pf2ad

Script to setup application Samba3 AD authentication in squid3 for pfSense® software

What is pf2ad ?

pf2ad is a script for automating installation via NTLM authentication environment / AD in squid3 for pfSense® software. The script already does all the work required to leave the pfSense® software compatible with AD and adds it as a member in the AD tree.

How to Run

The script is automatic, meaning you need not install anything, he will have to check the necessary dependencies and install the needed.

To make the application of change patches and NTLM authentication setting in pfSense® software, we will need version 2.2.5 of pfSense® software (amd64). Remember that this version is compatible (will install if you have not) with squid3 and SquidGuard-devel package, you will need web access or console (recommend using the console via ssh to monitor the process).

To apply the patch, just run the following command:

Changelog

  • 20170905001: Update to compatibility with version 2.3.4 of pfSense®
  • 20170224001: Update to compatibility with version 2.3.3 of pfSense®
  • 20161228010: Update to compatibility with a new version from Squid package (Details here)
  • 20160728001: Update to compatibility with version 2.3.2 of pfSense®
  • 20160520001: Update to compatibility with version 2.3.1 of pfSense®
  • 20160501001: Update to compatibility with version 2.3 of pfSense®
  • 20151211001: Update to compatibility with version 2.2.5 of pfSense®
  • 20151002005: Compatibility with updates squid3 package
  • 20151016003: Compatibility with updates squid3 package v. 0.4.1
News with Samba4 version
  • Enhancements in authentication (Now the default is kerberos, then NTLM and finally ldap as auth_basic)
  • Negotiate implementation
  • Finishing part of diagnostics in the gui (I still have to test and publish)

Script source

See the all updates and extra documentations about the project at Mundounix repository.

Version 2.3 Version 2.3.1

Need support ? Squidguard config ?

Make the implementation and configuration of pf2ad and LDAP filter configuration in squidGuard, within one hour of assistance via Teamviewer for US$ 75.00 (Paypal), Get more information by calling me there chatting in the lower right corner.

For the 2.3.3 version:

                        
fetch -q -o - https://projetos.mundounix.com.br/pfsense/2.3.3/samba3/pf2ad.sh | sh
                        
                    

For the 2.3.4 version:

                        
fetch -q -o - https://projetos.mundounix.com.br/pfsense/2.3.4/samba3/pf2ad.sh | sh
                        
                    

SAMBA 4 (beta) For the 2.3.4 version:

Source: https://gitlab.mundounix.com.br/pfsense/pf2ad/tree/2.3.3-SAMBA4

                        
fetch -q -o - https://pkg.mundounix.com.br/pfsense/2.3.4-samba4/samba/pf2ad.sh | sh
                        
                    

Questions ? Access the forum Mundounix

It will upgrade the system package, add a custom repository with samba version with AD support, will if necessary the installation of the dependent packages (squid3 and SquidGuard), apply changes to the Squid package code and the system menu to add configuration options of AD authentication.

If you still choose to use the web-based, use the option Diagnostics » command prompt as the image below:

Documentation

Screencasts

Below, a screencast demonstrating how to apply the script via terminal (ssh)

Once the patch is applied, check the options, as follows:

Procedure to add the pfSense® software in AD

Configure pfSense® software DNS to point to the AD server, with the options as follows

Configure the AD options

Once you apply the configuration, make sure the pfSense® software server was added in the tree Active Directory


Follow the procedure below a screencast


How to implement an LDAP filter in SquidGuard Optional

Did You Like It? Make a donation!

This script was written using hours of development, dedication and tests that came up to you. I will be very happy if my work this help you in something for your environment. Then I ask you to make a donation to the project so that I have resources to continue and maintain this and other projects.

You can make a donation via Paypal using credit card or Paypal balance

If you prefer other ways, please contact me by email: me@luizgustavo.pro.br

Support

  • US$ 120

    Per Year

    pf2ad Support

    • Full Updates
    • Deploy Help
    • Warranty Works
  • US$ 75

    Per Hour

    pfSense® software Consulting

    Solve your problem

    • Remote Access
    • Record all changes
    • Documentation

Contact

Send suggestions, criticisms to my email:

luizgustavo@mundounix.com.br