Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captiv portal tuning

    Scheduled Pinned Locked Moved Captive Portal
    8 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lucas1
      last edited by

      Good day.
      Created a Test group in System \ User Manager \ Groups.
      Gave her the privilege of User - Services: Captive Portal login.
      In Active Directory Created an OU test. Created a group in her Test. Included in it several users.
      In System \ User Manager \ Authentication Servers, in Authentication containers, indicated OU = Test, DC = domain, DC = com.
      The captive portal works.
      But only for users whose accounts are in the OU = TEST itself. For accounts that are located in other OUs, but are a member of the Test group, the captive portal does not work.

      How can I make sure that for accounts that are in other OU and are members of the TEST captive portal group, it works?

      H 1 Reply Last reply Reply Quote 0
      • H
        heper @lucas1
        last edited by

        In System \ User Manager \ Authentication Servers, in Authentication containers, indicated OU = Test, DC = domain, DC = com.
        

        ^^^^ this limits the AD search to the 'Test' OU ..... if you want to look outside that OU, you should just keep it domain.com

        L 1 Reply Last reply Reply Quote 0
        • L
          lucas1 @heper
          last edited by

          @heper
          Thanks.

          Tell me more:
          How can I prevent this type of authentication from entering a username and password?
          In general, so that the PfSense invitation does not appear in the browser window?

          1 Reply Last reply Reply Quote 0
          • H
            heper
            last edited by

            ???

            L 1 Reply Last reply Reply Quote 0
            • L
              lucas1 @heper
              last edited by

              @heper
              The user is FIRST authenticated in Active Directory. And is a member of the TEST group. Why does he need another authentication in the browser window to access the Internet?
              The SECOND user is not a member of the TEST group. And accordingly does not have Internet access.

              1 Reply Last reply Reply Quote 0
              • H
                heper
                last edited by

                Captive portal is only used for browser based authentication.

                What you want needs a different approach:

                • either 802.11x authentication on your switches; with or without dynamic vlans
                • some proxy with ad integration
                L 2 Replies Last reply Reply Quote 0
                • L
                  lucas1 @heper
                  last edited by

                  @heper

                  1. Those. in any way it will not be possible to achieve by means of PfSense (Captive Portal) that the window for entering the name and password in the browser does not appear and the users do not have to specify the name and password each time?

                  2.Removed the privilege for the group Captive portal login. Removed the user from the corresponding group in Active Directory.
                  Authentication passes through the portal.
                  Diagnostics \ Authentication also passes. True This user is a member of groups:
                  is empty.
                  I restarted the portal service.

                  1 Reply Last reply Reply Quote 0
                  • L
                    lucas1 @heper
                    last edited by

                    @heper
                    Faced this.
                    There is user user1 who has access to the portal through the group
                    Active Directory. So, if the browser’s registration page doesn’t
                    enter the password, the user is successfully registered on the portal.

                    On pfsense Diagnostics \ Authentication everything works correctly.
                    What's wrong?

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.