Samba4 package and extend services with pfsense



  • Hi guys !

    I have worked in the Samba4 package for pfsense, not only act as a                                                                                                   
    domain member, but also act as a domain controller and i see this as an                                                                                               
    opportunity to extend the pfsense to be more than a firewall and act as                                                                                               
    a new service on the network in a new installation in another hardware                                                                                               
    to act as a domain controller in Active Directory with power tools                                                                                                   
    native firewall.

    I already have some environments into production with it, but without a                                                                                               
    gui for configuration files.

    Of course this will impact other things in the environment, such as file                                                                                             
    management (for samba shares). But I think with a friendly tool and                                                                                                   
    having own environment as an extension of the samba configuration, the                                                                                               
    environment does not get so complicated it may seem.

    To back up these files, we can take the help and recommendation of use                                                                                               
    of package bacula.

    Here are a few things that are in development:

    Inital samba4 setup:                                                                                                                                                 
    https://www.diigo.com/item/image/3lt7m/bw9t

    Squid with support to ntlm authentication:                                                                                                                           
    https://www.diigo.com/item/image/3lt7m/94v8

    Squidguard with support to read users from a domain Active Directory and                                                                                             
    filter based on a ldap search:                                                                                                                                       
    https://www.diigo.com/item/image/3lt7m/ugsa                                                                                                                           
    https://www.diigo.com/item/image/3lt7m/o3yn

    Any opinion about this will be very welcome!

    Thanks !



  • I would like to see it because it would certainly cut down on the number of steps to get this to work:  http://forum.pfsense.org/index.php/topic,58700.0.html.

    I would definitely include options to restrict which interfaces it is enabled on though.



  • Sorry for the translator, original text in Spanish, greetings from Chile

    Thanks for your work, helped me a lot to optimize resources and until recently trek to Samba4 (formerly Samba 3 with OpenLDAP) I head tube integration with SquidGuard groups and note your upgrade and "ta .. so .." everything working now more samba 4 .. Great. I have title of programmer but I detoured on the way to "Software - Hardware" (the last thing Cliper schedule was 15 years ago), but any help in your test or other service.

    Español
    Gracias por tu trabajo, me ha ayudado bastante para optimizar recursos y hasta hace poco emigre a Samba4 (antes Samba 3 con OpenLdap) me tubo de cabeza la integración por grupos con SquidGuard y note tu actualización y "ta ..tan.." todo funcionando ahora mas samba 4 ..Genial. Tengo titulo de programador pero me desvie en el camino al "Software - Hardware" (lo ultimo que programe fue en Cliper hace como 15 años), pero cualquier ayuda en Test u otros a tu servicio.
    Perdón por traductor texto original en Español saludos desde Chile





  • More information (screencast) about this package:

    Youtube Video



  • I am very interested in this.  Do you have something I can test, or maybe some brief instructions.  The main thing I'm interested in is providing a Samba4 PDC for my home network.



  • @churnd:

    I am very interested in this.  Do you have something I can test, or maybe some brief instructions.  The main thing I'm interested in is providing a Samba4 PDC for my home network.

    Good morning,

    who want to experiment with the functionality of Samba4 acting as a member of AD and making authentication transparent to the ad via ntlm, can deploy the package by the script below (via command execution -> Diagnostics: Execute command):

    fetch -o - -q http://www.mundounix.com.br/~gugabsd/pfsense/teste/samba-teste-amd64.sh | sh

    This will install Samba4 there and a lot of work … do not worry, after running it, will appear in the option menu Samba4 services and the option to authenticate via ntlm in squid. (to operate, install squid 2 first before running this script)

    For now, it is 100% functional act as MEMBER, other'm developing, mainly to serve as part of the AD server.

    ATTENTION BUT, FOR THE LOVE OF GOD!! DO NOT TURN IT IN PRODUCTION ENVIRONMENT, I'm releasing a mere interest and development of opnion guys ... If you need to put this into production yesterday, contact me via consultancy (www.mundounix.com.br)

    Thanks



  • I did your patch..

    Warning: Invalid argument supplied for foreach() in /usr/local/www/pkg_edit.php on line 433

    I get when I go to the share tab..

    Crash report begins.  Anonymous machine information:

    amd64
    8.3-RELEASE-p7
    FreeBSD 8.3-RELEASE-p7 #1: Sun Apr  7 15:33:13 EDT 2013    root@snapshots-8_3-amd64.builders.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8

    Crash report details:

    PHP Errors:
    [08-Apr-2013 05:12:31 EST5EDT] PHP Fatal error:  Cannot redeclare get_real_interface_address() (previously declared in /usr/local/pkg/havp.inc:1044) in /usr/local/pkg/samba4.inc on line 318



  • @Luiz:

    @churnd:

    I am very interested in this.  Do you have something I can test, or maybe some brief instructions.  The main thing I'm interested in is providing a Samba4 PDC for my home network.

    Good morning,

    who want to experiment with the functionality of Samba4 acting as a member of AD and making authentication transparent to the ad via ntlm, can deploy the package by the script below (via command execution -> Diagnostics: Execute command):

    fetch -o - -q http://www.mundounix.com.br/~gugabsd/pfsense/teste/samba-teste-amd64.sh | sh

    This will install Samba4 there and a lot of work … do not worry, after running it, will appear in the option menu Samba4 services and the option to authenticate via ntlm in squid. (to operate, install squid 2 first before running this script)

    For now, it is 100% functional act as MEMBER, other'm developing, mainly to serve as part of the AD server.

    ATTENTION BUT, FOR THE LOVE OF GOD!! DO NOT TURN IT IN PRODUCTION ENVIRONMENT, I'm releasing a mere interest and development of opnion guys ... If you need to put this into production yesterday, contact me via consultancy (www.mundounix.com.br)

    Thanks

    Thanks for this.  I hope your work keeps up.  I don't have a use for setting up a member yet as I need a PDC, so not running it yet.  Tried it out in a VM & it seemed to install OK.  Didn't get past that since I have no PDC to join.  Keep up the good work.  Thanks.


Log in to reply