Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    LDAP, Squid and multiple NICs

    pfSense Packages
    5
    6
    4634
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Hank last edited by

      Hi,

      We have a pfsense box with a WAN and two LAN NICs (school site).  We need the squid package to restrict access to certain websites and services.

      NIC1's subnet (classroom net) has a win 2003 domain controller.    We want users on this subnet to authenticate with this domain controller BEFORE they get any access to the internet.

      NIC2's subnet (dorm areas) does not have a separate domain controller, but we want the users to authenticate to get internet access as if they connect to the classroom net's domain controller.  This might be through the captive portal and radius if it cannot be solved through LDAP to NIC1's domain controller.

      How much hassle should we expect if we install the LDAP and squid packages and try to mend it all together for a functionality described above?

      Thanks for comments on the setup.  If this is tricky to get up and running, we have at least $300 available to a person having the necessary skills willing to help us ;-)

      /hank

      1 Reply Last reply Reply Quote 0
      • H
        hoba last edited by

        Squid's LDAP-feature didn't work last ime I tested it and I don't think that has changed yet. Besides that Squid got removed temporarily as it had some obscure issues at certain configurations that have not been reproducable but were affecting several people. Putting up a bounty to fix it might really help speeding up developement on it again.

        1 Reply Last reply Reply Quote 0
        • J
          jeroen234 last edited by

          @Hank:

          Hi,

          We have a pfsense box with a WAN and two LAN NICs (school site).  We need the squid package to restrict access to certain websites and services.

          NIC2's subnet (dorm areas) does not have a separate domain controller, but we want the users to authenticate to get internet access as if they connect to the classroom net's domain controller.   This might be through the captive portal and radius if it cannot be solved through LDAP to NIC1's domain controller.

          /hank

          the freeradius package for pfsense will have soon suport for things like  controling users  on online time ,
          restingting them to only connect on definend time's and dates
          define the max time a user can be online a day,week,month,year
          expel a user  afther a defined date

          there is only  1  problem the captive portal can only work on 1 nic
          and not on briges

          1 Reply Last reply Reply Quote 0
          • H
            Hank last edited by

            @hoba:

            Squid's LDAP-feature didn't work last ime I tested it and I don't think that has changed yet. Besides that Squid got removed temporarily as it had some obscure issues at certain configurations that have not been reproducable but were affecting several people. Putting up a bounty to fix it might really help speeding up developement on it again.

            Does squid only control http(s) traffic or will it block any protocol?

            1 Reply Last reply Reply Quote 0
            • ?
              Guest last edited by

              Squid is an http proxy.  It will only work with http-speaking software that uses the /CONNECT method.

              1 Reply Last reply Reply Quote 0
              • M
                mhab12 last edited by

                You have a bounty!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post