Date: Sat, 05 May 2007 12:47:20 +0200 From: peter@bsdly.net (Peter N. M. Hansteen) To: freebsd-pf@freebsd.org Subject: Re: PF and AD Message-ID: <877irno8cn.fsf@thingy.datadok.no> In-Reply-To: <BAY114-F263B18C2292E74052CE1DAA5410@phx.gbl> (Ricardo Benq's message of "Thu, 03 May 2007 21:00:51 %2B0000") References: <BAY114-F263B18C2292E74052CE1DAA5410@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
"Ricardo Benq" <rbenq@hotmail.com> writes: > Is it possible to make filter rules that are based on Microsoft Active > Directory users? If you can have the sshd on your pf equipped gateway use authentication data from your Microsoft system (which is sort of LDAPish), the next (and possibly smaller) hurdle is to set up authpf and sensible per user or per user group rules to be loaded by authpf as appropriate. > Do I have to install samba/winbind? Are there tutorials? the gateway would need to interface with the Windows kit one way or the other, and IIRC kerberos is among the basic requirements. Our friend G turns up a lot of references for "sshd Active Directory", so at least it's been tried before. It certainly sounds like useful tutorial material if there isn't one available already. That is, if anyone pf-savvy can be persuaded to dive into the AD stuff too. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?877irno8cn.fsf>