Access allowed after login to domain controller..



  • Hi,

    pfsense's captive portal feature works great.  In our case the win2003 box used as radius server hooked up to pfsense is also a domain controller.

    I wonder if there is a way to force users to log in to the domain controller in order to be grated internet access through pfsense.

    Can pfsense's captive portal be configured to check for authenticated domain users instead of getting login credentials from the radius server..?

    regards

    hank



  • Not unless somebody adds ldap support I think. Have a look at the squid proxy. It has ldap support but I'm unsure atm if this feature is working correctly or at all yet.



  • I've been trying to make pfsense work with our domain controller for several days now without success. Can you tell me what policy you made in IAS for pfsense?
    To allow internet access to users that have allready authenticated to the domain controller wil indeed require LDAP support.





  • Thanks m8! It works like a charm!  8)



  • @ Hank

    if you can change CP to use a login box like htaccess and use Internet Explorer it can be work.

    IE with the default settings try to logon on local networks with the credentials of the active Domain User.
    I don't know if the CP Page is recognized as a local Site?

    I use this "feature" with a proxy server and Win2003 DC.

    give it a try..?



  • Interesting idea. It should be working when you will be able to let the login script supply a domain name equal to your active directory domain. I think you should supply it as a realm name. I'm not sure though.



  • @mibo:

    @ Hank

    if you can change CP to use a login box like htaccess and use Internet Explorer it can be work.

    IE with the default settings try to logon on local networks with the credentials of the active Domain User.
    I don't know if the CP Page is recognized as a local Site?

    Hi mibo

    Sorry for the long absense.

    Can you elaborate 'login box like htaccess' a bit?  I'm a newbie so I don't have much knowledge with these issues.  But I'd like to try this as a possible solution.  You mention specifically IE, does it ork with other browsers too, like Firefox and Opera..?

    Looking forward to try this out

    regards

    Hanks


Locked