Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
How to configure OPNSense with Windows AD
« previous
next »
Print
Pages: [
1
]
Author
Topic: How to configure OPNSense with Windows AD (Read 5606 times)
shan
Newbie
Posts: 3
Karma: 0
How to configure OPNSense with Windows AD
«
on:
October 05, 2017, 04:54:59 pm »
My Requirement
I work in a company and we have about 50 employees. Right now we are using IPCOP firewall proxy and there is no Microsoft AD setup.
The MAC addresses of the user PCs are added to the IPCOP and only allowed MAC addresses can access the internet.
The problem with current setup is that there is no way to monitor the bandwidth each user has consumed. There are 2, 3 people consuming too much bandwidth and before the end of the month we reach the bandwidth cap.
As a solution to this problem I thought of Implementing Windows AD along with OPNsense.
Basically what I want to do is to route the internet connection through Firewall proxy (transparent proxy) and setup the windows AD to authenticate the users.
What I have done so far
In order to test things first I have setup virtual box with OPNSense, Windows AD and 02 windows 07 VMs.
OPNSense:
em0: WAN (NAT) (DHCP)
em1: LAN (Host Only Network) 192.168.10.254
DHCP Server Turned off
Windows AD
LAN: (Host Only Network) 192.168.10.10
DHCP Server Turned on
DNS Server turned on
Windows 7-1
LAN (Host Only network) 192.168.10.50
Windows 7-2
LAN (Host Only network) 192.168.10.51
My windows AD side setup is done and I even got it connected to OPNSense. (System: Access: Servers)
Now I want to configure OPNSense side but I have no very clear idea how to do it. I need help from you guys on how to do that.
Thanks in advance.
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: How to configure OPNSense with Windows AD
«
Reply #1 on:
October 09, 2017, 11:28:23 pm »
If there is bandwidth requirement with some business logic in the background plus internet access control your best bet is a captive portal for access authenticating to a RADIUS server with enabled accounting so you get your RADIUS to accumulate stats and block users if they reach their own or overall quota.
Cheers,
Franco
Logged
MasterXBKC
Jr. Member
Posts: 66
Karma: 6
Infragard Member
Re: How to configure OPNSense with Windows AD
«
Reply #2 on:
October 14, 2017, 11:31:00 pm »
+1 to franks suggestion, dont try to do this with AD, it will likely end in disaster. This is coming from a 15 year veteran of an MSP. At best i seem to recall a tool at some point that could sync RADIUS with AD but i havent seen or heard of it in a number of years.
Logged
Member of FBIs Infragard Program
Certified Information Systems Security Officer
Certified Vulnerability Assessor
PFMonitor Remote Management, Backup, & Live Monitoring for PFSense and OPNSense
OPNSense Units: R720XD XL, R720XD XL, R720XD, R720XD, R710, DL360G7, QNAP
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
How to configure OPNSense with Windows AD