Feature #3686
closed
Distinguish services when sending authentication request to RADIUS server
100%
Description
I use RADIUS for authenticating users on different services on pfSense: Captive Portal, multiple OpenVPN servers, Web UI, etc. Each service would require different user access policies, as I do not want a VPN user to also be able to open the pfSense web UI.
At the moment (pfSense 2.1.3), I have not found any way to tell the RADIUS server which service the user is trying to connect to on pfSense and, therefore, apply a distinct policy on the RADIUS system for each service.
For example, it would be nice to be able to configure the content of the NAS-ID attribute for each service:
- ovpns1
- ovpns2
- captive portal
- pfsense webui
- ...
Updated by Chris Buechler almost 10 years ago
- Target version deleted (
2.2) - Affected Version deleted (
All)
Updated by Renato Botelho over 5 years ago
- Status changed from New to In Progress
- Assignee set to Renato Botelho
- Target version set to 2.4.4
Updated by Renato Botelho over 5 years ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
PR merged
Updated by A FL over 5 years ago
I confirm that the fix is working. NAS-Identifier now has a value based on the service that triggered a RADIUS request on latest Snapshots. Just checked with wireshark
This issue can be marked as resolved.
Updated by