Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - domg

Pages 1 2 3 4
#31
Development and Code Review / Re: Add a new authentication in plugin available in Proxy
July 27, 2016, 12:20:58 AM
Hi,

I'm still trying to find a way to retrieve the type of authentification method, is this possible ?
#32
Development and Code Review / Re: Add a new authentication in plugin available in Proxy
July 22, 2016, 10:50:52 PM
Hi,

I've made the following change to system_authservers.php, it adds a new type
Code Select

--- /usr/local/www/system_authservers.php.orig  2016-06-28 02:34:37.049306000 +0200
+++ system_authservers.php      2016-06-28 02:35:55.390666000 +0200
@@ -35,7 +35,8 @@
     'ldap' => gettext("LDAP"),
     'radius' => gettext("Radius"),
     'voucher' => gettext("Voucher"),
-    'totp' => gettext("Local + Timebased One Time Password")
+    'totp' => gettext("Local + Timebased One Time Password"),
+    'ssoproxyad' => gettext("SSO Proxy AD")
);


@@ -354,6 +355,7 @@
         $(".auth_ldap").addClass('hidden');
         $(".auth_voucher").addClass('hidden');
         $(".auth_totp").addClass('hidden');
+        $(".auth_ssoproxyad").addClass('hidden');
         if ($("#type").val() == 'ldap') {
             $(".auth_ldap").removeClass('hidden');
         } else if ($("#type").val() == 'radius') {
@@ -362,6 +364,8 @@
           $(".auth_voucher").removeClass('hidden');
       } else if ($("#type").val() == 'totp') {
           $(".auth_totp").removeClass('hidden');
+      } else if ($("#type").val() == 'ssoproxyad') {
+          $(".auth_ssoproxyad").removeClass('hidden');
         }
     });

Now in squid.conf template I can retrieve the name with "OPNsense.proxy.forward.authentication.method" but what about its type ?

TIA
#33
Development and Code Review / Add a new authentication in plugin available in Proxy
July 16, 2016, 02:03:01 PM
Hi,

I'd like to a add a new authentication mode (SSO Proxy AD) in Proxy if my plugin is enabled by default only 'Local database' is available. I only want to select this new mode to add the correct code in squid.conf with template.

How can I do this?
TIA
#34
Development and Code Review / Interact to OPNsense core from plugin
June 27, 2016, 11:56:21 PM
Hi,

I started to create a plugin to permit SSO authentification from proxy, so far I can get and set configuration and join the domain with kinit/msktutil.
How can I add a new authentification in proxy to add this code
Code Select
auth_param negotiate program "/usr/local/libexec/squid/negotiate_kerberos_auth
auth_param negotiate children 10
auth_param negotiate keep_alive on
acl password proxy_auth REQUIRED
and in /etc/rc.conf.d/squid
Code Select
squid_krb5_ktname="/usr/local/etc/proxy.keytab"

https://github.com/gitdevmod/plugins

Thanks in advance
#35
General Discussion / Re: Single sign on proxy
June 20, 2016, 01:49:23 PM
Hi,

I've implemented SSO with AD 2012R2 and Internet Explorer with kerberos (from base) and msktutil (from ports). It should not be too hard to add this feature, I'll give a try :)
#36
16.1 Legacy Series / Re: Setup Transparent Proxy, "Enable SSL mode" option not available
May 25, 2016, 07:47:07 AM
hi,

It was added in 16.1.9, https://forum.opnsense.org/index.php?topic=2771.0
#37
16.1 Legacy Series / Re: List plugins is empty
May 24, 2016, 06:19:25 PM
Hi,

I may be wrong but could you try to change to default in english ?
#38
French - Français / Re: Traduction
April 18, 2016, 12:29:46 AM
Quote from: PsykoGreG on April 16, 2016, 02:57:41 PM
Bonjour, y'a t il encore des personnes actives sur la partie de traduction française ?
Merci :)
Oui, dès que je peux :p
#39
French - Français / Re: Traduction
April 05, 2016, 06:51:37 PM
Quote from: PsykoGreG on April 05, 2016, 06:47:21 PM
Si vous êtes toujours a la recherche de volontaires :)
Toujours :)
Envoie un PM à franco, il te créera un compte sur https://translate.opnsense.org/
#40
16.1 Legacy Series / Re: Webfilter issue
March 29, 2016, 01:18:50 PM
Hi,

This issue is fixed iirc since 16.1.18 release. (https://github.com/opnsense/core/issues/824).
Please confirm with latest release if it's works :)
#41
French - Français / Re: Token Bucket
March 09, 2016, 09:49:37 PM
En fait, la version 15.1 utilisait pf+ALTQ et depuis la refonte c'est ipfw+dummynet. Il faudrait ouvrir un ticket sur github (en anglais) pour expliquer cette perte de fonctionnalité.
#42
French - Français / Re: Token Bucket
March 09, 2016, 06:32:41 PM
Bonjour,

Pour ajouter des règles de régulation de flux, il faut utiliser le "Traffic Shapper" qui se trouve dans le menu firewall.

Tu trouveras des exemples dans ce guide https://docs.opnsense.org/manual/how-tos/shaper.html
#43
French - Français / Re: Configuration simple ?
February 15, 2016, 02:31:23 PM
Quote from: Kuragari on February 15, 2016, 02:29:34 PM
Une autre petite chose, dans le NAT, est ce que tu es en mode : Automatic outbound NAT rule generation ?

Cela devrais te générer automatiquement une ligne du genre (moi j'ai plusieurs sous réseau privé, 10.0.1.0/24, 172.16.99.0/24 et 192.168.99.0/26) :

WAN   127.0.0.0/8 10.0.1.0/24 172.16.99.0/24 192.168.99.0/26   *   *   *   WAN address   *   NON   Règle auto créée

Les règles du firewall m'ont l'air correct.

Pourtant m0n0wall semble fonctionner avec la livebox et OPNsense est censé faire du NAT donc la livebox ne devrait voir que l'ip WAN d'OPNsense
#44
French - Français / Re: Configuration simple ?
February 13, 2016, 08:17:40 PM
Et du côté du NAT, menu Firewall: NAT: Outbound par défaut c'est en mode automatique.
As-tu réalisé des analyses de trames avec tcpdump ?
#45
French - Français / Re: Configuration simple ?
February 13, 2016, 04:35:42 PM
Bonjour,

Tout semble correct, est-ce que l'option "block private networks" sur l'interface WAN est bien décochée ?
Pages 1 2 3 4