How can I create a "User" using the command line?
-
I teach courses where I can have 80-100 students. I want to give each one of them VPN access while maintaining a record of who logs in to the VPN. Thus, I need a unique username/password for each user. I'm interested in writing a script that can generate, say, 100 users.
P.S: I know someone will say why don't you want to use the Web GUI. The answer is: I will add 100 users then remove them then add another 100 users then remove them and so on. The GUI is not the right option for me.
-
Use RADIUS for that, not the pfSense user manager.
And not necessarily the pfSense FreeRADIUS package, but a separate RADIUS server. You could load your users in easily in most cases with RADIUS. OpenLDAP may also work for auth but tends to be more complicated to setup.
-
@jimp Thanks for the advice. I don't know how to implement the solution you proposed. If you have a link to a good tutorial I'll be thankful.
-
Are you using IPsec or OpenVPN?
-
@nogbadthebad OpenVPN
-
https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/authenticating-openvpn-users-with-freeradius.html
-
@nogbadthebad It seems that I will still have to enter the username/password for every user through the GUI. Do you have a command that you used to create users through the cli after setting up the RADIUS as mentioned in the link you sent?
-
I'd be tempted to create student001 to student100.
You may be able to get clever and create student001 via the GUI, do a backup and take a text editor to the XML file to create the other 99 accounts.
<config> <sortable></sortable> <varusersusername>student1</varusersusername> <varuserspassword>student1</varuserspassword> <varuserspasswordencryption>Cleartext-Password</varuserspasswordencryption> <varusersmotpenable></varusersmotpenable> <varusersauthmethod>motp</varusersauthmethod> <varusersmotpinitsecret></varusersmotpinitsecret> <varusersmotppin></varusersmotppin> <varusersmotpoffset></varusersmotpoffset> <qrcodetext></qrcodetext> <varuserswisprredirectionurl></varuserswisprredirectionurl> <varuserssimultaneousconnect></varuserssimultaneousconnect> <description></description> <varusersframedipaddress></varusersframedipaddress> <varusersframedipnetmask></varusersframedipnetmask> <varusersframedroute></varusersframedroute> <varusersvlanid></varusersvlanid> <varusersexpiration></varusersexpiration> <varuserssessiontimeout></varuserssessiontimeout> <varuserslogintime></varuserslogintime> <varusersamountoftime></varusersamountoftime> <varuserspointoftime>Daily</varuserspointoftime> <varusersmaxtotaloctets></varusersmaxtotaloctets> <varusersmaxtotaloctetstimerange>daily</varusersmaxtotaloctetstimerange> <varusersmaxbandwidthdown></varusersmaxbandwidthdown> <varusersmaxbandwidthup></varusersmaxbandwidthup> <varusersacctinteriminterval></varusersacctinteriminterval> <varuserstopadditionaloptions></varuserstopadditionaloptions> <varuserscheckitemsadditionaloptions></varuserscheckitemsadditionaloptions> <varusersreplyitemsadditionaloptions>Class := "admins"</varusersreplyitemsadditionaloptions> </config>```