• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

User manager settings - LDAP AD Setting

Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
6 Posts 4 Posters 14.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    akoei
    last edited by Apr 15, 2011, 3:35 PM

    I have created an auth server corresponding my AD, from the "user manager"–->"servers" tab.
    From "user manager"--->"settings", I changed to my auth server and passed the "save and test"
    Then I created a same name user as AD from "user manager"--->"users", and assign "webcfg all pages" to its privilege.

    But, when I tried login with this new created user, I got:

    "No page assigned to this user! Click here to logout. "

    Please help, thanks!

    1 Reply Last reply Reply Quote 0
    • J
      jvcrabb
      last edited by Apr 21, 2011, 2:21 PM

      I am having the same problem.  I did some searching and came across this thread http://forum.pfsense.org/index.php/topic,10249.msg57436/topicseen.html#msg57436 but it does not seem to work.

      I have confirmed that the authentication is working on the test page and I can see in the logs that the user is successfully authenticating against the AD domain. But I get the same message

      "No page assigned to this user! Click here to logout. "

      I configured a group using the same group name and gave this group access to all pages on the WebConfigurator.  It appears that pfSense is not recognizing the user is a member of the group.  Does anyone have any suggestions?

      1 Reply Last reply Reply Quote 0
      • J
        jvcrabb
        last edited by Apr 25, 2011, 9:19 PM

        Hi folks just wanted to see if anyone out there is experiencing the same problem.

        Specifically LDAP authentication is working against MS AD, I can see in the log that pfSense is hitting the containers that I specified filtering on samaccountname=username. But for some reason it is failing to link the AD group this account is a member of against the local group I created using the same name.  I gave this local group WebCfg - All pages.

        This is my first time working with LDAP so it is possible that I am making a dumb mistake but I have searched through the forums and feel that I am doing the right thing.

        I have configured the LDAP server settings for both:

        User naming attribute - samAccountName
        Group naming attribute - cn
        Group member attribute - memberOf

        and

        User naming attribute - samAccountName
        Group naming attribute - memberOf
        Group member attribute - memberOf

        based off information found in other threads but I still get the message:

        "No page assigned to this user! Click here to logout. "

        So I think the account authenticates successfully but it fails to see that the account is a member of the AD group that corresponds to the local group I created.

        I hope this make sense, I do see other posts about this, it appears that they got it working so I am not sure what I am doing wrong.

        If anyone out there has this working I would appreciate some assistance.

        1 Reply Last reply Reply Quote 0
        • I
          indy23
          last edited by Jul 5, 2011, 8:22 PM

          Hi ;)

          I'd the same problem with the "No page assigned to this user! Click here to logout. " when i'm logged on with an AD user.

          I have configured the LDAP server settings for:

          User naming attribute - samAccountName
          Group naming attribute - cn
          Group member attribute - memberOf

          In the Search scope field, i have to put "entire subtree" and not "one level" to have groups sync OK.

          Like that, my user "test" on the AD which is in the group "pfsense" (group created both on pfsense and AD) have the right to login in the webconfigurator.

          I hope that will help you.

          1 Reply Last reply Reply Quote 0
          • J
            jimp Rebel Alliance Developer Netgate
            last edited by Jul 6, 2011, 8:13 PM

            I believe that it the same or similar issue to this:

            http://redmine.pfsense.org/issues/935

            The workaround in the ticket may help.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • J
              jvcrabb
              last edited by Jul 18, 2011, 3:39 PM

              Thank you for the feedback.  I have not had a chance to actually test this (too many other things to do at the moment) but when I can I will test and share my results.  Thank you for the help!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received