log in to PFsense management console based on AD group membership

soheil.amiri

hi
i have pfsense that is setup as captive portal.
i want two AD group with different privilege level could login to PFsense. each group must see their own menu.
i read this Article.
here is my scenario :
Pfsense group || AD Group || Access level
Helpdesk || grp-helpdesk || status menu only
admin || grp-NOC || full access to any menu

my Question is : how pfsense underestand which user is in which AD group to apply appropriate local group privilege?

stephenw10

The AD server will return the groups that user is a member of. If user groups exist with identical matching names in pfSense it will apply the permissions of that group to the user when they login.

Steve

soheil.amiri

@stephenw10 said in log in to PFsense management console based on AD group membership:

The AD server will return the groups that user is a member of. If user groups exist with identical matching names in pfSense it will apply the permissions of that group to the user when they login.

thanks @stephenw10
as i understand my pfsense local group name must be the same of my AD group name.
so this group configuration must working ?
am i right ?

Pfsense group || AD Group || Access level
grp-helpdesk || grp-helpdesk || status menu only
grp-NOC || grp-NOC || full access to any menu

stephenw10

Yes that's how I would expect it to work as long as the AD server really is returning those groups.
You can test in Diag > Authentication

Steve

soheil.amiri

thanks @stephenw10
thats work exactly as it might be.