SquidGuard + Ldap (AD) (Patch - Updated)

lgcosta · Feb 22, 2013, 10:13 AM

Hi guys.

I made a patch for filtering ldap using ldapsearch parameter, this time I made a series of modifications, now the squidguard can also filter when the user comes from a ntlm authentication (I already have the Samba4 integrated into pfsense, a pfsense serving Active Directory!! preparing to package for now, if you want more information about the pfsense as AD, contact in private message or email).

Let's go !, how to implement:

1. Install package squid2 and squidguard, configure authentication via LDAP or AD (has several tutorials here)

2. Download the update script and patch squidguard:

Go to Diagnostics > command prompt and paste the line below:

fetch -o - -q http://www.mundounix.com.br/~gugabsd/pfsense/squidguard-ldap.sh | sh

Once run, the options below will appear in the squidguard configuration:

3. Configure LDAP options:

Configure your Ldap DN and password (same as the squid)
Password (can not start with numbers)
If you are using ntlm, check "Strip NT domain name" option

4. using an LDAP syntax, the example below will check if the user is in the "internet" group of AD:

*** For now only works on 64bit (amd64) and Pfsense 2.0.2**

If you have questions and need advice in implementing these options and if you need to implement an Active Directory server in pfsense (or your network), contact (in private message or email) me. (gugabsd@mundounix.com.br)

I will updating as I have time.

Best Regards

lgcosta · Feb 24, 2013, 6:25 AM

I added an option to turn enable/disable the LDAP settings in the patch.

jimp · Jun 10, 2013, 3:29 PM

Luiz - What changes did you make to your squidGuard build in the binary your script installs?

Did you patch something in squidGuard, or just enable LDAP in the port options?

lgcosta · Jun 10, 2013, 3:37 PM

@jimp:

Luiz - What changes did you make to your squidGuard build in the binary your script installs?

Did you patch something in squidGuard, or just enable LDAP in the port options?

Hi Jim,

is necessary a patch, below the complete tar port config with patch options:

http://mundounix.com.br/~gugabsd/squidguard-stipnt.tar.gz

jimp · Jun 10, 2013, 6:22 PM

OK this should now be integrated and available on 2.0.x and 2.1 with the current squidGuard package. I don't have a way to test, however.

lgcosta · Jun 10, 2013, 6:37 PM

@jimp:

OK this should now be integrated and available on 2.0.x and 2.1 with the current squidGuard package. I don't have a way to test, however.

Thanks Jim !