How do I set firewall and webfiltering policies on my AD network using the AD usernames instead of IP addresses?
Previously, incase of IP, I was using hosts to define the IPs to test, and then adding them to hostgroups in the firewall objects. For this new test, how do I get the same result?
Right, thanks … but how I get the users from the AD? Do I import from a CSV file, as mentioned in: http://docs.nethserver.org/en/latest/accounts.html And then just create NS groups of users and apply firewall/proxy/filtering policies on those groups? Or is there another way to apply these policies on the AD users?
Ok, if I understand correctly, I just go into the content filter -> profiles … and I should see the domain users in the dropdown box for “who” field? I do not see the domain users in that list, or anywhere else for that matter. It makes me think I have to import the users first. Please correct me if i’m wrong.
Edit: I don’t care about groups, I can create NS groups and apply the policies on that, but obviously for NS groups to be made, I need to add AD users to it. I can’t see/understand how to get AD users.
Edit: All my AD users are part of this CN, but I can’t see them in any output on NS, as I said above. I can however see my AD groups (also part of same CN), as shown in pic above as output of “wbinfo -g”
Update: I fired up another instance of NS on a VM, and installed only the file server package. Set the NTP and DNS correctly … joined the domain successfully … the result is the same.
[root@ns2 ~]#
[root@ns2 ~]# net -k ads testjoin
Join is OK
[root@ns2 ~]#
[root@ns2 ~]#
[root@ns2 ~]#
[root@ns2 ~]# wbinfo -u
[root@ns2 ~]#
I don’t get what I’m doing wrong.
One thing to note is: When joining the domain, when I click on “submit”, I still get the error “Task completed with errors #exit status” … with the pop-up to put in admin username/password. After putting in the username and password, it joins the domain successfully and shows above behavior. I don’t know if this is important or not.
Update 2: I finally got it working. My original NS was the 7.x alpha version. The second NS server I set up was the same. Finally, for my last attempt, I used the 6.7 stable version. Followed exactly the same steps and joined without any problems or error messages. wbinf -u now shows list of users properly.
I don’t know the root cause of the problem, but it seems there’s something wrong with the version 7 integration.
So if a LAN has 2000 users, let’s say … they have to create 2000 different profiles on the content filter? Really?? I’m finding it a hassle to create profiles only for 60 people, I can’t imagine how bigger networks would deal with it
You’re right, but I would like to explain the problem hoping someone will come out with a good idea to fix it.
Scenario
AD server with students group
The students group contains 3 users: user1, user2, user3
NS configured to filter web content for students group, but the group must be expanded into the list of users inside the configuration file (in this case it’s a limitation of SquidGuard)
Admin adds the user4 to students group
NS doesn’t know the group has been changed, so it continues only to block only user1, user2 and user3
The only viable fix is to manually connect to NS, regenerate the configuration file and restart the SquidGuard service.