Messages

1

Spanish - Español / Re: CONFIGURACIÓN DE PROXY

« on: June 13, 2017, 08:51:25 pm »

Saludos

por acá todavía no logro establecer los permisos por grupo,

¿alguien ha podido? creo que volveré a Endian...

help!!!

2

17.1 Legacy Series / Re: Proxy filtering with Active Directory authentication

« on: June 08, 2017, 02:56:01 pm »

I have the same question.

I got the active directory ready for authenticate users, but I need to assign proxy access polices to groups of users of that active directory (I have the groups already created in windows server 2012 AD)...

• one group with full internet access
• one group without internet access (just local network)
• and one or two other groups with blacklist and whitelist (for disabling youtube, facebook, others... and enabling google searches, email web browsing)[/b]
  

I tried Endian too, but lags too much. I could only set two groups permissions (full and none access).

please help us!

3

16.7 Legacy Series / Re: Ldap icon Import Users

« on: January 18, 2017, 02:46:13 pm »

I would like to know if there´s a way for OPNsense to update the list of users automatically if In windows server I made a new user, because at the moment, when I add or change an user from a group in the AD LDAP, I have to go to the dashboard of opnsense and add it manually(cloud icon, and find the new user)...

4

Spanish - Español / Re: CONFIGURACIÓN DE PROXY

« on: January 18, 2017, 02:38:22 pm »

hola a todos,

tengo instalada la nueva versión y ya tiene la opción de proxy, la cual he habilitado,

tengo tambien en acceso, los usuarios de LDAP active directory, sin embargo aun no puedo establecer los permisos para cada grupo de usuarios del active directory.

5

Tutorials and FAQs / Re: Replace ISA server with OPNSense

« on: January 18, 2017, 01:02:41 pm »

I set the dns to the domain, I can import all users, now I need to set the restrictions of the internet...

I had the same proxie before, but It only worked with internet explorer, other web browsers just didn't pay attention to the rules...

I'll see what configurations can I do with proxy in OPNsense, any suggestions will be appreciate...

6

Tutorials and FAQs / Re: Replace ISA server with OPNSense

« on: January 17, 2017, 09:37:22 pm »

i just did it!

I tried using the ip of the domain instead of the domain name and it connected.

now i want to set the permissions for the users group. I have 3 on my AD, one group will have full access to internet, one will have access to a list of websites and the last one would not have access to any website.

any tips for doing it? thank you!

7

Spanish - Español / Re: Conectar con active directory LDAP Captive Portal

« on: January 17, 2017, 09:34:08 pm »

actualizando...

ya logré conectar, en lugar de colocar el host name, coloqué la IP y funcionó. el dns debe resolver el servidor de dominio interno no externo...


ahora quiero importar los grupos del active directory, y establecer los permisos de navegación a cada grupo, tendría

uno con acceso total,
uno con acceso a algunas páginas y
otro sin acceso a navegar...

he leido que esto se hace con el captive protal, también con el proxy, pero no sé cómo hacerlo...

8

Spanish - Español / Conectar con active directory LDAP

« on: January 17, 2017, 08:51:23 pm »

Saludos,

Instalé OPNSENSE con la intención de utilizar filtros web para un grupo de usuarios de un dominio del cual soy administrador. este dominio esta en windows server 2012, tiene su active directory, todo configurado con sus grupos y respectivos permisos.

el problema es que no he logrado conectar el servidor LDAP al opnsense, tengo acceso a internet ya configurado, solo falta eso... el firewall del opnsense tiene la regla para permitir las coneziones LDAP, por ahí no hay problema.

cuando intento agregar el servidor, luego de introducir los valores host, bind credentials (con el usuario adminsitrador de dominio) y colocar base DN, al dar select me da el error Could not connect to the LDAP server. Please check your LDAP configuration.

no sé si tenga que configurar algo adicional en el windows server(?)

por favor si alguien tiene alguna sugerencia, lo apreciaría mucho. puedo dar más detalles, si los necesitan no duden en preguntar...

gracias.

9

Tutorials and FAQs / Re: Replace ISA server with OPNSense

« on: January 17, 2017, 08:41:52 pm »

thanks for your reply, Mr Weust.

I've tried that configuration, but still the error of Could not connect to the LDAP server. Please check your LDAP configuration.

I've checkd the firewll, and it allows the ldap port, I'm using as bind credentials, an admin of the domain, I use in Base DN both DC=local and DC=com, after the DC=nameofdomain but same error...

I don't know if i'm missing something in the active directory, or windows server, or opnsense...

10

Tutorials and FAQs / Replace ISA server with OPNSense

« on: January 04, 2017, 09:52:41 pm »

Greetings and happy new year to you all.

I just entered to a company in which there's a domain host and an active directory set of users working, the rules for acceding the internet are controlled by an ISA server which depending on the user, gives permissions to web browse or not...( this ISA is microsoft 2006). as you all know, now-a-days ISA server is not a good tool for this functions(reason of me entering the company)... so I wanted to try the OPNSense to do this function.

They have windows server 2012.

So before getting in troubles for damaging something, I made a small testing lab in my office and I installed the latest version of OPNSense on a computer that I assembled with two network cards, I have enabled the internet access already. I used one card for wan, and another for lan.

Now I think the next step will be to enable the LDAP. all I've done is by following your docs, and here's the problem, after setting the firewall rule for letting the ldap pass, I went to the access, and Add server option, but after writing the DC=domainname,DC=com I click select but it always shows...

Could not connect to the LDAP server. Please check your LDAP configuration.

so i checked if the opnsense could see the windows server on the network, and yes they ping each other, no problem with that.

therefore I'm here to ask you if is there something I have to install on windows server, or something I'm missing... thank you guys, if you need more information, please ask and I will provide it.