<p> In this tutorial we will setup a pfsense captive portal making use of a LDAP connection to an Active Directory and the built-in captive portal feature.</p>
<p>We are going to work on the following architecture</p>
<imgsrc="0.png"class="imgRz">
<p>Basically we want the network clients that are on the LAN side of our pfsense virtualized (or physical) router to login through our captive portal.</p>
</div>
</div><!-- /row -->
</div><!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<divid="cis3">
<divclass="container">
<divclass="row">
<divclass="col-lg-8 col-lg-offset-2">
<h2><b>Initial AD Setup </b></h2>
<p>Follow <ahref="../pf_virt/index.html">this tutorial</a> to setup pfsense on virt-manager, if you want you can also install pfsense on proxmox like i did, these are fundamentally the same concepts,
now looking from a client's POV, setup Windows Server 2019 with DNS + AD, check out this guide if you didn't do it already <ahref="../w5/index.html">here</a>. Once the WS2019 is properly setup with DNS + AD, we will need to add our AD user to the pfsense admin group:</p>
<imgsrc="13.png"class="imgRz">
<imgsrc="14.png"class="imgRz">
<imgsrc="15.png">
<imgsrc="16.png"class="imgRz">
<p>create a bind user:</p>
<imgsrc="17.png"class="imgRz">
<imgsrc="18.png"class="imgRz">
<!--<p>We will use that user as the bind user, so now let's setup the LDAPS authentication on pfsense:</p>
<imgsrc="55.png"class="imgRz">
<p>in the command prompt we run the aforementionned command and we see that nowhere.local is resolved properly, on port 636 (ldaps) So let's continue by making sure
the bind user is in the pfsense-admin group:</p>
<imgsrc="56.png"class="imgRz">
<imgsrc="50.png"class="imgRz">
<imgsrc="51.png"class="imgRz">
<p>Now for the 'bind user' we need to get some additional informations so get on your WS2019 server and do the following:</p>
<imgsrc="52.png"class="imgRz">
<p>Copy-paste what's above into the bind credentials prompt:</p>
<imgsrc="53.png"class="imgRz">
<p>After trying for 2+ hours i give up on using SSL in this tutorial, just use the regular LDAP 389 connection as follows:</p>
<imgsrc="57.png"class="imgRz">
<imgsrc="58.png"class="imgRz">
<imgsrc="59.png"class="imgRz">
<p>So here we see that the LDAP (port 389) works, but let's see if we can authenticate: </p>
<imgsrc="60.png"class="imgRz">
<p>And that's it! We have been able to authenticate via LDAP through our pfsense web interface.</p>
Until there is Nothing left.</p></br></br><p>Creative Commons Zero: <ahref="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><imgsrc="\CC0.png">