Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Logging username after pfsense in Sonicwall

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I Offline
      insurin
      last edited by

      pfsense latest version
      Captive Portal with Radius authentication via AD
      squid

      I have my users login with their AD credentials but when browsing the Internet my Dell Sonicwall is not logging the individual usernames but rather just the pfsense box itself. It is being treated as 1 single user rather than the 1500 individual users.  Therefore I am not logging their Internet access.

      Does anyone know how I can achieve this?

      1 Reply Last reply Reply Quote 0
      • H Offline
        heper
        last edited by

        you are more then likely double-nat  (once on pfSense & once on the sonic wall)

        how is the sonicwall supposed to log the users ? are you running a proxy on the sonicwall ??

        1 Reply Last reply Reply Quote 0
        • I Offline
          insurin
          last edited by

          Yes

          the pfsense is using NAT. I am not using a proxy on the Sonicwall.  For LAN users, there is a single sign on agent that runs that authenticates and logs activity.  It is Dell Analyzer that has the logs. It will log site visited by IP address, username etc.

          1 Reply Last reply Reply Quote 0
          • I Offline
            insurin
            last edited by

            ok

            I have my CP setup to authenticate via Windows Raduis. Can I just turn on Authentication method for Squid to Captive Portal and have that log website access by username on the pfsense box.

            My main question now is

            Is it possible to log internet activity by AD username on pfsense/squid.

            cheers

            1 Reply Last reply Reply Quote 0
            • M Offline
              muswellhillbilly
              last edited by

              This any good?

              https://forum.pfsense.org/index.php?topic=58700.0

              1 Reply Last reply Reply Quote 0
              • I Offline
                insurin
                last edited by

                Certainly is.

                I setup Squid on Ubuntu a few years back and had it all integrated with AD. However, most of my BYOD users will be using phones/tablets/non domain devices.

                I was hoping that just by selecting CP on the Squid authentication it would just work.

                CP.png
                CP.png_thumb

                1 Reply Last reply Reply Quote 0
                • M Offline
                  muswellhillbilly
                  last edited by

                  Non-domain devices won't have the credentials to pass on anything to AD if that's how you're setting the authentication at the CP. You may be able to set the passwords in AD to never expire (not recommended) and cache the credentials in the browser on your phone/tablet, but this isn't a great workaround.

                  1 Reply Last reply Reply Quote 0
                  • I Offline
                    insurin
                    last edited by

                    Thanks

                    I will start a new thread as this is going off topic.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.