Trying AD authentication group based on Squid
-
Hi,
I'm trying to get AD authentication work on group level in Squid.
I am succesfully able to login with domain users to PFSense itself, so my AD setup is working, and PFSense has access to LDAP, DNS etc.I configured LDAP:
- authentication server: domain controller IP
- authentication port: 389
- LDAP Server user DN: CN=serviceaccount,OU=service,OU=Accounts,OU=domainname,dc=domainname,dc=local
- Base Domain: dc=domainname,dc=local
- Search filter: memberOf=CN=gg-Internet-Access,OU=Groups,OU=domainname,DC=domainname,DC=local
The user get's the authentication prompt, but I'm not able to authenticate. I'm sure I'm doing something wrong, just not sure what.
Thanks,
Mark
-
Hi Mark….
Whats username and password you use to authenticate user in active directory ?
Please check all information bellow:
User gg is member domain admins ?
User gg have special caracter in password? example "@" ?Dansguardian cannot pass authenthication in Active Directory if user used contain special caracter in password.
God Luck! and sorry my english !
-
Hello,
As per experience during implementation. There are 2 problems in pFSense Squid.
- Base domain can't use "DC=Domain,DC=local", you must use something like OU=something,DC=domain,DC=local . And OU needs to be the same one using in "Search Filter"
- The AD user needs exists in that OU, user accounts located from other OU, Container or anywhere. Even these accounts in Search filter group". Authentication remains fail