Feature #3686


Distinguish services when sending authentication request to RADIUS server

Added by Jocelyn Viau about 10 years ago. Updated almost 6 years ago.

User Manager / Privileges
Target version:
Start date:
Due date:
% Done:


Estimated time:
Plus Target Version:
Release Notes:


I use RADIUS for authenticating users on different services on pfSense: Captive Portal, multiple OpenVPN servers, Web UI, etc. Each service would require different user access policies, as I do not want a VPN user to also be able to open the pfSense web UI.

At the moment (pfSense 2.1.3), I have not found any way to tell the RADIUS server which service the user is trying to connect to on pfSense and, therefore, apply a distinct policy on the RADIUS system for each service.

For example, it would be nice to be able to configure the content of the NAS-ID attribute for each service:
- ovpns1
- ovpns2
- captive portal
- pfsense webui
- ...

Actions #1

Updated by Chris Buechler about 10 years ago

  • Target version deleted (2.2)
  • Affected Version deleted (All)
Actions #2

Updated by Renato Botelho almost 6 years ago

  • Status changed from New to In Progress
  • Assignee set to Renato Botelho
  • Target version set to 2.4.4
Actions #3

Updated by Renato Botelho almost 6 years ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100

PR merged

Actions #4

Updated by A FL almost 6 years ago

I confirm that the fix is working.
NAS-Identifier now has a value based on the service that triggered a RADIUS request on latest Snapshots. Just checked with wireshark

This issue can be marked as resolved.

Actions #5

Updated by Jim Pingle almost 6 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF