# Ajouter PfSense à l'active directory On va commencer par activer le secure shell pour administrer la VM en ssh. Acceder à PfSense -> System -> Advanced -> Admin Access [![Capture d’écran 2024-12-11 à 08.55.08.png](https://book.techoops.fr/uploads/images/gallery/2024-12/scaled-1680-/capture-decran-2024-12-11-a-08-55-08.png)](https://book.techoops.fr/uploads/images/gallery/2024-12/capture-decran-2024-12-11-a-08-55-08.png) Enable + Enable ssh-agent On renseigne le ssh port en **2222 ** ![Capture d’écran 2024-12-11 à 08.55.37.png](https://book.techoops.fr/uploads/images/gallery/2024-12/scaled-1680-/capture-decran-2024-12-11-a-08-55-37.png) Se connecter en ssh à l'infra **192.168.1.4** dans mon cas. Puis se connecter au PfSense ``` ssh root@192.168.1.4 -p 2222 ```

([user@ipPfsense](mailto:user@ipPfsense) -p PortConfiguré)

[![Capture d’écran 2024-12-11 à 09.01.03.png](https://book.techoops.fr/uploads/images/gallery/2024-12/scaled-1680-/capture-decran-2024-12-11-a-09-01-03.png)](https://book.techoops.fr/uploads/images/gallery/2024-12/capture-decran-2024-12-11-a-09-01-03.png) Option 8 (Shell) On va éditer : ``` /usr/local/etc/pkg/repos/pfSense.conf ``` ``` FreeBSD: { enabled: yes } pfSense-core: { url: "pkg+https://pkg.pfsense.org/pfSense_v2_7_2_amd64-core", mirror_type: "srv", signature_type: "fingerprints", fingerprints: "/usr/local/share/pfSense/keys/pkg", enabled: yes } pfSense: { url: "pkg+https://pkg.pfsense.org/pfSense_v2_7_2_amd64-pfSense_v2_7_2", mirror_type: "srv", signature_type: "fingerprints", fingerprints: "/usr/local/share/pfSense/keys/pkg", enabled: yes } ``` **ET** ``` /usr/local/etc/pkg/repos/FreeBSD.conf ``` ``` FreeBSD: { url: "pkg+https://pkg.freebsd.org/${ABI}/latest", enabled: true, signature_type: "fingerprints", fingerprints: "/usr/share/keys/pkg", mirror_type: "srv" } ``` On installe maintenant les packets ``` pkg install -y adcli sssd2 samba416 ``` Une fois installés, on va éditer : ``` /etc/krb5.conf ``` ``` [logging] default = FILE:/var/log/krb5libs.log [libdefaults] default_realm = megaproduction.local dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false ``` default\_realm = Nom de domaine ``` /usr/local/etc/smb4.conf ``` ``` [global] security = ads realm = MEGAPRODUCTION.LOCAL workgroup = MEGAPRODUCTION log file = /var/log/samba/%m.log log level = 3 kerberos method = secrets and keytab client signing = yes load printers = no cups options = raw printcap name = /dev/null ntlm auth = disabled idmap config MYDOMAIN: backend = sss idmap config MYDOMAIN: range = 200000-2147483647 idmap config * : backend = tdb idmap config * : range = 100000-199999 inherit acls = no server min protocol = SMB3 map to guest = bad user unix extensions = no ``` (EN MAJUSCULE) realm = NOM DE DOMAINE.LOCAL workgroup = NOM DE DOMAINE On redémarre les services ``` service kerberos restart && service samba_server restart ``` Maintenant, on va pouvoir découvrir la machine : ``` net ads join -U administrateur@megaproduction.local ``` [![Capture d’écran 2024-12-11 à 09.46.18.png](https://book.techoops.fr/uploads/images/gallery/2024-12/scaled-1680-/U1zcapture-decran-2024-12-11-a-09-46-18.png)](https://book.techoops.fr/uploads/images/gallery/2024-12/U1zcapture-decran-2024-12-11-a-09-46-18.png) Voilà la machine est maintenant ajoutée à l'AD. [![Capture d’écran 2024-12-11 à 09.52.33.png](https://book.techoops.fr/uploads/images/gallery/2024-12/scaled-1680-/capture-decran-2024-12-11-a-09-52-33.png)](https://book.techoops.fr/uploads/images/gallery/2024-12/capture-decran-2024-12-11-a-09-52-33.png)