OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • How to configure OPNSense with Windows AD
« previous next »
  • Print
Pages: [1]

Author Topic: How to configure OPNSense with Windows AD  (Read 5633 times)

shan

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
How to configure OPNSense with Windows AD
« on: October 05, 2017, 04:54:59 pm »
My Requirement
I work in a company and we have about 50 employees. Right now we are using IPCOP firewall proxy and there is no Microsoft AD setup.
The MAC addresses of the user PCs are added to the IPCOP and only allowed MAC addresses can access the internet.
The problem with current setup is that there is no way to monitor the bandwidth each user has consumed. There are 2, 3 people consuming too much bandwidth and before the end of the month we reach the bandwidth cap.
As a solution to this problem I thought of Implementing Windows AD along with OPNsense.
Basically what I want to do is to route the internet connection through Firewall proxy (transparent proxy) and setup the windows AD to authenticate the users.

What I have done so far
In order to test things first I have setup virtual box with OPNSense, Windows AD and 02 windows 07 VMs.

OPNSense:
em0: WAN (NAT) (DHCP)
em1: LAN (Host Only Network) 192.168.10.254
DHCP Server Turned off

Windows AD
LAN: (Host Only Network) 192.168.10.10
DHCP Server Turned on
DNS Server turned on

Windows 7-1
LAN (Host Only network) 192.168.10.50

Windows 7-2
LAN (Host Only network) 192.168.10.51

My windows AD side setup is done and I even got it connected to OPNSense.  (System: Access: Servers)
Now I want to configure OPNSense side but I have no very clear idea how to do it. I need help from you guys on how to do that.
Thanks in advance.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 17706
  • Karma: 1618
    • View Profile
Re: How to configure OPNSense with Windows AD
« Reply #1 on: October 09, 2017, 11:28:23 pm »
If there is bandwidth requirement with some business logic in the background plus internet access control your best bet is a captive portal for access authenticating to a RADIUS server with enabled accounting so you get your RADIUS to accumulate stats and block users if they reach their own or overall quota.


Cheers,
Franco
Logged

MasterXBKC

  • Jr. Member
  • **
  • Posts: 66
  • Karma: 6
  • Infragard Member
    • View Profile
    • PFMonitor Central Firewall Management
Re: How to configure OPNSense with Windows AD
« Reply #2 on: October 14, 2017, 11:31:00 pm »
+1 to franks suggestion, dont try to do this with AD, it will likely end in disaster.  This is coming from a 15 year veteran of an MSP.  At best i seem to recall a tool at some point that could sync RADIUS with AD but i havent seen or heard of it in a number of years.
Logged
Member of FBIs Infragard Program
Certified Information Systems Security Officer
Certified Vulnerability Assessor
PFMonitor Remote Management, Backup, & Live Monitoring for PFSense and OPNSense
OPNSense Units: R720XD XL, R720XD XL, R720XD, R720XD, R710, DL360G7, QNAP
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • How to configure OPNSense with Windows AD
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2