Dansguardian NTLM proxy auth

instabin

I cannot get the ntlm authentication to work
I have 2 groups default and pf_staff.

LDAP is setup and is pulling the users that are members for the pf_group

I changed the policy on the winodws 8 machine to LM & NTLM -use ntlmv2 security if negotiated.
.

Any ideas on why The proxy is not detecting the user?

marcelloc

@instabin:

Any ideas on why The proxy is not detecting the user?

Dansguardian will forward ntlm requests do squid. Did you configured squid to accept ntlm auth?

instabin

No I did not…
I will try this right now.
Thank you for the information.

instabin

Enabled auth on squid but still not working.

I have attached images of my config.

The users in dans were automatically added

dansldap.JPG_thumb

dansusers.JPG_thumb

squid.JPG_thumb

marcelloc

@instabin:

Enabled auth on squid but still not working.

You need samba on pfsense to join the AD.

instabin

Its pulling the user accounts. Why do I need samba?

Is there a tutorial I dont see a package

marcelloc

@instabin:

Its pulling the user accounts. Why do I need samba?

Is there a tutorial I dont see a package

To use ntlm, you need samba but with LDAP with auth popup don't.

There is a tutorial on Portuguese forum, I'll look for it and paste the link here for a Google translate. ;)

Gloom

@instabin:

Its pulling the user accounts. Why do I need samba?

Is there a tutorial I dont see a package

It's not Samba as such it's the winbindd bit that is required to get ntlm_auth to work but you don't get it without Samba

instabin

I see I found a package for samba.
Do you think it would work?

http://code.google.com/p/pfsense-cacheboy/

Gloom

I doubt it as the web page clearly states "Compiled and Installed on FreeBSD 7.2" and I'm assuming that you are on PFSense 2.0.1 which is based on FreeBSD 8.1

I'm not a great fan of putting packages on a firewall, I'd rather just build another server as a proxy but if you're willing to take the risk then do a pkg_add -r samba.

See

http://numberformatdata.wordpress.com/2010/12/11/samba-installation-on-freebsd/

It covers installing from package on 8.1.

I also wouldn't do this on a live firewall without running through it on a test setup and backing everything up first.

All that said there is probable someone on here who has done this and can offer better advice than me on the setup.

marcelloc

@marcelloc:

There is a tutorial on Portuguese forum, I'll look for it and paste the link here for a Google translate. ;)

http://forum.pfsense.org/index.php/topic,47532.msg249812.html#msg249812
http://forum.pfsense.org/index.php/topic,47532.msg250366.html#msg250366