Hi! Better to use login_radius authentication, you don't need to install any ports, it's in the base system. And in order to encrypt LDAP connections you need to setup an Enterprise CA in the Windows domain, which you might or might not want to do. Radius support is builtin and supports point-2-point security, which is enough in your case. Works nicely with authpf here :)
Also, keep in mind that in order to use external _authentication_ you still have to have local _identification_ (true for both LDAP and radius). You have to add all the users, which will be using the system, from the AD localy into the OpenBSD. Regards, Daniel. > -----Original Message----- > From: Ari Constancio [mailto:[EMAIL PROTECTED] > Sent: Friday, October 19, 2007 7:43 PM > To: Steven Surdock > Cc: misc@openbsd.org > Subject: Re: Squid/authpf with lookups on Active Directory > > Thanks to all for the replies. Everything is clear now; squid with > ntlm auth and authpf with login_ldap will do the trick (sorry, Stuart, > I didn't really read your message - now I have). > > Steven, I'm looking for a general gateway setup - not only > web traffic. > > Cheers, > Ari Constancio > > On 10/19/07, Steven Surdock <[EMAIL PROTECTED]> wrote: > > Ari Constancio wrote: > > > Hi again, > > > > > > Sorry if I'm not being clear. > > > > > > I need this box to be a firewall and a proxy server. Squid, as it > > > seems, can use NTLM auth to get account info from AD. But > what about > > > pf? > > > > > > How can I authenticate users from AD to get through pf? > > > > > > Thanks, > > > Ari Constancio > > > > > > > Define "get through pf". What services (protocols & ports) > will they > > need to access after authenticating? I was assuming web > traffic, which > > you would drive through squid, so no need for authpf. > > > > -Steve S.
