160 lines
6.4 KiB
HTML
160 lines
6.4 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<meta name="description" content="">
|
|
<meta name="author" content="">
|
|
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
|
|
|
|
<title>Pfsense Captive Portal</title>
|
|
|
|
<!-- Bootstrap core CSS -->
|
|
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
|
|
<link href="../../assets/css/xt256.css" rel="stylesheet">
|
|
|
|
|
|
|
|
<!-- Custom styles for this template -->
|
|
<link href="../../assets/css/main.css" rel="stylesheet">
|
|
|
|
|
|
|
|
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
|
|
<!--[if lt IE 9]>
|
|
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
|
|
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
|
|
<![endif]-->
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<!-- Static navbar -->
|
|
<div class="navbar navbar-inverse-cis navbar-static-top">
|
|
<div class="container">
|
|
<div class="navbar-header">
|
|
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
|
|
<span class="icon-bar"></span>
|
|
<span class="icon-bar"></span>
|
|
<span class="icon-bar"></span>
|
|
</button>
|
|
<a class="navbar-brand-cis" href="\index.html">The Nihilism Blog</a>
|
|
</div>
|
|
<div class="navbar-collapse collapse">
|
|
<ul class="nav navbar-nav navbar-right">
|
|
|
|
<li><a href="/about.html">About</a></li>
|
|
<li><a href="/blog.html">Categories</a></li>
|
|
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
|
|
<li><a href="/contact.html">Contact</a></li>
|
|
</ul>
|
|
</div><!--/.nav-collapse -->
|
|
|
|
</div>
|
|
</div>
|
|
|
|
<!-- +++++ Posts Lists +++++ -->
|
|
<!-- +++++ First Post +++++ -->
|
|
<div id="cis2">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist - 00 / 00 / 00</ba></p>
|
|
<h1>Pfsense Captive Portal </h1>
|
|
<p> In this tutorial we will setup a pfsense captive portal making use of a LDAP connection to an Active Directory and the built-in captive portal feature.</p>
|
|
<p>We are going to work on the following architecture</p>
|
|
<img src="0.png" class="imgRz">
|
|
<p>Basically we want the network clients that are on the LAN side of our pfsense virtualized (or physical) router to login through our captive portal.</p>
|
|
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /grey -->
|
|
|
|
<!-- +++++ Second Post +++++ -->
|
|
<div id="cis3">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<h2><b>Initial AD Setup </b></h2>
|
|
<p>Follow <a href="../pf_virt/index.html">this tutorial</a> to setup pfsense on virt-manager, if you want you can also install pfsense on proxmox like i did, these are fundamentally the same concepts,
|
|
now looking from a client's POV, setup Windows Server 2019 with DNS + AD, check out this guide if you didn't do it already <a href="../w5/index.html">here</a>. Once the WS2019 is properly setup with DNS + AD, we will need to add our AD user to the pfsense admin group:</p>
|
|
<img src="13.png" class="imgRz">
|
|
<img src="14.png"class="imgRz" >
|
|
<img src="15.png" >
|
|
<img src="16.png"class="imgRz" >
|
|
<p>create a bind user:</p>
|
|
|
|
<img src="17.png" class="imgRz">
|
|
<img src="18.png" class="imgRz">
|
|
<!--<p>We will use that user as the bind user, so now let's setup the LDAPS authentication on pfsense:</p>
|
|
|
|
|
|
<img src="55.png" class="imgRz">
|
|
<p>in the command prompt we run the aforementionned command and we see that nowhere.local is resolved properly, on port 636 (ldaps) So let's continue by making sure
|
|
the bind user is in the pfsense-admin group:</p>
|
|
<img src="56.png" class="imgRz">
|
|
|
|
|
|
<img src="50.png" class="imgRz">
|
|
<img src="51.png" class="imgRz">
|
|
<p>Now for the 'bind user' we need to get some additional informations so get on your WS2019 server and do the following:</p>
|
|
<img src="52.png" class="imgRz">
|
|
<p>Copy-paste what's above into the bind credentials prompt:</p>
|
|
<img src="53.png" class="imgRz">
|
|
<p>After trying for 2+ hours i give up on using SSL in this tutorial, just use the regular LDAP 389 connection as follows:</p>
|
|
<img src="57.png" class="imgRz">
|
|
<img src="58.png" class="imgRz">
|
|
<img src="59.png" class="imgRz">
|
|
<p>So here we see that the LDAP (port 389) works, but let's see if we can authenticate: </p>
|
|
<img src="60.png" class="imgRz">
|
|
<p>And that's it! We have been able to authenticate via LDAP through our pfsense web interface.</p>
|
|
<!--
|
|
-->
|
|
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /white -->
|
|
|
|
<!-- +++++ Footer Section +++++ -->
|
|
|
|
<div id="cisb">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-4">
|
|
<h4>Nihilism</h4>
|
|
<p>
|
|
Until there is Nothing left.</p></br></br><p>Creative Commons Zero: <a href="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><img src="\CC0.png">
|
|
|
|
</p>
|
|
</div><!-- /col-lg-4 -->
|
|
|
|
<div class="col-lg-4">
|
|
<h4>My Links</h4>
|
|
<p>
|
|
|
|
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FL5jrGV2L_Bb20Oj0aE4Gn-m5AHet9XdpYDotiqpcpGc%3D%40nowhere.moe%2FH4g7zPbitSLV5tDQ51Yz-R6RgOkMEeCc%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAkts5T5AMxHGrZCCg12aeKxWcpXaxbB_XqjrXmcFYlDQ%253D&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22c3Y-iDaoDCFm6RhptSDOaw%3D%3D%22%7D">SimpleX Chat</a><br/>
|
|
|
|
</p>
|
|
</div><!-- /col-lg-4 -->
|
|
|
|
<div class="col-lg-4">
|
|
<h4>About nihilist</h4>
|
|
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@contact.nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
|
|
</div><!-- /col-lg-4 -->
|
|
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<!-- Bootstrap core JavaScript
|
|
================================================== -->
|
|
<!-- Placed at the end of the document so the pages load faster -->
|
|
|
|
</body>
|
|
</html>
|