Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to join pfSense to Active Directory?

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 3 Posters 7.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • emammadovE
      emammadov
      last edited by

      Hello,

      I am new to pfSense. I want to join our pfSense to Active Directory because we don't want to enter DNS server of Active Directory server every time in each computer to join Domain Controller. I have used it In Kerio Control, it was easy, but don't how to do it in pfSense. Thanks in advance.

      Elvin

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        Just change the DNS servers in the dhcp-server settings?

        1 Reply Last reply Reply Quote 0
        • emammadovE
          emammadov
          last edited by

          So in that case, squid proxy will work? And what about, DNS Forwarder to Domain Controller, then it will be the same as you have mentioned?

          Elvin

          1 Reply Last reply Reply Quote 0
          • G
            garyd9
            last edited by

            As far as I'm aware, there's no way to "join" the pfsense machine to the AD.  What it sounds like is that you want machines on the network to use your AD for DNS?  If so, the answer is in how your network is configured for assigning IP address and DNS servers.  You'd want those machines to all use your AD DNS server (instead of the pfsense machine.)

            Is DHCP handled by your pfsense box?  If so, just configure the DHCP settings on pfsense to reference the AD DNS server as the proper DNS server.

            Is DHCP handled by a Windows AD machine?  If so, there's really nothing you need to do on your pfsense box.  (If you happen to be using pfsense to route between vlan's, you might consider setting up DHCP relay on your pfsense box to forward DHCP requests.)  (This is how I have my own network configured at home.)  This configuration has the advantage of Windows DHCP automagically adding DNS records for non-domain joined machines.

            What you CAN NOT do (as far as I've been able to discover) is to have DHCP on the pfsense box add DNS records to the Windows AD DNS server.

            Take care
            Gary

            1 Reply Last reply Reply Quote 0
            • emammadovE
              emammadov
              last edited by

              DHCP is handled by our pfsense box. Then I have to just change the DNS servers in the dhcp server settings, right? Then client computers will get ip address automatically by pfSense like this:
              IP: 192.168.1.x
              Subnet mask: 255.255.255.0
              Gateway: 192.168.1.1
              DNS: 192.168.1.50 (DNS of ADDS)

              I have denied some websites in Squid proxy, then in this case that websites will also be blocked in client computers?

              Elvin

              1 Reply Last reply Reply Quote 0
              • G
                garyd9
                last edited by

                @emammadov:

                DHCP is handled by our pfsense box. Then I have to just change the DNS servers in the dhcp server settings, right?

                …

                I have denied some websites in Squid proxy, then in this case that websites will also be blocked in client computers?

                I can't comment on the specific pfsense DHCP settings, as I don't have my own pfsense box set to do DHCP.  However, it should be a simple matter to set it up as you described, and then get a client machine to release and renew it's DHCP assignment to verify the expected settings are coming across.

                As for squid, I have no clue whatsoever.. but someone else should be able to help out. :)

                1 Reply Last reply Reply Quote 0
                • emammadovE
                  emammadov
                  last edited by

                  Adding DNS server of Active Directory in the DHCP server settings worked well.

                  Elvin

                  1 Reply Last reply Reply Quote 0
                  • G
                    garyd9
                    last edited by

                    If you haven't already, you might consider the advantages (in an AD environment) of having your windows server doing DHCP as well.  For example, if Windows is doing DHCP, the DHCP server can be configured to update the DNS server.  At that point, if you have multiple vlans, you'd also want to enable the DHCP relay function on pfsense (or on a L3 switch.)

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.