OPNsense Forum
English Forums => General Discussion => Topic started by: iam on July 26, 2018, 09:06:48 am
-
Hi,
I want to use my LDAP groups on OPNsense to give rights on it. This was possible with pfSense. So it would be very nice if this feature could be reimplemented.
Cheers,
iam
Some links:
https://forum.opnsense.org/index.php?topic=4729.0
https://github.com/opnsense/core/issues/360
-
Do you want it for VPN or device authentication?
-
Don't limit to just specific services, make it available to whatever service can do LDAP/AD authentication.
And of course users of the OPNsense box it self.
-
If this is being considered, please make it simple to not install the related LDAP/AD software. I personally would prefer OPNsense not become an easy target for lateral movement by bad guys. AD access to administrative access on OPNsense would open the network firewall and IPS to compromise once the bad guys have popped AD internally.
-
I agree with post #3, perhaps as an outboard plugin as usual, so is up to the user to add risky and/or unrelated to firewall functionality, plus avoid bloatware.
-
I also agree with post #3. And I don't think that the usage of LDAP groups makes the firewall insecure.
-
It isn't LDAP which is insecure. The problem are protocols allowing a pass the hash or relaying attacks such as https://en.wikipedia.org/wiki/SMBRelay
-
Hi
When I was working with OPNsense, I had This Problems:
1. In some cases, the web service is out of service
2. In some cases, during the work, Suricata is out of service
3. Lack of functionality of group's selection button all of rules
4. When SSH is actived on the two interfaces, none of them are actived
5. Despite the rolls have been actived, Suricata calls only its default rolls.
6. When communicating with the LDAP server, it communicates with the certificate at one time when communicating with it, and then it encounters a communication error with the certificate. (opnsense: LDAP bind error (Can't contact LDAP server))
Please tell me your solution
Thanks
-
Hi
When I was working with OPNsense, I had This Problems:
1. In some cases, the web service is out of service
2. In some cases, during the work, Suricata is out of service
3. Lack of functionality of group's selection button all of rules
4. When SSH is actived on the two interfaces, none of them are actived
5. Despite the rolls have been actived, Suricata calls only its default rolls.
6. When communicating with the LDAP server, it communicates with the certificate at one time when communicating with it, and then it encounters a communication error with the certificate. (opnsense: LDAP bind error (Can't contact LDAP server))
Please tell me your solution
Thanks
Can you open an own thread .. and with some background please?
It's impossible for others to work on your problems with just oneliners.