Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    log in to PFsense management console based on AD group membership

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 465 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      soheil.amiri
      last edited by soheil.amiri

      hi
      i have pfsense that is setup as captive portal.
      i want two AD group with different privilege level could login to PFsense. each group must see their own menu.
      i read this Article.
      here is my scenario :
      Pfsense group || AD Group || Access level
      Helpdesk || grp-helpdesk || status menu only
      admin || grp-NOC || full access to any menu

      my Question is : how pfsense underestand which user is in which AD group to apply appropriate local group privilege?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        The AD server will return the groups that user is a member of. If user groups exist with identical matching names in pfSense it will apply the permissions of that group to the user when they login.

        Steve

        1 Reply Last reply Reply Quote 1
        • S
          soheil.amiri
          last edited by

          @stephenw10 said in log in to PFsense management console based on AD group membership:

          The AD server will return the groups that user is a member of. If user groups exist with identical matching names in pfSense it will apply the permissions of that group to the user when they login.

          thanks @stephenw10
          as i understand my pfsense local group name must be the same of my AD group name.
          so this group configuration must working ?
          am i right ?

          Pfsense group || AD Group || Access level
          grp-helpdesk || grp-helpdesk || status menu only
          grp-NOC || grp-NOC || full access to any menu

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Yes that's how I would expect it to work as long as the AD server really is returning those groups.
            You can test in Diag > Authentication

            Steve

            1 Reply Last reply Reply Quote 1
            • S
              soheil.amiri
              last edited by

              thanks @stephenw10
              thats work exactly as it might be.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.