Hi David.
This shouldn't be a huge problem... You only need to setup Kerberos and
Samba in your PFSense BSD to Join it to your domain.
Then, via CLI you can create a keytab file for squid, and then complete
your squid config with lines for kerberos auth.
If kerberos works fine, you should have SSO with your Windows Domain
Clients.
Just have a look here and adjust this to your needs:
https://forum.pfsense.org/index.php?topic=58700.msg314806
If you will need it, I could send you a similar document but written for
my environment (squid on debian and Win2008 R2 as DC)
Good work :)
Nick
On 11/04/2015 20:07, David Latreyte wrote:
Hello,
thank you a lot for your answer.
We’ve already got a windows 2008R2 domain and some pfsense boxes acting as
firewall and routers. We now would like to add SSO authentication with squid. I
could build a debian box for that but everyone here like pfsense and we would
prefer dedicate that job to a new pfsense box.
This is why i’am wondering if a howto exists somewhere. Has someone installed
the samba4 freebsd package on pfsense ?
Bye
Le 11 avr. 2015 à 17:39, Nicola Ferrari (#554252) <[email protected]> a écrit :
Hi David.
Be patient for my english, I'm italian...
I suggest you to install a separated Samba4 appliance to have a DC in your
network, and then setup PFSense to authenticate users via LDAP or RADIUS
services.
Zentyal is one of the most common Samba4 appliances, that you can configure as
a DC and manage with a simple web interface or via CLI.
Have a nice weekend,
N
On 10/04/2015 23:27, David Latreyte wrote:
Hello all,
it’s really a great pleasure to use pfsense as a firewall or a router. We’ve
just built a new pfsense box in our organisation (in the LAN zone) with squid +
squidguard. Everything works perfectly so far so we are now wondering if it
exists somewhere an HowTo for the installation of samba 4 in order to
authenticate the users.
I’ve found videos on Youtube or some messages on the archive of this mailling
list but everything seems to me outdated or incomplete.
Thank you for your help and sorry for my english.
Bye
----
David Latreyte
[email protected]
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
--
+---------------------+
| Linux User #554252 |
+---------------------+
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
--
+---------------------+
| Linux User #554252 |
+---------------------+
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
