Squid Proxy / Filter using AD Groups for Access or non Access
-
Good Morning,
i am a pfsense-newbee and trying to set up some useful configurations.. Firewall and NAT etc.. everything ist fine so i am going to configure the squid Proxy. In different Networks i use Sophos and WatchGuard, so i am able to use AD_Groups to manage internet-Access by using Security-Groups like "Internet_Access_Full", "Internet-Access", and "No_Internet"..
So, i set up the Ad-Connection in pfsense, works fine, but i am not able to use the ad-Groups because i am not shure how to use the "Client (source)" in the Policy.. as i unterstood, there i have to set up the Connection to AD..?
Thanks for help!
-
Just some more Info:
My aim is, that users who are member of a Group can Access the Internet but i don't want them to enter their username and Password again, so i am Looking for a passthrough ad authentication..
If user ist loggend on PC with ad-account he shall be able to browse Internet, users who are not member of this Group shall not Access the Internet..If this is possible, in second step i want to difference between "Full Access" and "limited Access"... Maybe by using Group acl…
-
Check this link: https://journeyofthegeek.com/2017/12/30/pfsense-squid-kerberos/
It has the instructions on how to set kerberos auth through squid/squidguard. -
Thx for the link.. did all the steps… an got in same Problems as commented below.. Everything seems fine but i get authentication prompt when starting the browser… this error is loggend in real time list
WARNING: negotiateauthenticator #Hlpr3317 exited
-
@Schischi exist a third party called PF2AD, I create a video tutorial but is Spanish:
But u need 2 Pfsense boxes, https://www.pf2ad.com/
Greetings.
