Académique Documents
Professionnel Documents
Culture Documents
You can assign an Active Directory group to log in to PfSense’s web interface.
This article has a more elaborate discussion of two different methods to achieve an Active
Directory link, here I’ll just describe the LDAP one. RADIUS will work as well.
Create a PfSense group and add users who should be allowed to log in to PfSense.
Create a dedicated account for PfSense to connect to AD with, for example ‘pfsense-ad’. Give
the account a hard password, set it to never expire and do not make it a member of any particular
groups. This account is only used to establish the connection to Active Directory, not to perform
the actual authentication.
On PfSense
Define an Authentication Server: go to System > User Manager Authentication Servers
and click Add.
My AD information:
Domain: test.lab
Domain controller: server01.test.lab, 192.168.90.2
Dedicated AD connection user: pfsense-ad@test.lab
Click Save, then click the Edit icon for the group you just created and click Add.
Select WebCfg – All pages (or any other pages you want to assign – ‘WebCfg – All pages’
gives admin access) and click Save.
Point the User Manager to the new Authentication Server: go to System > User Manager >
Settings and set Authentication Server to AD-adminsgroup (the Authentication Server
you just created).
Now you can log into the PfSense web interface with your AD account if you are a member of
the right group.