Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - cristian_asir

Pages: [1]

General Discussion / Nextcloud question

« on: May 23, 2019, 04:24:12 pm »

Hello,

In my home I have a server connected to my router and I have one server with nextcloud configured using Kubuntu (similar Ubuntu). I have this server in a different network.

Server - - > 192.168.0.16
OPNsense - - >10.109.2.80

Help, thanks.

Web Proxy Filtering and Caching / error with format of squid.keytab

« on: May 16, 2019, 09:47:43 am »

Password for Administrador@PROXY.ASIR:
-- init_password: Wiping the computer password structure
-- generate_new_password: Generating a new, random password for the computer account
-- generate_new_password: Characters read from /dev/urandom = 77
-- get_dc_host: Attempting to find Domain Controller to use via DNS SRV record in domain PROXY.ASIR for procotol tcp
-- validate: Found DC: dominio45.proxy.asir. Checking availability...
-- get_dc_host: Found preferred Domain Controller: dominio45.proxy.asir
-- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-0WoRb4
-- destroy_g_context: Destroying Kerberos Context
-- initialize_g_context: Creating Kerberos Context
-- finalize_exec: SAM Account Name is: OPNSENSE-K$
-- try_machine_keytab_princ: Trying to authenticate for OPNSENSE-K$ from local keytab
-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Generic preauthentication failure)
-- try_machine_keytab_princ: Authentication with keytab failed
-- try_machine_keytab_princ: Trying to authenticate for OPNSENSE-K$ from local keytab
-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Generic preauthentication failure)
-- try_machine_keytab_princ: Authentication with keytab failed
-- try_machine_keytab_princ: Trying to authenticate for host/opnsense.proxy.asir from local keytab
-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database)
-- try_machine_keytab_princ: Authentication with keytab failed
-- try_machine_password: Trying to authenticate for OPNSENSE-K$ with password
-- create_default_machine_password: Default machine password for OPNSENSE-K$ is opnsense-k
-- try_machine_password: Error: krb5_get_init_creds_keytab failed (Preauthentication failed)
-- try_machine_password: Authentication with password failed
-- try_user_creds: Checking if default ticket cache has tickets
-- finalize_exec: Authenticated using method 5
-- LDAPConnection: Connecting to LDAP server: dominio45.proxy.asir
SASL/GSSAPI authentication started
SASL username: Administrador@PROXY.ASIR
SASL SSF: 256
SASL data security layer installed.
-- ldap_get_base_dn: Determining default LDAP base: dc=PROXY,dc=ASIR
-- ldap_check_account: Checking that a computer account for OPNSENSE-K$ exists
-- ldap_check_account: Checking computer account - found
-- ldap_check_account: Found userAccountControl = 0x1000
-- ldap_check_account: Found supportedEncryptionTypes = 28
-- ldap_check_account: Found dNSHostName = opnsense.proxy.asir
-- ldap_check_account: Found Principal: host/opnsense.proxy.asir
-- ldap_check_account: Found Principal: HTTP/OPNsense.proxy.asir
-- ldap_check_account: userPrincipal specified on command line
-- ldap_check_account_strings: Inspecting (and updating) computer account attributes
-- ldap_check_account_strings: Found userPrincipalName = HTTP/OPNsense.proxy.asir@PROXY.ASIR
-- ldap_check_account_strings: userPrincipalName should be HTTP/OPNsense.proxy.asir@PROXY.ASIR
-- ldap_check_account_strings: Nothing to do
-- ldap_set_supportedEncryptionTypes: No need to change msDs-supportedEncryptionTypes they are 28
-- ldap_set_userAccountControl_flag: Setting userAccountControl bit at 0x200000 to 0x0
-- ldap_set_userAccountControl_flag: userAccountControl not changed 0x1000
-- ldap_get_kvno: KVNO is 4
-- set_password: Attempting to reset computer's password
-- set_password: Try change password using user's ticket cache
-- ldap_get_pwdLastSet: pwdLastSet is 132024662198350819
-- set_password: Successfully set password
-- remove_keytab_entries: Trying to remove entries for OPNSENSE-K$ from keytab
-- execute: Updating all entries for computer account OPNSENSE-K$ in the keytab WRFILE:/usr/local/etc/squid/squid.keytab
-- update_keytab: Updating all entries for OPNSENSE-K$
-- add_principal_keytab: Adding principal to keytab: OPNSENSE-K$
-- get_salt: Using salt of PROXY.ASIRhostopnsense-k.proxy.asir
-- add_principal_keytab: Adding entry of enctype 0x17
Error: krb5_kt_add_entry failed failed (Unsupported key table format version number)

Web Proxy Filtering and Caching / krb5.conf question

« on: May 16, 2019, 09:07:19 am »

I have all the parameters OK but I do not know how can I configurate /etc/krb5.conf

I know how to configurate it but it changes.....

