PF and AD

[Peter N. M. Hansteen]

"Ricardo Benq" <rbenq at hotmail.com> writes:

> Is it possible to make filter rules that are based on Microsoft Active
> Directory users?

If you can have the sshd on your pf equipped gateway use
authentication data from your Microsoft system (which is sort of
LDAPish), the next (and possibly smaller) hurdle is to set up authpf
and sensible per user or per user group rules to be loaded by authpf
as appropriate.

> Do I have to install samba/winbind? Are there tutorials?

the gateway would need to interface with the Windows kit one way or
the other, and IIRC kerberos is among the basic requirements.  Our
friend G turns up a lot of references for "sshd Active Directory", so
at least it's been tried before.  It certainly sounds like useful
tutorial material if there isn't one available already.  That is, if
anyone pf-savvy can be persuaded to dive into the AD stuff too.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.