 : 192.168.1.10
- user2 : group1 : 192.168.1.20
...
Is this actually a thing in pfSense? Or do I need to enable Captive Portal to access a management page such as that? I didn't need anything like "captive portal" to allow users any access with a different suite, so I didn't expect it to be required with pfSense. Is my logic wrong?
-
You could use Captive Portal for that I guess, but most people would use the squid proxy for something like that.
I think the user permissions are probably the wrong tree to be barking up.