Authentication work ongoing in HEAD and RELENG_1

December 29th, 2007 by Scott Ullrich

Thanks to Centipede Networks it is now possible to login to pfSense RELENG_1 (development branch) via LDAP authentication !   In addition Centipede Networks sponsored bringing the multi user manager code from m0n0wall up to speed.  Expect to see some pretty nifty stuff in 1.3 that will surely be welcome to most pfSense admins.

If you have not checked out Centipede Networks you can find them at this URL.

5 Responses to “Authentication work ongoing in HEAD and RELENG_1”

  1. Steve Says:

    Can you summarize the advantages of this? For example: is it possible to sync PPTP accounts with a 2K3 domain?

  2. Chris Buechler Says:

    This is strictly for authentication to the administrative interfaces, i.e. web interface, SSH.

    You can already authenticate PPTP from 2000 or 2003 Active Directory using RADIUS (IAS) on Windows.

  3. Ryan Miller Says:

    Any reason this is using LDAP and not RADIUS, which seems to be the standard auth method for network gear? I guess both would be even better, of course.

  4. Chris Buechler Says:

    The idea is to support a wide range of options including RADIUS. LDAP is just a start, it was done first because it allows integration into several common directory services (Active Directory, Novell, etc.).

    While RADIUS is fine for basic username/password stuff, it doesn’t have the same capabilities of LDAP. For example, with the LDAP support and the new granular administrative access, you can have several Active Directory groups for different levels of pfSense admins, and assign different rights for each group. RADIUS doesn’t allow this same kind of tight integration.

  5. Vijay Says:

    pfsense router cum firewall. this should have content filtering and LDAP integration for user level reports, what user have browsed at specific time.

Please don’t post technical questions or off-topic comments. It is far more likely that your questions and concerns will be addressed effectively through one of our support channels.

Leave a Reply