Messages

1

General Discussion / Re: Active Directory - SSO

« on: August 22, 2020, 04:27:11 pm »

My initial research shows that the only AD-sync that can be done is manually... While pfSense and most other enterprise platforms offer an AD sync option.

In most business networks, AD is used and AD credentials are reset regularly, most often by end users. If this firewall is used as the VPN concentrator, then user's will be constantly locked out until a resync is done or user's are manually added to the firewall....

Previously, there was indeed such a problem associated with both the Active Directory product itself and the server part, but the solution can be an additional protection in the form of two-factor authentication using one-time passwords using the adfs method. This method also works on adfs server which can act as a guarantor of such protection. Then you do not have to do manual synchronization and remove locks because all users will be securely logged in and have the same adfs sso support in the system. For this reason, I advise you to consider this analogy.

2

20.7 Legacy Series / Re: updatedb locate proper usage

« on: August 22, 2020, 04:18:07 pm »

Updates depend on the current user rights, try creating them with full administrator rights and making changes through them.

3

20.7 Legacy Series / Re: 20.7 Invalid Signature - kinda MITM?

« on: August 22, 2020, 04:16:41 pm »

This is the problem of updating the pocket itself, I had a similar situation only on versions earlier, try to do a rollback.