This is the message:

root@OPNsense:/etc # cat krb5.conf
# Autogenerated config. Do not edit manualy.

How can I autoconfigurate it?

? Is urgent

Web Proxy Filtering and Caching / Configuration of Kerberos plugin for authentication against AD domain

« on: May 15, 2019, 04:54:11 pm »

Hi,

Anyone knows how can I configurate Kerberos plugin?

I would like to read some pdf with the documentation or something like that (how-to).

Please, give me a happy notice!

IS FOR MY PROJECT OF UNIVERSITY!!

Web Proxy Filtering and Caching / pkg problem

« on: May 14, 2019, 11:45:17 am »

Anyone Knows this problem? I cannot install some packages like for example: samba

Code:

root@OPNsense:~ # pkg install samba48
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'samba48' have been found in the repositories
root@OPNsense:~ #

Web Proxy Filtering and Caching / Integration of OPNsense on AD Domain

« on: May 13, 2019, 07:15:44 pm »

Anyone has a How-To (Tutorial) about how can I integrate OPNsense on Active Directory?

Help!!!

Web Proxy Filtering and Caching / /etc/hosts issue

« on: May 06, 2019, 08:39:33 am »

Hello, I have an issue with /etc/hosts.

I make changes in /etc/hosts but when I reboot OPNsense this changes dissapear and I have the same content than before.

Is so strange but I need to resolve it because I want to join an AD domain

Web Proxy Filtering and Caching / Not Transparent proxy. Only proxy by local authentication

« on: April 29, 2019, 09:14:38 am »

First of all, sorry for my bad english, I hope all of you can understand my problem with this product.

I have to say that OPNsense is a very good option to make a secure network infrastructure.

Well, I'm going to explain my problem, and I think is easy to resolve..

My proxy is working well with transparent mode, but when I disable it and I want to make proxy by local authentication it does not work as I want. I disabled Transparent mode HTTP and I create a new local user with the role "Proxy: Login", then I create a new ACL for this new user. When I did that I went to my browser and I configurated LAN options with my proxy information (name/ip and port 3128).
Well, when I tried to have access to one page of the user ACL browser asked me for user credentials and I wrote my user credentials but proxy does not work. Proxy allows user access to pages that are restricted on ACLs. It does not work for me.

Maybe, I have something wrong but I do not know what, is important to me, so, anyone can help me with this issue?

Spanish - Español / APLICAR REGLAS DE PROXY PARA USUARIOS DE DOMINIO AD

« on: April 23, 2019, 12:29:38 pm »

Hola amigo, no sé como lo solucionaste, yo he configurado el proxy OPNsense en modo transparente para HTTP y HTTPS.

En OPNsense tengo entendido que no se puede aplicar políticas de filtrado diferentes para cada red. Es decir, en una red hay ciertas restricciones y en la otra red hay otras restricciones diferentes. Es común, en conclusión.

Una vez configurado el proxy en modo transparente, en los equipos cliente, en configuración de red del navegador (en mi caso Mozilla), marco la casilla de Autodetectar proxy para red (ya que, el modo transparente hace que el proxy detecte la red y aplique la política de filtrado).

Vale, una vez configurado en dicho modo, mi siguiente objetivo es no emplear el proxy en modo transparente, es decir, configurarlo mediante LDAP. Es decir, aplico ACLs para aplicarlas a diferentes grupos y/o usuarios de mi dominio AD (en un WIndows Server 2008 R2 Enterprise). Hice la configuración correcta en System > Access > Servers, añadí mi dominio LDAP y testeé y me reconoce los usuarios de mi árbol LDAP del dominio AD. Pero, mi pregunta es, para poder aplicar políticas de filtrado por autenticación, para usuarios LDAP, ¿debería de integrar el OPNsense en mi dominio como controlador de dominio verdad? ¿Sabes como realizar dicha integración?

Si tienes la más mínima idea, te agradecería que contactaras conmigo para ayudarme sobre esta duda. En junio entrego mi proyecto de final de grado superior. Te cuento, mi proyecto consiste en configurar un proxy OPNsense en modo transparente y en modo no transparente, tanto HTTP como HTTPS, no es muy difícil.

Ya he dicho antes que, en modo transparente esta hecho. Me falta solo el proxy en modo no transparente, para lo cual necesitaría ayuda. Y lo agradecería.

Un saludo.

Pages: [1]