Access allowed after login to domain controller..

Hank · Sep 19, 2006, 6:54 AM

Hi,

pfsense's captive portal feature works great. In our case the win2003 box used as radius server hooked up to pfsense is also a domain controller.

I wonder if there is a way to force users to log in to the domain controller in order to be grated internet access through pfsense.

Can pfsense's captive portal be configured to check for authenticated domain users instead of getting login credentials from the radius server..?

regards

hank

hoba · Sep 19, 2006, 10:55 AM

Not unless somebody adds ldap support I think. Have a look at the squid proxy. It has ldap support but I'm unsure atm if this feature is working correctly or at all yet.

rjkruit · Oct 19, 2006, 7:22 AM

I've been trying to make pfsense work with our domain controller for several days now without success. Can you tell me what policy you made in IAS for pfsense?
To allow internet access to users that have allready authenticated to the domain controller wil indeed require LDAP support.

trendchiller · Oct 20, 2006, 11:24 AM

have a look here:

http://pfsense.org/mirror.php?section=tutorials/cp_config/radius_win2k3.htm

rjkruit · Oct 20, 2006, 5:18 PM

Thanks m8! It works like a charm! 8)

mibo · Oct 26, 2006, 9:03 AM

@ Hank

if you can change CP to use a login box like htaccess and use Internet Explorer it can be work.

IE with the default settings try to logon on local networks with the credentials of the active Domain User.
I don't know if the CP Page is recognized as a local Site?

I use this "feature" with a proxy server and Win2003 DC.

give it a try..?

rjkruit · Oct 26, 2006, 10:41 AM

Interesting idea. It should be working when you will be able to let the login script supply a domain name equal to your active directory domain. I think you should supply it as a realm name. I'm not sure though.

Hank · Dec 10, 2006, 2:24 PM

@mibo:

@ Hank

if you can change CP to use a login box like htaccess and use Internet Explorer it can be work.

IE with the default settings try to logon on local networks with the credentials of the active Domain User.
I don't know if the CP Page is recognized as a local Site?

Hi mibo

Sorry for the long absense.

Can you elaborate 'login box like htaccess' a bit? I'm a newbie so I don't have much knowledge with these issues. But I'd like to try this as a possible solution. You mention specifically IE, does it ork with other browsers too, like Firefox and Opera..?

Looking forward to try this out

regards

Hanks