Just a quick reminder that this guide, “Login To Pfsense Using Active Directory Accounts”, does not show us how to authenticate against a squid proxy server using active directory accounts. Rather, it explains how to log into the web configurator graphical user interface for pfsense router using active directory accounts.
Like always, this is going to be a practical hands off guide.
Recently, we had a need in a small company that employs pfsense router and Microsoft active directory, to allow some users who are part of an active directory group access to log into the pfsense server. To make this work, we had to configure our Microsoft active directory server with the names of these users and then configure pfsense to allow them login to the web Gui.
So far, we have used the pfsense router cum firewall and the packages that it provides to serve as a firewall and proxy for our corporate environment. We tasted the powers of SquidGuard, were we where able to filter contents, only allowing access to certain sites using the common ACL rule, while blocking access to every other thing.
In this guide, “PFSense Squid Active Directory Authentication”, we will go a step further to grant access to the internet and allowed sites only to those who need access while completely denying access to all those who do not need it using microsoft active directory authentication.
To get up to date with what we are doing here, please familiarize yourself with these guide:
The home folder is generally a users default directory which contains his or her personal files, programs, e.t.c whenever he/she logs in to the network. It is sometimes called the login directory. In this guide, “Home Folder on Samba4 “, we will follow best practice and avoid using the samba built-in [homes] section that dynamically shares the home directory to all users. According to samba documentation, https://wiki.samba.org/index.php/User_Home_Folders, using the home section, will involve some workaround and we may have to create each users home directory manually. Also, the [home] feature is currently not supported in the samba4 active directory domain controller.
In previous guides, we learnt how to install samba4 on a new debian server. We also learnt how to manage(add users, computers, GPO e.t.c) our samba4 active directory server using rsat on windows.
In this guide, we will do some more by enabling file sharing capabilities on samba4 active directory controller. This guide will aim to enable file sharing on the domain controller, much like on a windows domain controller.
Note: This may not be the best practice. I feel that it will be better to setup a seperate file server using samba4 or windows server flavors. However, we will go on with setting up a file share on our active directory server for a small office network.Read More
Univention corporate server also code-named UCS IS AN integrated identity and infrastructure management system that makes it easy to administrate applications, users and resources. Their website also claims that all “Server and desktop solutions can be administrated centrally and across different locations and platforms via an easy-to-use web interface”m
Visit https://www.univention.com/products/ucs/ for a more indepth look at this server for the home or corporate environments.
The univention corporate server comes with basically 4 editions or subscription levels.
In a previous guide, we successfully installed openfire and made some basic configuration to our openfire server. We have even gone further to login users added manually to our server. The bad news though, is that, manually adding users to our openfire server can be a hassle if we have a very large network of users.Read More