Hi all,
I am setting up a opnsense firewall with squid and LDAP(MS AD) auth. No need to be transparent.
I set a remote blacklist and now I want to use AD users and groups to tell who can and can't use that site. I can't find how on the webui, all I found was this thread: https://forum.opnsense.org/index.php?topic=16171.0.
Is there any other way to solve this? Cause if not I will start editing my custom extra configs to send there. As I need to be user and group (from AD) aware, I assume it must be on post-auth dir.
Thanks,
none
I think there is a useracl plugin for that.
Hi fabian, thanks for the reply. I think you mean:
Services: Web Proxy: Groups and Users
os-web-proxy-useracl (installed) 1.1_1 38.5KiB Group and user ACL for the web proxy
It doesn't remind me of the old acl lines as there were in the thread link I wrote. My main concerns are be able to write them and to maintain it between upgrades.
thanks,
none
dear all
this is very important feature, just wondering if this is actually supported or not
we have AD groups defined, can we apply ACL based on each group??
for example: secretaries group defined in AD cannot access Social Net webs
IT Dept group defined in AD can see all
Admins dept group defined in AD cannot see porns
Accounts dept group defined in AD cannot see games and porns
things of this nature I recall existed in pfsense so I think its doable in Opnsense.
any ideas pls?
To achieve what you guys want, you'd need to do the following:
1- add your AD\LDAP as authentication method in the firewall (that would be in system->Access->Servers).
2-set the authentication method in proxy setting (Administration->Forward Proxy->Authentication Settings)
3-Download the os-web-proxy-useracl plugin (you can access it in the proxy menu under logs)
4-You can create the group names (accounting,marketing,...etc) in the GUI then manually editing and the ACL as per my guide https://forum.opnsense.org/index.php?topic=16171.0 (https://forum.opnsense.org/index.php?topic=16171.0)