Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid and LDAP

    Scheduled Pinned Locked Moved pfSense Packages
    6 Posts 3 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      nitsuj
      last edited by

      Hi

      I'm configuring a new install of pfsense and squid. I have authentication working against a windows 2003 AD server.

      I want to only allow some of my AD users access to the internet. I have been using IPcop which allows you to specify a group "Internet Users" in AD. So only users that are members of this group can browse.

      Is there a way to set this up in the Squid Proxy Server Authentication page? Or maybe there is another way to achieve this.

      Im wondering if I could use the "LDAP username DN attribute" or "LDAP search filter" input feilds to achive this.

      Any ideas?

      Thanks for your help

      1 Reply Last reply Reply Quote 0
      • N Offline
        nitsuj
        last edited by

        Got this sorted out with a nicely constructed search string in the LDAP search filter field, happy to give the solution if anyone needs it.

        1 Reply Last reply Reply Quote 0
        • jaderJ Offline
          jader
          last edited by

          That's a nice piece of info… allways better to know when you do not need it than otherwise.
          ;)
          Could you post it here ?

          Thanks

          Jáder

          1 Reply Last reply Reply Quote 0
          • N Offline
            nitsuj
            last edited by

            Here is the filter, I have a group in AD for internet users. I have no idea if this is the best way to do this.

            (&(sAMAccountName=%s)(memberof:1.2.840.113556.1.4.1941:=CN=Group for internet users,CN=Users,DC=yourdomain,DC=yourdomain,DC=yourdomain))

            1 Reply Last reply Reply Quote 0
            • marcellocM Offline
              marcelloc
              last edited by

              Can you send a screenshot of your squid ldap tab to help people who searches the forum?

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • N Offline
                nitsuj
                last edited by

                Oh yeah this is related to an earlier post:

                http://forum.pfsense.org/index.php/topic,41501.0.html

                The complete config for the Squid Proxy Server Authentication page can be found in the post.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.