Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Proxy SSO Plugin
« previous
next »
Print
Pages: [
1
]
Author
Topic: Proxy SSO Plugin (Read 2294 times)
rmundel
Newbie
Posts: 4
Karma: 0
Proxy SSO Plugin
«
on:
November 03, 2021, 04:01:21 pm »
Hey guys, after spending weeks with our team trying to automatically login AD's users with squid we just gave up.
Is it possible? Anyone has done it? If so, can someone point us in some direction?
If it doesn't work we are considering doing with samba (winbind).
Logged
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: Proxy SSO Plugin
«
Reply #1 on:
November 03, 2021, 05:42:34 pm »
Winbind is not included. I heard from a customer about a successful integration but very tricky.
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Fright
Hero Member
Posts: 1777
Karma: 164
Re: Proxy SSO Plugin
«
Reply #2 on:
November 03, 2021, 07:58:57 pm »
Hi. yes. squid + sso + ad can work
can you share initial data, steps taken and errors? I think then it will be easier for the people to try to help
«
Last Edit: November 03, 2021, 08:27:56 pm by Fright
»
Logged
radeschi
Newbie
Posts: 2
Karma: 0
Re: Proxy SSO Plugin
«
Reply #3 on:
November 04, 2021, 05:44:20 pm »
Hi! I'm working with Rafael on this.. The errors.. this is the problem, they don't exists, apparently should work with this configuration.
* krb5.conf is ok
* smb.conf is ok
* squid.conf is configured to work with ntlm_auth
* net ads join on domain is ok
* wbinfo to get the users is ok
But the transparent authentication(ntlm_auth) don't work with squid(command line is working fine), just the basic auth.
And here is the interesting thing, I already make this scenario work many times(linux, netbsd, freebsd), and because of this problem with the OPNSense, I built a lab with Linux + Winbind + Squid just like I always did, and this is not working! I have the same result.
I don't know if is a problem with ntlm_auth, or the squid version, or the samba version, I still could't identify. Maybe a try to downgrade the squid/samba version..
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: Proxy SSO Plugin
«
Reply #4 on:
November 04, 2021, 08:46:36 pm »
Hi!
Quote
squid.conf is configured to work with ntlm_auth
hm. sso plugin is for kerberos afaik
so you need to set ldap, ad account for opnsense host, set SPN etc
«
Last Edit: November 04, 2021, 08:48:23 pm by Fright
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Proxy SSO Plugin