Probably not the best place to ask, but hopefully someone can point me in the right direction. I have a tiny business. We use Samba for file sharing and authentication in an AD setup. I'm running a pfsense appliance firewall. NAT on the internal network. Is there a way to allow employees to authenticate and access files to encourage remote work? What resource should I look to to figure this out? Really have no clue where to start. If it wasn't for Covid19, this would not be a need. Appreciate any pointers. marco
On 14/03/2020 13:53, Marco Shmerykowsky via samba wrote:> > Probably not the best place to ask, but hopefully > someone can point me in the right direction. > > I have a tiny business.? We use Samba for file sharing > and authentication in an AD setup.? I'm running a > pfsense appliance firewall.? NAT on the internal > network. > > Is there a way to allow employees to authenticate > and access files to encourage remote work? > > What resource should I look to to figure this out? > Really have no clue where to start.? If it wasn't > for Covid19, this would not be a need. > > Appreciate any pointers. > > marco >Port forwarding on the firewall ? Or OpenVPN through it ? Rowland
On 14/03/2020 13:53, Marco Shmerykowsky via samba wrote:> > Probably not the best place to ask, but hopefully > someone can point me in the right direction. > > I have a tiny business.? We use Samba for file sharing > and authentication in an AD setup.? I'm running a > pfsense appliance firewall.? NAT on the internal > network. > > Is there a way to allow employees to authenticate > and access files to encourage remote work? > > What resource should I look to to figure this out? > Really have no clue where to start.? If it wasn't > for Covid19, this would not be a need. > > Appreciate any pointers.Personally, I'd just setup an Openvpn server within your site, generate keys for each user as needed, open the firewall for the port(s) of your choice and finally setup the Openvpn clients on the users' laptops/pcs. Once the users connect they proceed as normal. The users? 'home' network address should be different to the office network address range. ?Lots of docs on the Openvpn site. -- Michael Howard
Your pfSense firewall has OpenVPN built into it already, and you can point pfSense authentication back to your samba AD. We support over 400 users in this model. The configuration file for OpenVPN is common to all users, and they authenticate with their AD credentials.> On Mar 14, 2020, at 7:21 AM, Michael Howard via samba <samba at lists.samba.org> wrote: > > On 14/03/2020 13:53, Marco Shmerykowsky via samba wrote: >> >> Probably not the best place to ask, but hopefully >> someone can point me in the right direction. >> >> I have a tiny business. We use Samba for file sharing >> and authentication in an AD setup. I'm running a >> pfsense appliance firewall. NAT on the internal >> network. >> >> Is there a way to allow employees to authenticate >> and access files to encourage remote work? >> >> What resource should I look to to figure this out? >> Really have no clue where to start. If it wasn't >> for Covid19, this would not be a need. >> >> Appreciate any pointers. > > Personally, I'd just setup an Openvpn server within your site, generate keys for each user as needed, open the firewall for the port(s) of your choice and finally setup the Openvpn clients on the users' laptops/pcs. Once the users connect they proceed as normal. The users 'home' network address should be different to the office network address range. > > Lots of docs on the Openvpn site. > > -- > Michael Howard > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>
Maybe Matching Threads
- Q: Samba AD, Pfsense, Windows 10, vpn
- Q: Samba AD, Pfsense, Windows 10, vpn
- PFsense via Samba Authentication Server -> ERROR! ldap_get_groups() could not bind
- Q: Samba AD, Pfsense, Windows 10, vpn
- PFsense via Samba Authentication Server -> ERROR! ldap_get_groups() could not bind