Squid+Dansguardian with Active Directory (NTLM) Single Sign On WORKING!!!

percyiii

Well;
Have pretty given up. I even tried a new install and
pkg install http://e-sac.siteseguro.ws/packages/amd64/8/All/samba36-3.6.3.tbz does not work..
pkg install samba36 works but end result
kinit: krb5_init_context failed: 22
Is all I get..
Would be wonderfull if someone would rewrite this for a new install..
TIA
Percy

tk

I'm suffering with getting a 2.2 install running as well.
Sifting through a lot of the last few pages has at least got the warnings to go away but no actual ntlm auth occuring.
+1 for a modification of the original tutorial in a seperate thread perhaps?

marcelloc

@percyiii:

Well;
Have pretty given up. I even tried a new install and
pkg install http://e-sac.siteseguro.ws/packages/amd64/8/All/samba36-3.6.3.tbz does not work..
pkg install samba36 works but end result
kinit: krb5_init_context failed: 22
Is all I get..
Would be wonderfull if someone would rewrite this for a new install..
TIA
Percy

The samba pkg you tried to download is for freebsd 8.x.

pfsense 2.2 uses freebsd 10.

alxbob

I want to implement ldap kerberos squid authentication ! As far as i understand i wont use samba but why kdc is needed if i can use windows server kdc ?

alxbob

Anyone?

eduardogd

I'm using it as a lab, I've created two VM on Vbox and it can view etch other, but I can't pass this part:

6.  Services –> Firewall
  a.  Rules –> LAN tab – Create a proxy rule to allow TCP port 3128 to the LAN address for testing (will change later)
  b.  NAT –> Port Forward tab - Create a proxy port forward from LAN on port 3128 to the loopback adapter (127.0.0.1) for testing

could anyone show me how to do it?

ghosterius

I've also given up on this one getting back to pfSense 2.1.5. I would like to dig deeper on this one as I feel that I've been pretty close to achieving the solution but unfortunately at this time I have no time available at all to dedicate on this subject. :(

Once I have the time, if no one has found it yet, I'll redo it all again and document the changes.

atilaloise

Consegui fazer o Squid com NTLM. Funciona com o stable e com o squid 3!

https://drive.google.com/file/d/0BytRSGrf8eEXQzRvUXdNUUw2NTg/view

esse é o passo a passo.

espero que ajude

gdsnytech

@atilaloise:

Consegui fazer o Squid com NTLM. Funciona com o stable e com o squid 3!

https://drive.google.com/file/d/0BytRSGrf8eEXQzRvUXdNUUw2NTg/view

esse é o passo a passo.

espero que ajude

Hey do you have an english translation for this? thanks.

gdsnytech

@atilaloise:

Consegui fazer o Squid com NTLM. Funciona com o stable e com o squid 3!

https://drive.google.com/file/d/0BytRSGrf8eEXQzRvUXdNUUw2NTg/view

esse é o passo a passo.

espero que ajude

Also, does this implies Single Sign on? If not then how can i incorporate it with the set up? thanks.

gdsnytech

@sowen:

First: I don't mean to steal this thread…but there is an easier way to do much of this. Unless you absolutely must use NTLM.

look at
http://sourceforge.net/projects/squidtrust/files/SquidtrustIII/

or google "Squidtrust"

you will find a Perl authentication helper, and a workstation agent that can easily be integrated into a PfSense environment.
originally … I wrote the helper and agent to work on pfSense. I have been using them for over two years on a network w/800+ workstations and 2500+ users.

the short version:
Install the perl helper on pfSense, configure it to poll the agent for your desired user credentials.
run the agent on all workstations via login scrpt/GPO
ta-da...transparent user authentication.

read the docs for more detail.

How do you make this work? I have yet to have any success.

sowen

What's not working or what can't you get working ??

The client (SquidTrustIII) or the squid helper (perl script) side of things ??

gdsnytech

@sowen:

What's not working or what can't you get working ??

The client (SquidTrustIII) or the squid helper (perl script) side of things ??

The perl helper can not contact the client even with the windows firewall disabled.

I keep getting "ERR" when running test via SSH.

The helper input in Squid causes it to crash when it is applied in the customer settings area. I have tried it in both 'Before auth' section and 'integration' section.

DangerMouse

Great steps so far but im stuck at the point of joining the domain, i keep getting
cannot join as standalone machine

can anyone help with this?