blog-contributions/opsec/pf_captive/index.html

160 lines
6.4 KiB
HTML

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>Pfsense Captive Portal</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
<link href="../../assets/css/xt256.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="../../assets/css/main.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-inverse-cis navbar-static-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand-cis" href="\index.html">The Nihilism Blog</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="cis2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist - 00 / 00 / 00</ba></p>
<h1>Pfsense Captive Portal </h1>
<p> In this tutorial we will setup a pfsense captive portal making use of a LDAP connection to an Active Directory and the built-in captive portal feature.</p>
<p>We are going to work on the following architecture</p>
<img src="0.png" class="imgRz">
<p>Basically we want the network clients that are on the LAN side of our pfsense virtualized (or physical) router to login through our captive portal.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<div id="cis3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Initial AD Setup </b></h2>
<p>Follow <a href="../pf_virt/index.html">this tutorial</a> to setup pfsense on virt-manager, if you want you can also install pfsense on proxmox like i did, these are fundamentally the same concepts,
now looking from a client's POV, setup Windows Server 2019 with DNS + AD, check out this guide if you didn't do it already <a href="../w5/index.html">here</a>. Once the WS2019 is properly setup with DNS + AD, we will need to add our AD user to the pfsense admin group:</p>
<img src="13.png" class="imgRz">
<img src="14.png"class="imgRz" >
<img src="15.png" >
<img src="16.png"class="imgRz" >
<p>create a bind user:</p>
<img src="17.png" class="imgRz">
<img src="18.png" class="imgRz">
<!--<p>We will use that user as the bind user, so now let's setup the LDAPS authentication on pfsense:</p>
<img src="55.png" class="imgRz">
<p>in the command prompt we run the aforementionned command and we see that nowhere.local is resolved properly, on port 636 (ldaps) So let's continue by making sure
the bind user is in the pfsense-admin group:</p>
<img src="56.png" class="imgRz">
<img src="50.png" class="imgRz">
<img src="51.png" class="imgRz">
<p>Now for the 'bind user' we need to get some additional informations so get on your WS2019 server and do the following:</p>
<img src="52.png" class="imgRz">
<p>Copy-paste what's above into the bind credentials prompt:</p>
<img src="53.png" class="imgRz">
<p>After trying for 2+ hours i give up on using SSL in this tutorial, just use the regular LDAP 389 connection as follows:</p>
<img src="57.png" class="imgRz">
<img src="58.png" class="imgRz">
<img src="59.png" class="imgRz">
<p>So here we see that the LDAP (port 389) works, but let's see if we can authenticate: </p>
<img src="60.png" class="imgRz">
<p>And that's it! We have been able to authenticate via LDAP through our pfsense web interface.</p>
<!--
-->
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Footer Section +++++ -->
<div id="cisb">
<div class="container">
<div class="row">
<div class="col-lg-4">
<h4>Nihilism</h4>
<p>
Until there is Nothing left.</p></br></br><p>Creative Commons Zero: <a href="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><img src="\CC0.png">
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>My Links</h4>
<p>
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FL5jrGV2L_Bb20Oj0aE4Gn-m5AHet9XdpYDotiqpcpGc%3D%40nowhere.moe%2FH4g7zPbitSLV5tDQ51Yz-R6RgOkMEeCc%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAkts5T5AMxHGrZCCg12aeKxWcpXaxbB_XqjrXmcFYlDQ%253D&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22c3Y-iDaoDCFm6RhptSDOaw%3D%3D%22%7D">SimpleX Chat</a><br/>
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About nihilist</h4>
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@contact.nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
</div><!-- /col-lg-4 -->
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
</body>
</html>