Hey, In here I've decribed my work on this topic :) https://forum.netgate.com/topic/189447/openvpn-ssl-tls-user-auth-over-ldap/3

I found my issue: the group membership attribute should be "memberOf" instead of member as posted by OP.

Boas, Tenho o mesmo problema, alguém tem alguma dica ?

I spent hours digging into the ldaps connection issues I had through the GUI on pfsense. I used openssl s_client in the shell to determine where the issue was with the verification of the CA. openssl s_client -CAfile /etc/ssl/file.pem hostnamehere:636 Anytime I specified the CA file location openssl returned no errors... so I was perplexed why it wasn't working in the GUI. I eventually ran across this post and I am very grateful: https://forum.netgate.com/topic/145578/ldaps-ad-bind/21 Essentially after changing the LDAP authentication server to LDAPS on port 636 you MUST restart php-fpm. I did this by running option 16 in the console. I am currently on 2.4.5 I hope this post helps someone else if they find themselves in this situation.

@jmurr Посмотрите тут Обратите внимание на раздел Extended Query Возможно , это то что Вам нужно https://docs.netgate.com/pfsense/en/latest/usermanager/ldap-troubleshooting.html

@wickeren said in Freeradius with LDAP backend and 802.1x: Have set Active Directory Compatibility in the Freeradius LDAP settings and played around with the EAP settings. For now the default is PEAP, in the EAP-PEAP section the default is MSCHAPv2 and Copy Request to Tunnel is set to Yes. According to some info I have found this should be OK, but in my case it isn’t however. Still think it must be something there, but can’t figure it out yet. Hi , I tried to configure free-radius on Pfsense (authentication via ldap or Kerberos) , i have AD 2008 . can you share your configuration please