From owner-freebsd-pf@FreeBSD.ORG Fri May 4 17:18:59 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id ADE9016A401 for ; Fri, 4 May 2007 17:18:59 +0000 (UTC) (envelope-from rbenq@hotmail.com) Received: from bay0-omc1-s31.bay0.hotmail.com (bay0-omc1-s31.bay0.hotmail.com [65.54.246.103]) by mx1.freebsd.org (Postfix) with ESMTP id 9B95E13C44C for ; Fri, 4 May 2007 17:18:59 +0000 (UTC) (envelope-from rbenq@hotmail.com) Received: from hotmail.com ([65.54.169.46]) by bay0-omc1-s31.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Fri, 4 May 2007 10:18:59 -0700 Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 4 May 2007 10:18:59 -0700 Message-ID: Received: from 65.54.169.200 by by114fd.bay114.hotmail.msn.com with HTTP; Fri, 04 May 2007 17:18:58 GMT X-Originating-IP: [201.41.100.162] X-Originating-Email: [rbenq@hotmail.com] X-Sender: rbenq@hotmail.com In-Reply-To: <463AF437.3020108@bestnet.kharkov.ua> From: "Ricardo Benq" To: freebsd-pf@freebsd.org Date: Fri, 04 May 2007 17:18:58 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 04 May 2007 17:18:59.0257 (UTC) FILETIME=[4D96FA90:01C78E70] X-Mailman-Approved-At: Fri, 04 May 2007 17:50:08 +0000 Subject: Re: PF and AD X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 May 2007 17:18:59 -0000 Ok, Gregory, here it goes: In our network, all users are AD domain users that have access to services/networks restricted by AD groups. We already have a SQUID/Dansguardian that filter internet access for AD user/groups via ACLs for radio, video, messenger, etc. All Active Diretory users are authenticated on SQUID , using SAMBA/Winbind. What we want is to use PF to filter access to, say, DMZ servers and internet from internal network, based on user names and AD groups. Regards, Ben. Ricardo Benq wrote: >Hello. >Is it possible to make filter rules that are based on Microsoft Active >Directory users? >Do I have to install samba/winbind? Are there tutorials? > Short answer: no. Longer answer: Not that I can really think off an example where that would be of use. Can you provide more details as of your network setup and what do you want to achieve? The moon is too cloudy today, and so is our spiritual possibilities. -- With best regards, Gregory Edigarov _________________________________________________________________ MSN Messenger: instale grátis e converse com seus amigos. http://messenger.msn.com.br