LDAP Authentication for Captive Portal in 2.0 beta – is it working?
sk66 last edited by
We're trying to use LDAP authentication for our captive portal users with pfSense 2.0beta, and it doesn't work. I'm wondering if anyone has it working, or if I've missed something. This is what we've done:
Under System/User Manager, in the Servers tab, we've added a new server with the appropriate information. I know the information there is correct, since we are able to select the authentication containers with the pop-up – so the connection to the LDAP server works fine.
In the Settings tab, the Authentication Server is set to match the value from the step above. Save and test shows all (three) OK.
Under Diagnostics/Authentication -- we enter a username and password, and it works. Only valid entries are permitted, wrong passwords are shown as failures. However, it never seems to pull any group information -- but I don't think that matters.
Under Services/Captive Portal, I've enabled captive portal on the LAN (internal network) and selected Local User Manager as the Authentication setting.
When a user enters their username and password at the captive portal Web page, it never works -- even if we enter exatcly the same information that worked in the Diagnostics/Authentication page.
The system logs don't provide any additional information. The first image shows the log when I use the Diagnostics/Authentication feature for a login. The first attempt I used correct values, the second attempt I entered a wrong password. The second image shows the log when I login from the captive portal -- using correct values once, then incorrect a second time -- both fail in the captive portal page.
Any help or advice would be appreciated.
![Picture 2.png](/public/imported_attachments/1/Picture 2.png)
![Picture 2.png_thumb](/public/imported_attachments/1/Picture 2.png_thumb)
![Picture 3.png](/public/imported_attachments/1/Picture 3.png)
![Picture 3.png_thumb](/public/imported_attachments/1/Picture 3.png_thumb)
cmb last edited by
Captive portal is only supported with RADIUS or local users.