Multiple Captive Portals and Logging
So I managed to get captive portal working with Radius auth for windows domain accounts. so far so good.
What ultimately I'm trying to achieve, is 2 captive portals based on AD group menbership, one unrestricted internet access.
One with filtered access ( at least blocking porn, gambling, shopping etc websites) And also logging on both portals. Would like to have ability to record user activity; at least timestamps with username and websites visited. Can I do this with PFSense, are there packages or other addons I should look at, or am I going down the wrong rabbit hole for what i want to do?
You can't have two portals on the same subnet and you also can't have different rules for different captive portal users.
Sounds like maybe what you really want is 802.1x on your switches, which could maybe drop users in a different VLAN/subnet based on their authentication.
Or instead of a portal, block all outbound web access, setup squid + authentication and maybe you can filter by user/group there (plenty of threads about that already)
By far the easiest option would be 802.1x on the switches if your switches are capable.