Single User Multiple Radius Profiles?

hytek · Oct 6, 2011, 5:46 PM

Setup: 1 pfsense configured for Radius authentication, 1 Active Directory Server running IAS/Radius

Scenario: I would like to have my users use their Active Directory account to be able to log in to the Captive Portal. If they are part of an assigned group, they have access through the Captive Portal. However, some users would be allowed to have both Captive Portal Access and VPN access.

Questions:
1. Is this possible to do with a single Radius/Active Directory?
2. If yes, what configurations would I need to make to IAS to achieve this? (or any other service)

Thoughts/Notes: Basically the only authentication I want for the Captive Portal is for someone to be a part of an assigned group in Active Directory. LDAP authentication for the Captive Portal would be the ideal solution, but it was rejected even with a bounty for it! LDAP would allow simple access through the captive portal, and VPN I could configure Radius appropriately.

hytek · Oct 11, 2011, 1:01 PM

Figured out what was wrong.

Active Directory was setup only for Native 2000, and was not allowing me to select the option of "Control access through Remote Access Policy"

Once I upgraded the domain to a 2003 domain, the option became available and I was able to use the IAS policies to control access.

Cheers.