How to Setting Squid on PFSense with Authentiaction LDAP Windows

Posted: July 8, 2013 in Netwok

I have Domain Controller running on Windows 2008 R2, then I have PFSense as Firewall and Proxy. All User Access Internet use Proxy, then I want Authentication User Proxy from Domain Controller. Below configuration from PFSense to get Authentication User from Active Directory Windows.

1. Authentication for User


2. Authentication for Group








CMIIW, Thanks Smile

  1. mio coir says:

    Hi can you please help me to set this up, I’ve been trying but not working

    Thank you

  2. glasolar says:

    nice work
    im new to pfsense and got the ldap working with the help of this article . here are the troubles i overcome … i think you should mention them in the article

    1. Time is everything : make sure the clock in your DC and Pfsense is synced

    2. Port port port : 389 must be entered ( or if you have ssl change it to … i dont remember what port it was … google it)

    3. if you have spaces in you OU names or user names in LDAP server user DN use ” ”

    example :

    CN=swadmin,OU=3rd Party Connection To LDAP,OU=Do Not Change Password&Deny Policies,DC=tbtb,DC=local

    should be changed to :

    CN=swadmin,OU=”3rd Party Connection To LDAP”,OU=”Do Not Change Password&Deny Policies”,DC=tbtb,DC=local

    3. in LDAP search filter : it should be sAMAccountName=%s not (sAMAccountName=%s) . loose () …mine dint work

    4. if you want to use groups the search filter should be something like this

    (&(objectCategory=user)(memberOf=CN=Internet BWShaping,OU=Internet BWShaping,OU=Groups,DC=tbtb,DC=local)(sAMAccountName=%s))

    you dont need ” in here …

    and one last thing … the user should be the member of the group you mentiond in above not member of a nested group … or else it dont work

    Ahah … i almost forgot …. make sure you add a rule to the pfsense firewall to pass txp and upd traffics to lan … otherwise you get nothing

    sorry for my weak knowledge of english

    and thanks again for the aticle

  3. Albert says:

    hi good day, I would like to ask if you have some screenshot for your captive portal connected to AD. Thanks and Hoping for your Great response.

  4. BTB says:

    Does this steps works for Windows 2012 AD. It didn’t work for me. The authentication pages comes but no luck

  5. berhanemtTB says:

    Thanks for your reply. I tried the steps and the authentication page comes but keeps on asking the username and password. (unable to authenticate from the AD). I don’t know what I missed here.

  6. That is a really good tip particularly to those fresh to the blogosphere.

    Short but very precise info… Thank you for sharing this one.
    A must read post!

    • aafikry says:

      Hi, Thanks for your comment.
      This blog not copy/paste, All I wrote with my experience 🙂
      So, CMIIW 🙂

  7. akha666 says:

    How to make LDAP search filter for multi groups ??

  8. its_my_style says:


    i have tried same scenario,but it was failed,

    on cache log its says,
    2014/10/10 09:44:27| helperOpenServers: Starting 0/0 ‘ssl_crtd’ processes
    2014/10/10 09:44:27| helperOpenServers: No ‘ssl_crtd’ processes needed.
    2014/10/10 09:44:27| helperOpenServers: Starting 5/5 ‘squid_ldap_auth’ processes
    2014/10/10 09:44:27| Accepting HTTP connections at, FD 28.
    2014/10/10 09:44:27| Accepting ICP messages at [::]:7, FD 29.
    2014/10/10 09:44:27| HTCP Disabled.
    2014/10/10 09:44:27| Loaded Icons.
    2014/10/10 09:44:27| Ready to serve requests.
    squid_ldap_auth: WARNING, could not bind to binddn ‘Invalid credentials’

    pls advice
    many thanks

Leave a Reply

Your email address will not be published. Required fields are marked *