Re: [pfSense] ldap authentication against active directory fails with passwords containing the paragraph sign
I haven't tested with this setting as it was not available in earlier versiopns of pfSense but as a workaround you could setup AD-Access using a Radius-Server. See https://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory for further details. That worked fine for me using passwords that didn't work using ldap. Holger 2014-06-05 14:22 GMT+02:00 Jim Pingle li...@pingle.org: On 6/5/2014 8:02 AM, Freund, Ingo wrote: today a user complained about not being able to login to IPsec VPN on the pfSense via Shrew-Client 2.2.2 after he had changed his password. After some research and testing we have to report that passwords which contain the paragraph sign 'ยง' are not validated the right way. The message on the DC is: Wrong username or password. After changing the paragraph sign into e.g. the dollar sign, everything works fine. Is this a bug? Did you check UTF8 Encode on the LDAP server settings? If not, then such non-standard characters may not have been sent in the proper format for the server to understand. Jim ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] ldap authentication against active directory fails with passwords containing the paragraph sign
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Holger Bauer Sent: Thursday, June 05, 2014 3:05 PM To: pfSense Support and Discussion Mailing List Subject: Re: [pfSense] ldap authentication against active directory fails with passwords containing the paragraph sign I haven't tested with this setting as it was not available in earlier versiopns of pfSense but as a workaround you could setup AD-Access using a Radius-Server. See https://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory for further details. That worked fine for me using passwords that didn't work using ldap. Holger Hi, thank you for this advice. Jim already proposed a working solution. Ingo ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Squidguard Issues
For the past few days I was experiencing issues were squidguard did not always work. Finally this morning I stumble into the problem. It turns out that if you enable the save bandwidth feature in chrome you can access all the adult sites. If you shut the feature off everything is blocked as expected. I've test with android phone and iPad and it works the same. I guess my next question is what port is chrome using for this feature and how to we tell squidguard to also watch for content on this port that also needs to be filtered? ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Squidguard Issues
On 2014-06-06 08:38, Brian Caouette wrote: For the past few days I was experiencing issues were squidguard did not always work. Finally this morning I stumble into the problem. It turns out that if you enable the save bandwidth feature in chrome you can access all the adult sites. If you shut the feature off everything is blocked as expected. I've test with android phone and iPad and it works the same. I guess my next question is what port is chrome using for this feature and how to we tell squidguard to also watch for content on this port that also needs to be filtered? Based on https://developer.chrome.com/multidevice/data-compression , I suspect the answer is: Good luck! My guess is that it'll be using port 443 to an unpredictable subset of servers inside Google's address space, and I wouldn't be the slightest bit surprised if blocking that traffic pretty much just breaks Chrome on mobile altogether. Google, among others, is moving strongly in the direction of not allowing carriers (including local LAN admins) to silently interfere with HTTP(S) traffic in any way. The remaining way involves blocking all outbound HTTPS and forcing it all to go through a proxy server... although even there, I wouldn't be surprised if Chrome tunnels HTTPS-over-SPDY-over-HTTPS-over-HTTP(proxy). Please let us know what winds up working for you. -Adam ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] openvpn-auth-pam.so
Hi, I am interested in doing some two-factor authentication with openvpn under pfSense. The solution that I have relies on openvpn using its PAM plugin, which is normally included as part of openvpn in the form of the file openvpn-auth-pam.so. This file is omitted from pfSense. Is there an easy way to get it? If I have to do it the hard way, is there a guide to building the pfSense distro somewhere? Thank you. Robert W. Fuller Clarke County IT ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list