Comments on: Authentication work ongoing in HEAD and RELENG_1

By: Vijay

Vijay — Mon, 20 Oct 2008 08:22:17 +0000

pfsense router cum firewall. this should have content filtering and LDAP integration for user level reports, what user have browsed at specific time.

By: Chris Buechler

Chris Buechler — Fri, 04 Jan 2008 16:18:02 +0000

The idea is to support a wide range of options including RADIUS. LDAP is just a start, it was done first because it allows integration into several common directory services (Active Directory, Novell, etc.).

While RADIUS is fine for basic username/password stuff, it doesn’t have the same capabilities of LDAP. For example, with the LDAP support and the new granular administrative access, you can have several Active Directory groups for different levels of pfSense admins, and assign different rights for each group. RADIUS doesn’t allow this same kind of tight integration.

By: Ryan Miller

Ryan Miller — Fri, 04 Jan 2008 03:25:32 +0000

Any reason this is using LDAP and not RADIUS, which seems to be the standard auth method for network gear? I guess both would be even better, of course.

By: Chris Buechler

Chris Buechler — Wed, 02 Jan 2008 00:35:19 +0000

This is strictly for authentication to the administrative interfaces, i.e. web interface, SSH.

You can already authenticate PPTP from 2000 or 2003 Active Directory using RADIUS (IAS) on Windows.

By: Steve

Steve — Mon, 31 Dec 2007 12:58:38 +0000

Can you summarize the advantages of this? For example: is it possible to sync PPTP accounts with a 2K3 domain?