Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FreeRADIUS, RADIUS, LDAP, Active Directory, User Authentication

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Viktor.V
      last edited by

      Hi Everyone!

      Main question:
      The LDAP tab
      (Services -> FreeRadius -> LDAP)
      does not work with Active Directory?

      Sub questions:

      1. Or if it works, somebody could give the attributes to use with Active Directory please?

      General Configuration - Server 1
      Filter /some say it is (sAMAccountName=)/
      LDAP search filter. Default: (uid=%{%{Stripped-User-Name}:-%{User-Name}})
      Base Filter /some say it is (ObjectClass=*) or User/
      Default: (objectclass=radiusprofile)

      Miscellaneous Configuration - Server 1
      Profile Attribute /use deafult or else?/
      (Default: radiusProfileDn)
      Access Attribute /use deafult or else?/
      (Default: dialupAccess)

      Group Membership Options - Server 1
      Group Membership Filter /use default or else?/
      Default: (|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))
      Group Membership Attribute /I guess it is "memberOf" but who knows/
      (Default: radiusGroupName)

      1. If all this does not work with Active Directory.
        But I do not understand why the option is there.
        Active Directory Compatibility
        Enable
        If you see the helpful "operations error" being returned to the LDAP module, enable this. (Default: Disable)

      Then why can not use the Authentication Servers?
      (System -> User Manager -> Authentication Servers)

      Like with IPsec.
      (VPN -> IPsec -> Mobile Clients)
      Extended Authentication (Xauth)
      User Authentication
      /LDAP, RADIUS servers are listed here/
      Local Database /default/

      Because the Authentication Servers settings work perfectly fine with the Active Directory.

      It would be much elegant to authenticate Active Directory users to use WIFI Access Points connected to PFSENSE clients, through FreeRADIUS Server for example, and non of the less, it would be a point to use Active Directory LDAP Authentication instead of configuring NPS/RADIUS separately from PFSENSE.

      Any ideas, thoughts, anything?

      PFSENSE version:
      2.4.5-RELEASE-p1 (amd64)
      built on Tue Jun 02 17:51:17 EDT 2020
      FreeBSD 11.3-STABLE

      RADIUS version:
      freeradius3 0.15.7_20

      1 Reply Last reply Reply Quote 2
      • M
        MR. Newbie
        last edited by

        It would be easier to use LDAP for authentication. I currently use LDAP for internet access authentication and for squidguard.

        A 1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          The LDAP query you use there depends entirely on how you have your AD server setup.
          It's not something we can guess for you.

          Though if you search the forum you will find examples of other users queries that are typical.

          Steve

          1 Reply Last reply Reply Quote 0
          • A
            aeonics @MR. Newbie
            last edited by

            @mr-newbie
            How?? i have some issues, i can't find the error,
            can you helpme??

            I have Ldap with freeipa and packages radius in the pfsense

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              How do you have it configured?

              What is happening?

              What do you expect to happen?

              Steve

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.