Authentication question for Local User Manger setting

bman212121 · Jan 30, 2015, 7:23 PM

So with the new release of 2.2, I'm interested if a question brought up in an old thread still holds true.

This thread: https://forum.pfsense.org/index.php?PHPSESSID=r5q6o80l117k4rj2dim0eg6i45&topic=60658.msg326709#msg326709

Is it now possible to point Captive Portal's authentication at the Local User Manager, and if Local user manager is using LDAP, be able to use LDAP credentials on the CP login page?

Thanks in advance.

valshare · Mar 26, 2015, 9:07 AM

i am interested too. I have a zentyal 4 server running and configured as an authentication server in pfsense. How can i use it for captive portal auth?

jimp · Mar 30, 2015, 2:41 PM

That's still not currently possible.

felix.wolfsteller · Nov 24, 2015, 10:03 PM

I'd like to see that, too.

There is issue5112 for that (https://redmine.pfsense.org/issues/5112, although yet unassigned).

Other threads suggest to install a radius somewhere and hook it up to your openldap, or to get the freeradius2 happy on the pfsense, which i will try now.

Still, the most obvious solution would be to use the anyway-configured ldap authentication server and the groups with respective privilege.

I think the issue mentioned above needs some love. I'd wish to have the time to peek into the authentication code.

felix.wolfsteller · Aug 3, 2017, 10:32 AM

I still have a toy-implementation that could be straightened up, but is this featured wanted in upstream?

jimp · Aug 7, 2017, 2:20 PM

It depends on how the solution was made.

What we'd like to see is:

1. Captive Portal adapted to use all settings from the User Manager, including defined Authentication Servers
2. Additional RADIUS settings moved from Captive Portal to the User Manager Auth Server RADIUS options where possible. Some settings may be specific to one portal and not others, but an admin could always define multiple RADIUS server profiles in the user manager to get the same effect, which is essentially what they're already doing now.

In doing that, Captive Portal would naturally pick up LDAP support as an authentication source without actually adding or touching any LDAP-specific code. The problem is adapting all of the RADIUS options in CP to the User Manager and making sure they are used in the correct context.