User manager settings - LDAP AD Setting

akoei

I have created an auth server corresponding my AD, from the "user manager"–->"servers" tab.
From "user manager"--->"settings", I changed to my auth server and passed the "save and test"
Then I created a same name user as AD from "user manager"--->"users", and assign "webcfg all pages" to its privilege.

But, when I tried login with this new created user, I got:

"No page assigned to this user! Click here to logout. "

Please help, thanks!

jvcrabb

I am having the same problem.  I did some searching and came across this thread http://forum.pfsense.org/index.php/topic,10249.msg57436/topicseen.html#msg57436 but it does not seem to work.

I have confirmed that the authentication is working on the test page and I can see in the logs that the user is successfully authenticating against the AD domain. But I get the same message

"No page assigned to this user! Click here to logout. "

I configured a group using the same group name and gave this group access to all pages on the WebConfigurator.  It appears that pfSense is not recognizing the user is a member of the group.  Does anyone have any suggestions?

jvcrabb

Hi folks just wanted to see if anyone out there is experiencing the same problem.

Specifically LDAP authentication is working against MS AD, I can see in the log that pfSense is hitting the containers that I specified filtering on samaccountname=username. But for some reason it is failing to link the AD group this account is a member of against the local group I created using the same name.  I gave this local group WebCfg - All pages.

This is my first time working with LDAP so it is possible that I am making a dumb mistake but I have searched through the forums and feel that I am doing the right thing.

I have configured the LDAP server settings for both:

User naming attribute - samAccountName
Group naming attribute - cn
Group member attribute - memberOf

and

User naming attribute - samAccountName
Group naming attribute - memberOf
Group member attribute - memberOf

based off information found in other threads but I still get the message:

"No page assigned to this user! Click here to logout. "

So I think the account authenticates successfully but it fails to see that the account is a member of the AD group that corresponds to the local group I created.

I hope this make sense, I do see other posts about this, it appears that they got it working so I am not sure what I am doing wrong.

If anyone out there has this working I would appreciate some assistance.

indy23

Hi ;)

I'd the same problem with the "No page assigned to this user! Click here to logout. " when i'm logged on with an AD user.

I have configured the LDAP server settings for:

User naming attribute - samAccountName
Group naming attribute - cn
Group member attribute - memberOf

In the Search scope field, i have to put "entire subtree" and not "one level" to have groups sync OK.

Like that, my user "test" on the AD which is in the group "pfsense" (group created both on pfsense and AD) have the right to login in the webconfigurator.

I hope that will help you.

jimp

I believe that it the same or similar issue to this:

http://redmine.pfsense.org/issues/935

The workaround in the ticket may help.

jvcrabb

Thank you for the feedback.  I have not had a chance to actually test this (too many other things to do at the moment) but when I can I will test and share my results.  Thank you for the help!