Messages

1

Tutorials and FAQs / Automatically import new users from Active Directory to Opnsense

« on: July 27, 2018, 12:45:55 pm »

Hi,
 I figure out a PHP script for automatically in times to verify if it exists in the users in the active directory group and imports them to OPnsense and if they no longer exist in the ad group, deletes them. This would cause user import control for OPNsense not to be done manually and the control would be with the AD group.
Does anyone already have a PHP script for this scenario?

Best regards,
Horides Júnior

2

General Discussion / OPNSense old versions REPO

« on: April 20, 2018, 06:54:52 pm »

Hi,
I need to do the download of old version OPNsense 15.xxxx, but i don´t find repo of the old versions.
Any know a URL for that?

Thanks,

Horides Júnior

3

Tutorials and FAQs / Re: OPNSense - integration SSHD, SUDO, CONSOLE + Active Directory or OpenLDAP

« on: April 06, 2018, 12:56:52 pm »

 After several attempts to integrate with services as SSSD, NSLCD, PAM_LDAP using version OPNSense 16.7.5, I discovered that from version 17.1 a PAM library (pam_opnsense.so) was developed by the OPNSense project which allows the integration of authentications for the services sudo, ssh, Console and GUI synchronized to OpenLDAP or Active Directory, this option is in System >> Administration >> "Integrated authentication (Disable integrated authentication)", and must to keep unchecked so that there is integration of authentication between services.
 It has now become much easy and more functional to synchronize OPNSense to OpenLDAP or Active Directory, following two steps:

1 - Configure OPNSense synchronization with OpenLdap or Active Directory in the System >> Access >> Server option

"Descriptive name"                    = ActiveDirectory
"Type"                                      = LDAP
"Hostname or IP address"          = <IP Domain Controller>
"Port value"                              = <389 or 636 for SSL>
"Transport"                               = <TCP, StartTLS or SSL)
"Peer Certificate Authority"        = <If you use certificate for access to ActiveDirectory or OpenLDAP you must add it here>
"Protocol version"                      = <hold 3, because LDAP 3 is compatible with LDAP 2>
"Bind credentials User DN:"        = <User for Active Directory Access, Example:  CN=<username>, U=Users, DC=example-dev, DC=local>
                         "Password:"     = <UserDN Password>
"Search scope"                          = <define how deep to search within the search base: Use "Entire Subtree">
"Base DN" = <DC=example-dev, DC=local>
"Authentication containers"          = <Defines from which OU the Users will be imported, Example: OU=Users, DC=example-dev, DC=local >
"Extended Query"                        = <Here you can define a Query allowing the import of Users that belong to a group. example: & (memberOf = CN = AnyGroup, OU = Groups, DC = example-dev, DC = local)>
"User naming attribute"               = <sAMAccountName or uid or cn>

Import the users to OPNsense in the "System >> Access >> Users" on the icon ""import users"

2 - Leave the option in System >> Administration >> "Integrated authentication (Disable integrated authentication)" unchecked.

Now you can access the sudo, ssh, console, GUI services with the credentials of the OpenLdap or Active Directory users.

Best Regards,
Horides Junior

4

Tutorials and FAQs / OPNSense - integration SSHD, SUDO, CONSOLE, GUI + Active Directory or OpenLDAP

« on: March 27, 2018, 04:01:30 pm »

 I have long been researching about SSHD and Active Directory or LDAP integration in Opnsense, I see many other people having difficulties applying this solution, I have tried to apply with the NSLCD and SSSD service and there are always problems with bugs or handling of bad errors. I found several tutorials not very reliable or people with the same problem but receiving few answers, so I decided to open a topic related to this subject, because I see as an extreme need to integrate the SSHD + AD or LDAP services for the OPNSense solution, since it already exists plugin to integrate authentication for web interface working perfectly, however for authentication to the OS, there is no functional How To on the internet.

Thank you for your cooperation.