That is the type of setup I was describing, where they sign on once (in Windows) and then further authentication happens in the background via Kerberos/LDAP/AD/etc.
I can't find the exact article I read before, but this describes sort of what I was talking about: http://klaubert.wordpress.com/2008/01/09/squid-kerberos-authentication-and-ldap-authorization-in-active-directory/ Which is still may not quite what the OP had in mind, but closer. You are correct that it isn't handled by anything in pfSense currently, but it doesn't seem out of the realm of possibility if someone had the knowledge (or money) for such a project. Jim Dimitri Rodis wrote: > Single Sign-on (aka one set of credentials) is one thing, the captive > portal's > ability to automatically _receive_ (and authenticate) the credentials from > the > requesting client/browser is another. Unless I'm misunderstanding, Ryan wants > to get rid of the username/password prompt from the captive portal, and have > the "current" windows logon credentials automatically pass to the captive > portal, which is currently not possible with pfSense-- ISA Server is the only > thing I know of that does this. > > Dimitri Rodis > Integrita Systems LLC > http://www.integritasystems.com > > > -----Original Message----- > From: Jim Pingle [mailto:li...@pingle.org] > Sent: Tuesday, April 21, 2009 1:18 PM > To: support@pfsense.com > Subject: Re: [pfSense Support] Can captive portal authenticate based on > windows login > > Ryan wrote: >>> Without seeing the CP screen, automatically logging them in with Windows >> credentials, no. You can authenticate them on. >>> the CP screen with RADIUS using their Windows credentials to IAS on a >> Windows Server DC (if you're using AD). >> >> >> I kinda thought that was the case. Thank you for your help Chris. Do you >> know of anything that might do this? > > I don't know if the Captive Portal can be coerced to support LDAP or > Kerberos, but I have heard of people achieving a single sign-on type > setup with Squid that way. > > Jim > > --------------------------------------------------------------------- > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
