4. Captiv portal tuning

Captiv portal tuning

  • L

    Good day.
    Created a Test group in System \ User Manager \ Groups.
    Gave her the privilege of User - Services: Captive Portal login.
    In Active Directory Created an OU test. Created a group in her Test. Included in it several users.
    In System \ User Manager \ Authentication Servers, in Authentication containers, indicated OU = Test, DC = domain, DC = com.
    The captive portal works.
    But only for users whose accounts are in the OU = TEST itself. For accounts that are located in other OUs, but are a member of the Test group, the captive portal does not work.

    How can I make sure that for accounts that are in other OU and are members of the TEST captive portal group, it works?

    0
    H
     1 Reply
  • H
     

    In System \ User Manager \ Authentication Servers, in Authentication containers, indicated OU = Test, DC = domain, DC = com.

    ^^^^ this limits the AD search to the 'Test' OU ..... if you want to look outside that OU, you should just keep it domain.com

    0
    L
     1 Reply
  • L

    @heper
    Thanks.

    Tell me more:
    How can I prevent this type of authentication from entering a username and password?
    In general, so that the PfSense invitation does not appear in the browser window?

    0
  • H

    ???

    0
    L
     1 Reply
  • L

    @heper
    The user is FIRST authenticated in Active Directory. And is a member of the TEST group. Why does he need another authentication in the browser window to access the Internet?
    The SECOND user is not a member of the TEST group. And accordingly does not have Internet access.

    0
  • H

    Captive portal is only used for browser based authentication.

    What you want needs a different approach:

    • either 802.11x authentication on your switches; with or without dynamic vlans
    • some proxy with ad integration
    0
    L
     1 Reply
  • L

    @heper

    1. Those. in any way it will not be possible to achieve by means of PfSense (Captive Portal) that the window for entering the name and password in the browser does not appear and the users do not have to specify the name and password each time?

    2.Removed the privilege for the group Captive portal login. Removed the user from the corresponding group in Active Directory.
    Authentication passes through the portal.
    Diagnostics \ Authentication also passes. True This user is a member of groups:
    is empty.
    I restarted the portal service.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy