{"id":430,"date":"2022-06-15T15:01:35","date_gmt":"2022-06-15T13:01:35","guid":{"rendered":"http:\/\/wp.12p.no\/?p=430"},"modified":"2022-06-15T15:01:35","modified_gmt":"2022-06-15T13:01:35","slug":"adding-user-interactive-uid-webportal-for-paloalto-firewalls","status":"publish","type":"post","link":"https:\/\/12p.no\/wp\/?p=430","title":{"rendered":"Adding user interactive UID webportal for paloalto firewalls"},"content":{"rendered":"\n

Just adding authentication user identification functionallity on selfhosted webportal based on local active directory<\/p>\n\n\n\n

BY NO MEANS SECURE, no input is sanitized…<\/strong><\/p>\n\n\n\n

ref: https:\/\/wp.12p.no\/2022\/05\/13\/alternative-to-captive-webportal\/<\/p>\n\n\n\n

First thing that is needed. php-ldap. I noticed it was not supported by php7, so i change php version to 8.x. <\/p>\n\n\n\n

# a2dismod php7.x.x<\/p>\n\n\n\n

# a2enmod php8.x.x<\/p>\n\n\n\n

then <\/p>\n\n\n\n

# apt install php-ldap<\/p>\n\n\n\n

#service apache2 restart<\/p>\n\n\n\n

then created a local website in my apache folder<\/p>\n\n\n\n

index.php:<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

Then create an auth file:<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

The syslogip points to the syslog recieving interface of paloalto<\/p>\n\n\n\n

domain points to the domain name<\/p>\n\n\n\n

replace: ad.placebodome.local with your ADs FQDN.<\/p>\n\n\n\n

The php-ldap function then tries to bind to the domain using the userprovided username and password. If binding fails the user is not authenticated.<\/p>\n\n\n\n

If the binding is successfull a logger command is run to send a syslog message to the Paloalto firewall with username of user and the ipaddress for the requester\/user.<\/p>\n\n\n\n

As the previouse example: https:\/\/wp.12p.no\/2022\/05\/13\/alternative-to-captive-webportal\/ using the syslog parser:<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

Voila, the user is populated in the same way as the original<\/p>\n","protected":false},"excerpt":{"rendered":"

Just adding authentication user identification functionallity on selfhosted webportal based on local active directory BY NO MEANS SECURE, no input is sanitized… ref: https:\/\/wp.12p.no\/2022\/05\/13\/alternative-to-captive-webportal\/ First thing that is needed. php-ldap. I noticed it was not supported by php7, so i change php version to 8.x. # a2dismod php7.x.x # a2enmod php8.x.x then # apt install […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-430","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/12p.no\/wp\/index.php?rest_route=\/wp\/v2\/posts\/430","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/12p.no\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/12p.no\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/12p.no\/wp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/12p.no\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=430"}],"version-history":[{"count":0,"href":"https:\/\/12p.no\/wp\/index.php?rest_route=\/wp\/v2\/posts\/430\/revisions"}],"wp:attachment":[{"href":"https:\/\/12p.no\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=430"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/12p.no\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=430"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/12p.no\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=430"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}