Filter by Windows Server 2016 AD users but not by IP

General questions.
Post Reply
molisi.fifita
Posts: 14
Joined: December 30th, 2017, 2:01 pm

Filter by Windows Server 2016 AD users but not by IP

Post by molisi.fifita » January 2nd, 2019, 2:41 am

Any one knows how to filter internet access by Active directory user but not by IP? My firewall is working fine, all internet access are authenticate from my server 2016 AD. I just wonder if I can filter access to internet by Windows server 2016 AD users but not by IP..

Thank you

User avatar
UAW-Chrysler NTC
Posts: 16
Joined: October 23rd, 2018, 10:29 am

Re: Filter by Windows Server 2016 AD users but not by IP

Post by UAW-Chrysler NTC » January 9th, 2019, 7:11 pm

I suppose if you turn on web proxy and authenticate via AD ( in ipfire as Windows NT4 Domain)
In essence you are controlling who goes to the internet by their AD login.
Is that what you're trying to so ?

I've never used that authentication via web proxy but I see it there.
UAW-Chrysler NTC |Warren, Michigan, USA
IPFire 2.21 (x86_64) - Core Update 126

Hellfire
Posts: 697
Joined: November 8th, 2015, 8:54 am

Re: Filter by Windows Server 2016 AD users but not by IP

Post by Hellfire » January 10th, 2019, 11:26 am

Do you mean when using a (transparent) web proxy and authentication via AD, each Windows user automatically authenticates using AD credentials? No
matter which browser is used?

What happens for those non-Windows users like Android, Linux and others or perhaps IoT and TV devices? Will they bypass the proxy and authentication if using it at all?

Michael
Image

molisi.fifita
Posts: 14
Joined: December 30th, 2017, 2:01 pm

Re: Filter by Windows Server 2016 AD users but not by IP

Post by molisi.fifita » January 16th, 2019, 11:25 pm

Thank you guys.. I have not test it from other OS because we are only using Windows OS. What we have now is a Windows Server 2016 with Active Directory. What I did is using samba and join my firewall to my Windows domain controller. So what happen now, if you dont have a username in our active directory then you cannot access to internet. Once you login into your workstation, that sign in will also authenticate you to access the internet.

The problem that I have that I can still filter the internet access by IP but not by user name.

Post Reply