External RADIUS Auth w/Filter-ID for AD Group Membership

[infinisourcekc]

I'm a recent convert from pfSense and had the Web-Gui setup to auth against an external radius (windows server) box.  I noticed with OPNsense that in order to actually log into the OPNsense Web UI that any radius account that needs access has to be also defined as a local account.  Which seems counterproductive to me and doesn't really scale if I have to manager local user accounts in 2 places.

With pfSense I could specify a local group on the firewall and if the radius server returned the exact same name as the local group within the RADIUS AVP Filter-Id then you'd be allowed to log in.  Am I missing something as far as RADIUS is concerned?  If I don't set up a local user, then I get the "No page assigned to this user! Click here to logout." message.

[mimugmail]

Maybe you can open a feature request for it in GitHub? No idea if chances are good to get it done but worth a try