Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
OPNSense - integration SSHD, SUDO, CONSOLE, GUI + Active Directory or OpenLDAP
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNSense - integration SSHD, SUDO, CONSOLE, GUI + Active Directory or OpenLDAP (Read 6825 times)
guest17566
Guest
OPNSense - integration SSHD, SUDO, CONSOLE, GUI + Active Directory or OpenLDAP
«
on:
March 27, 2018, 04:01:30 pm »
I have long been researching about SSHD and Active Directory or LDAP integration in Opnsense, I see many other people having difficulties applying this solution, I have tried to apply with the NSLCD and SSSD service and there are always problems with bugs or handling of bad errors. I found several tutorials not very reliable or people with the same problem but receiving few answers, so I decided to open a topic related to this subject, because I see as an extreme need to integrate the SSHD + AD or LDAP services for the OPNSense solution, since it already exists plugin to integrate authentication for web interface working perfectly, however for authentication to the OS, there is no functional How To on the internet.
Thank you for your cooperation.
Logged
guest17566
Guest
Re: OPNSense - integration SSHD, SUDO, CONSOLE + Active Directory or OpenLDAP
«
Reply #1 on:
April 06, 2018, 12:56:52 pm »
After several attempts to integrate with services as SSSD, NSLCD, PAM_LDAP using version OPNSense 16.7.5, I discovered that from version 17.1 a PAM library (pam_opnsense.so) was developed by the OPNSense project which allows the integration of authentications for the services sudo, ssh, Console and GUI synchronized to OpenLDAP or Active Directory, this option is in System >> Administration >> "Integrated authentication (Disable integrated authentication)", and must to keep unchecked so that there is integration of authentication between services.
It has now become much easy and more functional to synchronize OPNSense to OpenLDAP or Active Directory, following two steps:
1 - Configure OPNSense synchronization with OpenLdap or Active Directory in the System >> Access >> Server option
"Descriptive name"
= ActiveDirectory
"Type"
= LDAP
"Hostname or IP address"
= <IP Domain Controller>
"Port value"
= <389 or 636 for SSL>
"Transport"
= <TCP, StartTLS or SSL)
"Peer Certificate Authority"
= <If you use certificate for access to ActiveDirectory or OpenLDAP you must add it here>
"Protocol version"
= <hold 3, because LDAP 3 is compatible with LDAP 2>
"Bind credentials User DN:"
= <User for Active Directory Access, Example: CN=<username>, U=Users, DC=example-dev, DC=local>
"Password:"
= <UserDN Password>
"Search scope"
= <define how deep to search within the search base: Use "Entire Subtree">
"Base DN"
= <DC=example-dev, DC=local>
"Authentication containers"
= <Defines from which OU the Users will be imported, Example: OU=Users, DC=example-dev, DC=local >
"Extended Query"
= <Here you can define a Query allowing the import of Users that belong to a group. example: & (memberOf = CN = AnyGroup, OU = Groups, DC = example-dev, DC = local)>
"User naming attribute"
= <sAMAccountName or uid or cn>
Import the users to OPNsense in the "System >> Access >> Users" on the icon ""import users"
2 - Leave the option in System >> Administration >> "Integrated authentication (Disable integrated authentication)" unchecked.
Now you can access the sudo, ssh, console, GUI services with the credentials of the OpenLdap or Active Directory users.
Best Regards,
Horides Junior
Logged
elektroinside
Hero Member
Posts: 574
Karma: 51
Re: OPNSense SSHD + Active Directory or OpenLDAP
«
Reply #2 on:
April 06, 2018, 01:07:36 pm »
Very nice, well done!
Logged
OPNsense v18
| HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s
Team Rebellion Member
iam
Full Member
Posts: 105
Karma: 1
Re: OPNSense - integration SSHD, SUDO, CONSOLE + Active Directory or OpenLDAP
«
Reply #3 on:
July 21, 2018, 04:07:53 pm »
Quote from: horides on April 06, 2018, 12:56:52 pm
Import the users to OPNsense in the "System >> Access >> Users" on the icon ""import users"
Where can I find this icon in 18.7.r2?
Logged
iam
Full Member
Posts: 105
Karma: 1
Re: OPNSense - integration SSHD, SUDO, CONSOLE, GUI + Active Directory or OpenLDAP
«
Reply #4 on:
July 23, 2018, 08:47:11 pm »
Interesting. The symbol is only shown if I only use the LDAP server as authentication service. But after re-adding the local database to the list of authentication services I can use local and LDAP users.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
OPNSense - integration SSHD, SUDO, CONSOLE, GUI + Active Directory or OpenLDAP