LDAP, Squid and multiple NICs

Hank

Hi,

We have a pfsense box with a WAN and two LAN NICs (school site).  We need the squid package to restrict access to certain websites and services.

NIC1's subnet (classroom net) has a win 2003 domain controller.    We want users on this subnet to authenticate with this domain controller BEFORE they get any access to the internet.

NIC2's subnet (dorm areas) does not have a separate domain controller, but we want the users to authenticate to get internet access as if they connect to the classroom net's domain controller.  This might be through the captive portal and radius if it cannot be solved through LDAP to NIC1's domain controller.

How much hassle should we expect if we install the LDAP and squid packages and try to mend it all together for a functionality described above?

Thanks for comments on the setup.  If this is tricky to get up and running, we have at least $300 available to a person having the necessary skills willing to help us ;-)

/hank

hoba

Squid's LDAP-feature didn't work last ime I tested it and I don't think that has changed yet. Besides that Squid got removed temporarily as it had some obscure issues at certain configurations that have not been reproducable but were affecting several people. Putting up a bounty to fix it might really help speeding up developement on it again.

jeroen234

@Hank:

Hi,

We have a pfsense box with a WAN and two LAN NICs (school site).  We need the squid package to restrict access to certain websites and services.

NIC2's subnet (dorm areas) does not have a separate domain controller, but we want the users to authenticate to get internet access as if they connect to the classroom net's domain controller.   This might be through the captive portal and radius if it cannot be solved through LDAP to NIC1's domain controller.

/hank

the freeradius package for pfsense will have soon suport for things like  controling users  on online time ,
restingting them to only connect on definend time's and dates
define the max time a user can be online a day,week,month,year
expel a user  afther a defined date

there is only  1  problem the captive portal can only work on 1 nic
and not on briges

Hank

@hoba:

Squid's LDAP-feature didn't work last ime I tested it and I don't think that has changed yet. Besides that Squid got removed temporarily as it had some obscure issues at certain configurations that have not been reproducable but were affecting several people. Putting up a bounty to fix it might really help speeding up developement on it again.

Does squid only control http(s) traffic or will it block any protocol?

Guest

Squid is an http proxy.  It will only work with http-speaking software that uses the /CONNECT method.

mhab12

You have a bounty!