Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Open VPN authentication with Apple OS X Open Directory Server

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      atteast
      last edited by

      Does anyone know where i can find information on authenticating users, coming in over Open VPN, with an Open Directory server from Apple?

      Is this information available in the PfSense book that comes with the Gold subscription?

      Followed directions for setting up an LDAP v3 server in the User Manager. It seems to be set up correctly. When connecting remotely, it asks for the username and password to connect, however after i enter the user credentials it says that username and password are incorrect.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Use Diagnostics > Authentication to do your debugging.

        I just tested with OS X 10.11.6 and Server 5.1.7. Seems to work.

        User: derelict authenticated successfully. This user is a member of groups:

        admin
            nasadmin

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • A
          atteast
          last edited by

          Thanks Derelict, the authentication is failing and not sure what the correct settings are to use with OS X 10.11.x

          Some settings in the Server Settings section:

          Port value: 636
          Peer Certificate Authority: MainCA Internal (Is this where i could be going wrong? Do i have to export the authentication certificate from the authentication server?)

          The Base DN is: cn=users, dc=abcserver, dc=local
          Authentication containers: cn=users, dc=abcserver, dc=local

          Do i need to check the RFC 2307 Groups box?

          What do i put for Group Object Class?

          Thanks.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.