Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Access allowed after login to domain controller..

    Captive Portal
    5
    8
    5657
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Hank
      last edited by

      Hi,

      pfsense's captive portal feature works great.  In our case the win2003 box used as radius server hooked up to pfsense is also a domain controller.

      I wonder if there is a way to force users to log in to the domain controller in order to be grated internet access through pfsense.

      Can pfsense's captive portal be configured to check for authenticated domain users instead of getting login credentials from the radius server..?

      regards

      hank

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Not unless somebody adds ldap support I think. Have a look at the squid proxy. It has ldap support but I'm unsure atm if this feature is working correctly or at all yet.

        1 Reply Last reply Reply Quote 0
        • R
          rjkruit
          last edited by

          I've been trying to make pfsense work with our domain controller for several days now without success. Can you tell me what policy you made in IAS for pfsense?
          To allow internet access to users that have allready authenticated to the domain controller wil indeed require LDAP support.

          1 Reply Last reply Reply Quote 0
          • T
            trendchiller
            last edited by

            have a look here:

            http://pfsense.org/mirror.php?section=tutorials/cp_config/radius_win2k3.htm

            1 Reply Last reply Reply Quote 0
            • R
              rjkruit
              last edited by

              Thanks m8! It works like a charm!  8)

              1 Reply Last reply Reply Quote 0
              • M
                mibo
                last edited by

                @ Hank

                if you can change CP to use a login box like htaccess and use Internet Explorer it can be work.

                IE with the default settings try to logon on local networks with the credentials of the active Domain User.
                I don't know if the CP Page is recognized as a local Site?

                I use this "feature" with a proxy server and Win2003 DC.

                give it a try..?

                1 Reply Last reply Reply Quote 0
                • R
                  rjkruit
                  last edited by

                  Interesting idea. It should be working when you will be able to let the login script supply a domain name equal to your active directory domain. I think you should supply it as a realm name. I'm not sure though.

                  1 Reply Last reply Reply Quote 0
                  • H
                    Hank
                    last edited by

                    @mibo:

                    @ Hank

                    if you can change CP to use a login box like htaccess and use Internet Explorer it can be work.

                    IE with the default settings try to logon on local networks with the credentials of the active Domain User.
                    I don't know if the CP Page is recognized as a local Site?

                    Hi mibo

                    Sorry for the long absense.

                    Can you elaborate 'login box like htaccess' a bit?  I'm a newbie so I don't have much knowledge with these issues.  But I'd like to try this as a possible solution.  You mention specifically IE, does it ork with other browsers too, like Firefox and Opera..?

                    Looking forward to try this out

                    regards

                    Hanks

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post