Description
This article describes how to setup captive portal authentication for the non-domain users/machines with the existing FSSO setup for domain users.
Solution
The setup requires FSSO based authentication and should create either a System local or a LDAP authentication for non-domain machines/users.
For FSSO setup, please refer to the cookbook here.
After the FSSO setup, create a User definition/group on the firewall using either LDAP authentication or System local.
Next, the firewall policy for non-domain machines/users have to be created below the FSSO based policy.
In the below example, the Policy ID 1 was created for domain users with FSSO authentication and Policy ID 2 was created for non-domain machines/users with captive portal authentication
The captive portal will be triggered for non-domain machines/users when attempting to access to the Internet as below:
Once the user has authenticated with the provided credentials, the user information is available on the firewall as below:
The user logon information in CLI:
# diagnose firewall auth list172.31.128.58, bobsrc_mac: 00:61:65:67:3a:01type: fw, id: 0, duration: 318, idled: 6expire: 239, allow-idle: 300flag(20): idleserver: LDAPpackets: in 709 out 429, bytes: in 670088 out 62470group_id: 2group_name: Non Domain Machines/users----- 1 listed, 0 filtered -----
