Advice on user management



  • I'm slowly getting my pfSense box set up how I want it. My scenario is I want to have maybe seven accounts:

    (a) admin
    (b) me (just for daily use, with unlimited internet access)
    © another user with same rights as me
    (d) two kids with restricted accounts
    (e) one more kid with restricted account with different rights to (d)
    (f) one unlimited access, time based guest wifi account

    and there are about 15 devices on our network.

    (a) is fine. (b) and (c) are coming along. I'm currently using FreeRADIUS2 and Captive Portal to manage those. Some devices are on a pass-through MAC list (like one of (c)'s devices, a printer, a PS3), there are one or two allowed IP addresses for school portals that (d) and (e) should always be able to access, no matter if they should otherwise be blocked.

    (f) is no problem, I'll probably set up a FreeRADIUS2 account with e.g. 30min access and daily resets. And every now and then I'll reset the password. Just so visitors can use our internet temporarily when they're over.

    What I'd like is to have some time based rules for (d) and (e), but an easy way to override those. So e.g. normally the kids should be allowed 30min internet access/day, but if one has an assignment that needs internet research I can give them e.g. another special account that allows more time. I thought if I make up more accounts as required that have e.g. 60min but never reset, so if they try to abuse the access the next day and the next it'll shortly run out.

    I have OpenVPN access to the pfSense webGUI and a tablet, so I can log in and do things easily as required. I.e. I can change settings easily on the fly to add/restrict access as required.

    Basically the problem is kids who have to do homework on the computer and log in to the school system, but then occasionally sneak devices into their room when they shouldn't and stay up late browsing youtube etc. But at other times youtube is fine, once all their responsibilities are done and before bedtime.

    My question is pretty vague, but essentially I want to know if I'm on the right track with FreeRADIUS2 and Captive Portal? Or will it not allow what I want to do? Another thing I came across before going down the FreeRADIUS2 path was to use a voucher-based system for the kids. Not sure if that would be easier/harder ...


Log in to reply