Authentication work ongoing in HEAD and RELENG_1
Thanks to Centipede Networks it is now possible to login to pfSense RELENG_1 (development branch) via LDAP authentication ! In addition Centipede Networks sponsored bringing the multi user manager code from m0n0wall up to speed. Expect to see some pretty nifty stuff in 1.3 that will surely be welcome to most pfSense admins.
If you have not checked out Centipede Networks you can find them at this URL.
December 31st, 2007 at 8:58 am
Can you summarize the advantages of this? For example: is it possible to sync PPTP accounts with a 2K3 domain?
January 1st, 2008 at 8:35 pm
This is strictly for authentication to the administrative interfaces, i.e. web interface, SSH.
You can already authenticate PPTP from 2000 or 2003 Active Directory using RADIUS (IAS) on Windows.
January 3rd, 2008 at 11:25 pm
Any reason this is using LDAP and not RADIUS, which seems to be the standard auth method for network gear? I guess both would be even better, of course.
January 4th, 2008 at 12:18 pm
The idea is to support a wide range of options including RADIUS. LDAP is just a start, it was done first because it allows integration into several common directory services (Active Directory, Novell, etc.).
While RADIUS is fine for basic username/password stuff, it doesn’t have the same capabilities of LDAP. For example, with the LDAP support and the new granular administrative access, you can have several Active Directory groups for different levels of pfSense admins, and assign different rights for each group. RADIUS doesn’t allow this same kind of tight integration.
October 20th, 2008 at 4:22 am
pfsense router cum firewall. this should have content filtering and LDAP integration for user level reports, what user have browsed at specific time.