PFSense LDAP and Squidguard

---

Hello, I have an instance where I am running a pfsense firewall /server 2012 r2 domain controller with active directory / and multiple windows 10 clients. I have LDAP configured and authenticating in pfsense with my domain controller. What I would like to do is use squid guard to web filter user security groups. ie - I have two user security groups "Teachers and Students" and I would like to block the student security group from accessing youtube but allow the teacher's group to have access. I have watched the new pfsense 2016 tutorial many times but it does not go into great depth on ldap. Any help with this would be greatly appreciated

Thank You in advance..

Thats wierd, I'm doing something similar too. :D

After you turn on Squidguard you can setup the LDAP authentication but this is just for the lookup user. Then in the Squid Proxy you need to configure the LDAP filter but it uses the unfriendly method of having to create an LDAP query.

Kepp an eye on the raw ldap logs (access and cache) which will (sort of) guide you to problems with your lookup having a bad password etc...

Once it is working though, it isn't transparent. Your users will still get login boxes when opening a browser. IE tends to remember it where chrome tends to re-ask if some time has passed or the browser has been closed. It isn't consistent behavior.

The only solution we have found so far is this script...
https://pf2ad.mundounix.com.br/en/index.html
Once installed, the pfsense box becomes a member of the domain and now gives you transparent NTLM authentication so no user prompts. The script has generate errors though which can bee seen in the GUI however it hasn't broke anything at this point.

Hope this helps

Mark