Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense 2.1.4+squid 2.7.9+squidguard 1.4_4+NTLM authentication over AD Working

    Scheduled Pinned Locked Moved pfSense Packages
    6 Posts 2 Posters 3.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      titus91360
      last edited by

      After long working hours, I finally manage to auth my users via NTLM over AD.
      Here's what i made ! (and sorry for my english ;) )

      I followed this forum : https://forum.pfsense.org/index.php?topic=58700.0
      I applied everything except what referred to dansguard.
      Installed samba and heimdal and everything needed.
      Followed everything about domain integration. Bref, everything expect dansguard and squid parts.

      (note that my squid and squidguard were functionnal before I started)
      For squid, i added this to my custom options :

      auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp;auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic;auth_param basic children 5;auth_param basic realm Squid;proxy-caching web server;auth_param basic credentialsttl 2 hours

      Finally, in auth settings, I set up the connection to LDAP.

      At this point, everything is OK except one point. Users can surf web without authentication. Logs are good and show username (seen in sarg reports) BUT, I was previously use a windows group to limit wich users can acces to the Internet.
      Now, all users can access and I can't manage to limit access via the group I previously used.

      If anyone has an idea about this point ;)

      1 Reply Last reply Reply Quote 0
      • T
        titus91360
        last edited by

        Is anyone that try this configuration ?
        Did you manage to use AD groups to limit access ?

        1 Reply Last reply Reply Quote 0
        • T
          titus91360
          last edited by

          Please :)
          Is there someone that try NTLM over AD and manage to limit internet usage to a specific group of AD ?

          1 Reply Last reply Reply Quote 0
          • D
            damasceno
            last edited by

            hello titus91360, how are you?

            What was the result of the tests? I'm doing the same thing with Dansguardian but it's not working (This is the topic: https://forum.pfsense.org/index.php?topic=82765.0), and I need a solution right away, I'm thinking about uninstall dansguardian and install Squidguard.

            Is everything working as expected?

            Thanks.

            1 Reply Last reply Reply Quote 0
            • T
              titus91360
              last edited by

              Hello,
              I finally managed to do what I want.
              For group filtering, I use the ldap filtering of squidguard. Everything is ok for me

              1 Reply Last reply Reply Quote 0
              • D
                damasceno
                last edited by

                Hi Titus, could you please attach a few prints showing your configuration?
                I'm still trying to do it :(

                thanks.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.