Open Registration for Captive Portal?
I'm thinking about using pfsense as my firewall-solution, especially for having a proof if someone did something illegal using my internet connection.
I'm just wondering whether it would be possible to provide an open registration for the captive portal.
Alternatively it would be also OK if the user could change his password himself.
If that would not be possible, the owner (me) would always know the login credentials of the user.
So if someone would perform illegal activities on my network, how could I proof that it was NOT me? As I also know the login credentials it could also be me who logged in with them and did that illegal activity.
Thanks in Advance.
I don't think there is an easy way around. If you use static users you know the password. (Don't know if pfsense allows the change of the password). Perhaps in user manager allow only the user manager GUI to the users you created. then this users can login on pfsense web GUI, limited to the user manager page and change their password themselfe.
The other possibility I know is to use freeradius as backend of CP and then connect freeradius to your LDAP. Then the users password is saved on LDAP and not on pfsense or freeradius.
You can make a user in the User Manager, and if they only have the permission to "WebCfg - System: User Password Manager Page" then when they login to the GUI they only see a page to change their own password.
You could make a group, add that permission to the group, and then for users you want to be able to change their own password, add them to that group.