Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal silent authentication on 2nd interface $500

    Expired/Withdrawn Bounties
    3
    6
    4.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bushtor
      last edited by

      Hi,

      In a school network we have two different subnet interfaces, LAN and OPT.  Our PFsense box is connected to a w2003 RADIUS server.  We want to use the 'normal' CP http login dialog (against RADIUS) on the LAN subnet, which of course works flawlessly.

      However, on the OPT subnet we need a 'silent' login CP against the same RADIUS server.  I.e. that users having logged their notebooks on to the domain should be granted internet access automatically through pfsense without having to log in a second time via CP's web dialog.

      Two obstacles here:

      1. CP currently cannot be used on more than one interface (workaround through VLANs?).

      2. CP need to support 'silent' login, i.e. checking if the workstation's current user is actually logged on to the domain.  M$ ISA server has this feature built in, but I want to avoid using ISA and would gladly spend som bucks to get this to work with pfsense ;-)

      Thanks for comments and suggestions.

      Payment via PayPal.

      regards

      Tor

      1 Reply Last reply Reply Quote 0
      • B
        bushtor
        last edited by

        Hi again,

        Are both issues here 'impossible'?

        1. Silent CP log in for users already logged in to a domain

        2. CP running on two interfaces

        If anyone has good knowledge of the CP functionality, please put down some lines about the (im)possibilities (or the lack thereof….)

        regards

        Tor

        1 Reply Last reply Reply Quote 0
        • C
          cybrsrfr
          last edited by

          To do the silent CP would require finding what users are logged into the domain and what IP or Mac address they are coming from.

          I searched for a way to see find out who is logged in this is what I found:

          PsLoggedOn
          http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx

          Additional Links
          http://www.averageadmins.com/blog/2006/04/11/finding-user-information-remotely/
          http://support.microsoft.com/kb/237282

          Still need to find the user's IP Address or MAC address in order to instruct Captive Portal what computers to allow.

          1 Reply Last reply Reply Quote 0
          • B
            bushtor
            last edited by

            Thanks mcrane for the input.

            Any other pfsense gurus who can comment with authority if CP on two interfaces is completely impossible or not..?

            Tor

            1 Reply Last reply Reply Quote 0
            • ?
              Guest
              last edited by

              Neither of these tasks are impossible.  Active Directory is just another flavor of ldap, so you could query the AD server directly if needs be.  In fact, the user manager in 1.3 probably already has some of the code you need.  As for making CP work on multiple interfaces, it's definitely possible, although it'd take some coding.  I know that some of the devs are already working on some CP enhancements for someone, maybe this could be folded in.

              1 Reply Last reply Reply Quote 0
              • B
                bushtor
                last edited by

                Good to hear, submicron.

                But I understand I shouldn't hold my breath.

                Please post here if you need these features, and - good ideas for solutions are also welcome ;-)

                regards

                Tor

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post