Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Squid Proxy / Filter using AD Groups for Access or non Access

    Cache/Proxy
    3
    5
    426
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Schischi last edited by

      Good Morning,

      i am a pfsense-newbee and trying to set up some useful configurations.. Firewall and NAT etc.. everything ist fine so i am going to configure the squid Proxy. In different Networks i use Sophos and WatchGuard, so i am able to use AD_Groups to manage internet-Access by using Security-Groups like "Internet_Access_Full", "Internet-Access", and "No_Internet"..

      So, i set up the Ad-Connection in pfsense, works fine, but i am not able to use the ad-Groups because i am not shure how to use the "Client (source)" in the Policy.. as i unterstood, there i have to set up the Connection to AD..?

      Client_Source.JPG

      Thanks for help!

      1 Reply Last reply Reply Quote 0
      • S
        Schischi last edited by

        Just some more Info:

        My aim is, that users who are member of a Group can Access the Internet but i don't want them to enter their username and Password again, so i am Looking for a passthrough ad authentication..
        If user ist loggend on PC with ad-account he shall be able to browse Internet, users who are not member of this Group shall not Access the Internet..

        If this is possible, in second step i want to difference between "Full Access" and "limited Access"... Maybe by using Group acl…

        1 Reply Last reply Reply Quote 0
        • M
          mcury last edited by

          Check this link: https://journeyofthegeek.com/2017/12/30/pfsense-squid-kerberos/
          It has the instructions on how to set kerberos auth through squid/squidguard.

          SG-3100 22.05 / Unifi Flex Mini / Unifi NanoHD

          1 Reply Last reply Reply Quote 0
          • S
            Schischi last edited by

            Thx for the link.. did all the steps… an got in same Problems as commented below.. Everything seems fine but i get authentication prompt when starting the browser… this error is loggend in real time list

            WARNING: negotiateauthenticator #Hlpr3317 exited

            periko 1 Reply Last reply Reply Quote 0
            • periko
              periko @Schischi last edited by

              @Schischi exist a third party called PF2AD, I create a video tutorial but is Spanish:

              Pf2AD

              But u need 2 Pfsense boxes, https://www.pf2ad.com/

              Greetings.

              Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
              www.bajaopensolutions.com
              https://www.facebook.com/BajaOpenSolutions
              Quieres aprender PfSense, visita mi canal de youtube:
              https://www.youtube.com/c/PedroMorenoBOS

              1 Reply Last reply Reply Quote 0
              • First post
                Last post