Active Directory/LDAP and WebGUI
-
Hi All
I'm trying to setup LDAP authentication with my Active Directory domain in pfSense 2.3.2 so that I can login using an AD account when authenticating with the WebGUI. I followed the instructions at:
https://forum.pfsense.org/index.php?topic=44689.0
After setting all this up I can go into Diagnostics–-> Authentication and can successfully test authenticating with one of my AD accounts. But when I try logging in via the WebGUI it says that I am entering the incorrect username/password. What am I doing wrong here? I have setup the group with the necessary roles/permissions and added the account I want to use to authenticate with the WebGUI to the "pfSense Admins" group I created in AD and pfSense.
Here are my authentication server and group settings:
My domain controller runs Windows Server 2012 R2. As another test I delibrately entered an incorrect password when testing the authentication under diagnostics and I can see an Audit failed entry in the event viewer on the domain controller so pfSense is connecting to the DC.
What have I missed here? ::)
-
Menu settings/ Authentication Server: select your AD configuration
In permissions group, select "WebCfg - All pages" only.
-
Menu settings/ Authentication Server: select your AD configuration
In permissions group, select "WebCfg - All pages" only.
I tried that but I still can't login via the webgui using my AD account. Is there anything else I can try?
-
Note: only the users in the container "OU = Admins OU=…." are allowed to authenticate
-
Note: only the users in the container "OU = Admins OU=…." are allowed to authenticate
Correct. I am using an account located in the Admins OU to authenticate.
-
Any other ideas? I just can't get my AD authentication working with teh webgui…
-
Does anyone have any further ideas as to what I can do to get this working? I still can't login with an AD account to the webgui in pfsense…
-
Those steps only setup LDAP/ AD as a authentication server but doesn't assign it for use.
To use that server as an authentication server for pfSense itself, head over to:
System -> User Manager -> Settings
Switch "Authentication Server" from Local Database to the AD server instance you've setup.
-
@dreamslacker Bingo, that was the piece I forgot, thanks!