Text only | Text with Images

OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: elcocoloco on October 26, 2020, 03:40:02 PM

Title: Roadmap : Captive Portal Auto-Login for Active Directory authentications
Post by: elcocoloco on October 26, 2020, 03:40:02 PM
Hi,

Any timeframe when we can expect this feature? Able to alpha / beta test if necessary, also volunteering for documentation on that part
Title: Re: Roadmap : Captive Portal Auto-Login for Active Directory authentications
Post by: mb on October 27, 2020, 12:47:56 AM
Hi @elcocoloco, most probably early Q1/2021. Thanks for that!. We'll be happy to send you the first beta for your review and comments ;)
Title: Re: Roadmap : Captive Portal Auto-Login for Active Directory authentications
Post by: elcocoloco on October 27, 2020, 12:38:10 PM
Thanx MB :-) For now, let me know if I understand correctly

Is the following possible right now?

'default' users (as in : NOT logged in via Captive Portal (AD)) will get the default policy within Sensei
authorized users (as in : logged in via Captive Portal (AD)) will get the 'assigned' policy within Sensei

Meaning, everyone has the default policy, unless they decide to login via Captive Portal (afterwards)

Thanx

Title: Re: Roadmap : Captive Portal Auto-Login for Active Directory authentications
Post by: mb on October 27, 2020, 11:38:55 PM
Hi @elcocoloco, yes, that is possible as of now:

If you create a policy and assign some AD groups/users to this policy, only those authenticated via Captive Portal through AD will be assigned to that policy. All others will match default policy.

Having said that, curious about your use-case: since unauthenticated users will not be able to access the internet anyhow (since they're not authenticated via Captive Portal) does matching Sensei's default policy have a real effect on them?
Title: Re: Roadmap : Captive Portal Auto-Login for Active Directory authentications
Post by: elcocoloco on October 28, 2020, 09:15:49 AM
Yeah that's the problem, Captive Portal is interface based, so it's not possible imo. For now ideally would be :

- An unauthorized user should be able to access the internet with the default sensei policy
- An authorized user should be able to access the internet with an assigned sensei policy

We are using RDS 2012 R2 and they are already authorizing (user / pw / 2FA), adding another manual authorization will get me killed  ;D

But the auto AD logon solves it all, thanx.


Title: Re: Roadmap : Captive Portal Auto-Login for Active Directory authentications
Post by: mb on October 28, 2020, 09:43:55 PM
QuoteWe are using RDS 2012 R2 and they are already authorizing (user / pw / 2FA), adding another manual authorization will get me killed  ;D

I hear you :)

QuoteBut the auto AD logon solves it all, thanx.

We'll be in touch.
Title: Re: Roadmap : Captive Portal Auto-Login for Active Directory authentications
Post by: elcocoloco on July 15, 2021, 09:23:37 AM
Quote from: mb on October 27, 2020, 12:47:56 AM
Hi @elcocoloco, most probably early Q1/2021. Thanks for that!. We'll be happy to send you the first beta for your review and comments ;)

Hi MB,

Any timeframe on a release for this function (or has it been released)? If not we've got to move to another solution unfortunately, can't explain the monthly cost anymore ;-)
Text only | Text with Images