Disable/Enable internet access to a group of users throught Captive Portal…



  • There is a way to lock or permit internet access by a group of users?

    Thanks in advance…



  • @sap68:

    There is a way to lock or permit internet access by a group of users?

    Thanks in advance…

    I think maybe captive portal and Radius Serer working together, maybe someone have experienced same need?



  • @sap68:

    There is a way to lock or permit internet access by a group of users?

    Thanks in advance…

    Anyone?  :(



  • It would probably help if you gave more details of your requirement.

    But just to get the ball rolling Enable Captive portal on a pfSense interface. Use local (to pfSense) authorization database. Create username and password for users you want to access the internet. The captive portal will block all access through the interface on which it is enabled EXCEPT to those who can quote a valid username and password.



  • @wallabybob:

    It would probably help if you gave more details of your requirement.

    But just to get the ball rolling Enable Captive portal on a pfSense interface. Use local (to pfSense) authorization database. Create username and password for users you want to access the internet. The captive portal will block all access through the interface on which it is enabled EXCEPT to those who can quote a valid username and password.

    Thanks for your response.
    I'm looking for this function: enable/disable internet access to a group of users, to avoid doing this one-by-one.
    I search through internet and forum but it seems a very difficult (or impossible?) …
    What do you think about it?

    Thanks again...



  • @sap68:

    @wallabybob:

    It would probably help if you gave more details of your requirement.

    But just to get the ball rolling Enable Captive portal on a pfSense interface. Use local (to pfSense) authorization database. Create username and password for users you want to access the internet. The captive portal will block all access through the interface on which it is enabled EXCEPT to those who can quote a valid username and password.

    Thanks for your response.
    I'm looking for this function: enable/disable internet access to a group of users, to avoid doing this one-by-one.
    I search through internet and forum but it seems a very difficult (or impossible?) …
    What do you think about it?

    Thanks again...

    Any idea on How doing that?
    It's even possible or not with pfsense?

    Thanks…



  • The requirements are too vague:

    What constitutes a group of users? Can users be tied to IP address? MAC address? …

    How many members in a group? How many groups?

    What triggers an enable or disable internet access for the group? (For example, disable on a particular date? disable on misdemeanor? disable on group "quota" reached? etc)



  • @wallabybob:

    The requirements are too vague:

    What constitutes a group of users? Can users be tied to IP address? MAC address? …

    How many members in a group? How many groups?

    What triggers an enable or disable internet access for the group? (For example, disable on a particular date? disable on misdemeanor? disable on group "quota" reached? etc)

    I'll try to give some req.:

    Users can be tie to IP address but I wish that this bond it will be transparent to users.
    A tipical exemple is users from WiFi: we don't know Mac address or IP of this users.
    The WiFi will bee free, but users are redirect to an authentication portal and at this moment we can tie IP and user.

    Our goal is then to enable/disable internet for some groups of this users (about 20/30 users) by a simple trigger of an administrator.
    Not for a date or quota…

    Thanks...



  • In pfSense version 2.1 snapshot builds the User Manager (System -> User Manager in web GUI) allows users to be assigned to groups and there is a group permission for "Login to captive portal".

    So it would appear you can accomplish what you describe by using "local authentication" in captive portal.

    I haven't tried this and I haven't checked availability in pfSense 2.0.x builds.



  • @wallabybob:

    In pfSense version 2.1 snapshot builds the User Manager (System -> User Manager in web GUI) allows users to be assigned to groups and there is a group permission for "Login to captive portal".

    So it would appear you can accomplish what you describe by using "local authentication" in captive portal.

    I haven't tried this and I haven't checked availability in pfSense 2.0.x builds.

    I try this method (local authentication) and also Radius server (internal and external), it worked very well BUT there is NO WAY to disable a group of users to access internet at the same time.

    It appears that it must be done one-by-one, and for my needs it's a mess.
    I wish to disable/enable internet access to a group of 20/30 users at the same time…

    It seems no possible with pfsense.

    [UPDATE]: I realize that this function is added in pfsense v. 2.1 beta.
    You can choose at group (or user) level if the user/group can authenticate to Captive Portal.


Locked