Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
filtering traffic on Active directory users accounts?
« previous
next »
Print
Pages: [
1
]
Author
Topic: filtering traffic on Active directory users accounts? (Read 5586 times)
JohnnyMorris
Newbie
Posts: 3
Karma: 0
filtering traffic on Active directory users accounts?
«
on:
December 02, 2016, 09:34:28 am »
I've set up LDAP integration successfully, my question is can i block traffic using specific user accounts from my AD server?
Sorry if its posted somewhere else i cant find any definitive answers.
im guessing i can import the AD users into opnsense via LDAP integration, create groups in OPNsense from the imported users to mirror the groups i have in Active Directory and set specific block/allow rules for those groups OPNsense? i'm using the latest production release.
thanks
Logged
JohnnyMorris
Newbie
Posts: 3
Karma: 0
Re: filtering traffic on Active directory users accounts?
«
Reply #1 on:
December 05, 2016, 12:09:38 pm »
so its not possible to set firewall rules based on users imported from Active directory? i just need to know if i can block sites on a per user basis from the LDAP information. ive made the connection successfully but thats as far as ive got.
simple yes or no would be great as if ive run up a dead end ill have to look at a different solution. thanks
«
Last Edit: December 05, 2016, 12:13:25 pm by JohnnyMorris
»
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: filtering traffic on Active directory users accounts?
«
Reply #2 on:
December 05, 2016, 05:22:53 pm »
Hi Johnny,
It requires mechanisms to pull IP addresses from the directory, provide those in aliases according to arbitrary mappings (groups, users, extended queries) and to periodically re-execute the pull. We are doing a filter rework that will stretch as far as OPNsense 17.7, which would make this easier to pull off, but there is nobody on point for such works.
Cheers,
Franco
Logged
JohnnyMorris
Newbie
Posts: 3
Karma: 0
Re: filtering traffic on Active directory users accounts?
«
Reply #3 on:
December 07, 2016, 04:54:35 pm »
what a a shame, as an active directory plugin that allows you to set filtering levels by AD security group membership would be the holy grail for alot of people including me. i know i shouldnt ask this but what is the next best solution? can anyone help? sonicwall or a paid version of untangle?
«
Last Edit: December 13, 2016, 03:35:13 pm by JohnnyMorris
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
filtering traffic on Active directory users accounts?