Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
External RADIUS Auth w/Filter-ID for AD Group Membership
« previous
next »
Print
Pages: [
1
]
Author
Topic: External RADIUS Auth w/Filter-ID for AD Group Membership (Read 2042 times)
infinisourcekc
Newbie
Posts: 16
Karma: 1
External RADIUS Auth w/Filter-ID for AD Group Membership
«
on:
August 07, 2021, 12:46:33 am »
I'm a recent convert from pfSense and had the Web-Gui setup to auth against an external radius (windows server) box. I noticed with OPNsense that in order to actually log into the OPNsense Web UI that any radius account that needs access has to be also defined as a local account. Which seems counterproductive to me and doesn't really scale if I have to manager local user accounts in 2 places.
With pfSense I could specify a local group on the firewall and if the radius server returned the exact same name as the local group within the RADIUS AVP Filter-Id then you'd be allowed to log in. Am I missing something as far as RADIUS is concerned? If I don't set up a local user, then I get the "No page assigned to this user! Click here to logout." message.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: External RADIUS Auth w/Filter-ID for AD Group Membership
«
Reply #1 on:
August 07, 2021, 09:42:15 am »
Maybe you can open a feature request for it in GitHub? No idea if chances are good to get it done but worth a try
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
External RADIUS Auth w/Filter-ID for AD Group Membership