Captiv portal tuning
-
Good day.
Created a Test group in System \ User Manager \ Groups.
Gave her the privilege of User - Services: Captive Portal login.
In Active Directory Created an OU test. Created a group in her Test. Included in it several users.
In System \ User Manager \ Authentication Servers, in Authentication containers, indicated OU = Test, DC = domain, DC = com.
The captive portal works.
But only for users whose accounts are in the OU = TEST itself. For accounts that are located in other OUs, but are a member of the Test group, the captive portal does not work.How can I make sure that for accounts that are in other OU and are members of the TEST captive portal group, it works?
-
In System \ User Manager \ Authentication Servers, in Authentication containers, indicated OU = Test, DC = domain, DC = com.^^^^ this limits the AD search to the 'Test' OU ..... if you want to look outside that OU, you should just keep it domain.com
-
@heper
Thanks.Tell me more:
How can I prevent this type of authentication from entering a username and password?
In general, so that the PfSense invitation does not appear in the browser window? -
???
-
@heper
The user is FIRST authenticated in Active Directory. And is a member of the TEST group. Why does he need another authentication in the browser window to access the Internet?
The SECOND user is not a member of the TEST group. And accordingly does not have Internet access. -
Captive portal is only used for browser based authentication.
What you want needs a different approach:
- either 802.11x authentication on your switches; with or without dynamic vlans
- some proxy with ad integration
-
- Those. in any way it will not be possible to achieve by means of PfSense (Captive Portal) that the window for entering the name and password in the browser does not appear and the users do not have to specify the name and password each time?
2.Removed the privilege for the group Captive portal login. Removed the user from the corresponding group in Active Directory.
Authentication passes through the portal.
Diagnostics \ Authentication also passes. True This user is a member of groups:
is empty.
I restarted the portal service. -
@heper
Faced this.
There is user user1 who has access to the portal through the group
Active Directory. So, if the browser’s registration page doesn’t
enter the password, the user is successfully registered on the portal.On pfsense Diagnostics \ Authentication everything works correctly.
What's wrong?