How to Setting Squid on PFSense with Authentiaction LDAP Windows

Posted: July 8, 2013 in Netwok

I have Domain Controller running on Windows 2008 R2, then I have PFSense as Firewall and Proxy. All User Access Internet use Proxy, then I want Authentication User Proxy from Domain Controller. Below configuration from PFSense to get Authentication User from Active Directory Windows.

1. Authentication for User

image

2. Authentication for Group

image

(&(memberOf=CN=InternetAccess,CN=Users,DC=dzikra,DC=local)(sAMAccountName=%s))

image

 

SNAGHTML252913

SNAGHTML25649c

 

CMIIW, Thanks Smile

Comments
  1. mio coir says:

    Hi can you please help me to set this up, I’ve been trying but not working

    Thank you

  2. glasolar says:

    nice work
    im new to pfsense and got the ldap working with the help of this article . here are the troubles i overcome … i think you should mention them in the article

    1. Time is everything : make sure the clock in your DC and Pfsense is synced

    2. Port port port : 389 must be entered ( or if you have ssl change it to … i dont remember what port it was … google it)

    3. if you have spaces in you OU names or user names in LDAP server user DN use ” ”

    example :

    CN=swadmin,OU=3rd Party Connection To LDAP,OU=Do Not Change Password&Deny Policies,DC=tbtb,DC=local

    should be changed to :

    CN=swadmin,OU=”3rd Party Connection To LDAP”,OU=”Do Not Change Password&Deny Policies”,DC=tbtb,DC=local

    3. in LDAP search filter : it should be sAMAccountName=%s not (sAMAccountName=%s) . loose () …mine dint work

    4. if you want to use groups the search filter should be something like this

    (&(objectCategory=user)(memberOf=CN=Internet BWShaping,OU=Internet BWShaping,OU=Groups,DC=tbtb,DC=local)(sAMAccountName=%s))

    you dont need ” in here …

    and one last thing … the user should be the member of the group you mentiond in above not member of a nested group … or else it dont work

    Ahah … i almost forgot …. make sure you add a rule to the pfsense firewall to pass txp and upd traffics to lan … otherwise you get nothing

    sorry for my weak knowledge of english

    and thanks again for the aticle

  3. Albert says:

    hi good day, I would like to ask if you have some screenshot for your captive portal connected to AD. Thanks and Hoping for your Great response.

  4. BTB says:

    Does this steps works for Windows 2012 AD. It didn’t work for me. The authentication pages comes but no luck

  5. berhanemtTB says:

    Thanks for your reply. I tried the steps and the authentication page comes but keeps on asking the username and password. (unable to authenticate from the AD). I don’t know what I missed here.

  6. That is a really good tip particularly to those fresh to the blogosphere.

    Short but very precise info… Thank you for sharing this one.
    A must read post!

    • aafikry says:

      Hi, Thanks for your comment.
      This blog not copy/paste, All I wrote with my experience 🙂
      So, CMIIW 🙂

  7. akha666 says:

    How to make LDAP search filter for multi groups ??

  8. its_my_style says:

    hi,

    i have tried same scenario,but it was failed,

    on cache log its says,
    2014/10/10 09:44:27| helperOpenServers: Starting 0/0 ‘ssl_crtd’ processes
    2014/10/10 09:44:27| helperOpenServers: No ‘ssl_crtd’ processes needed.
    2014/10/10 09:44:27| helperOpenServers: Starting 5/5 ‘squid_ldap_auth’ processes
    2014/10/10 09:44:27| Accepting HTTP connections at 192.168.54.21:3128, FD 28.
    2014/10/10 09:44:27| Accepting ICP messages at [::]:7, FD 29.
    2014/10/10 09:44:27| HTCP Disabled.
    2014/10/10 09:44:27| Loaded Icons.
    2014/10/10 09:44:27| Ready to serve requests.
    squid_ldap_auth: WARNING, could not bind to binddn ‘Invalid credentials’

    pls advice
    many thanks

Leave a Reply

Your email address will not be published. Required fields are marked *