Pfsense 2.1.4+squid 2.7.9+squidguard 1.4_4+NTLM authentication over AD Working



  • After long working hours, I finally manage to auth my users via NTLM over AD.
    Here's what i made ! (and sorry for my english ;) )

    I followed this forum : https://forum.pfsense.org/index.php?topic=58700.0
    I applied everything except what referred to dansguard.
    Installed samba and heimdal and everything needed.
    Followed everything about domain integration. Bref, everything expect dansguard and squid parts.

    (note that my squid and squidguard were functionnal before I started)
    For squid, i added this to my custom options :

    auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp;auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic;auth_param basic children 5;auth_param basic realm Squid;proxy-caching web server;auth_param basic credentialsttl 2 hours
    

    Finally, in auth settings, I set up the connection to LDAP.

    At this point, everything is OK except one point. Users can surf web without authentication. Logs are good and show username (seen in sarg reports) BUT, I was previously use a windows group to limit wich users can acces to the Internet.
    Now, all users can access and I can't manage to limit access via the group I previously used.

    If anyone has an idea about this point ;)



  • Is anyone that try this configuration ?
    Did you manage to use AD groups to limit access ?



  • Please :)
    Is there someone that try NTLM over AD and manage to limit internet usage to a specific group of AD ?



  • hello titus91360, how are you?

    What was the result of the tests? I'm doing the same thing with Dansguardian but it's not working (This is the topic: https://forum.pfsense.org/index.php?topic=82765.0), and I need a solution right away, I'm thinking about uninstall dansguardian and install Squidguard.

    Is everything working as expected?

    Thanks.



  • Hello,
    I finally managed to do what I want.
    For group filtering, I use the ldap filtering of squidguard. Everything is ok for me



  • Hi Titus, could you please attach a few prints showing your configuration?
    I'm still trying to do it :(

    thanks.


Log in to reply