I am using the captive portal with RADIUS authentication and the FreeRadius package which speaks with our Active Directory server, this is working great!
I am curious as to how I allow/deny certain users or groups access through the captive portal. I was thinking of using the FreeRadius filter field to search for an attribute in LDAP, if this is set as "1" for example then allow users through the portal, otherwise deny.
currently, my search filter is: (samaccountname=%u)
Could I set this as something like ((samaccountname=%u)(faxNumber=1)) and set the Fax Number in Active Directory as "1" for all users I would like to be able to use the captive portal?
Any comments or suggestions are greatly appreciated.
i'll appologize in advance: i have no answer for your question.
i was just wondering what advantage is there for not using the AD directly from captive portal?
I am not sure what you mean, sorry. Is there an alternative method of authentication against Active Directory other than FreeRADIUS?
you can auth captive portal "directly" at AD. you'd have to add NPS as a server role on your windows server (network policy and access service).
there's a sticky post on this subsection of the forum https://forum.pfsense.org/index.php?topic=63791.0
^^^ at the bottom of that post is a link to a PDF that contains pictures/screenshots of the whole process