LDAP administration and VPN with 2.3.2
-
Good day fellow firewall administrators.
I have been working on PFsense for over 5 years and have mostly found the resolutions to all my issues with the great people of this board.
This time it's different, and would appreciate any help you may provide.I have setup a FreeIPA server as I was looking for a multi master DNS server like you would get in AD.
I have started using the authentication function of this system and would like to integrate it with PFSense.This is what i followed…
https://ask.fedoraproject.org/en/question/63089/how-can-i-integrate-freeipa-with-pfsense-for-authentication/I have followed many other posts :
https://forum.pfsense.org/index.php?topic=117322.msg649999#msg649999
https://forum.pfsense.org/index.php?topic=64669.msg350596#msg350596I manage to get authentication to work with Use anonymous binds to resolve distinguished names.
Next, I tried to use groups, this did not work. I used this in the query &(cn=firewall_admins,cn=groups,cn=accounts,dc=int,dc=DOMAIN,dc=co). My best guess is it requires bind credentials.
Next I removed the extended query and try to add the bind credentials, but this step fails as well.Would you have any hints I could use?
This is working with anonymous and no Query
[29/Aug/2016:14:04:48.228386389 -0400] conn=920 fd=111 slot=111 SSL connection from 192.168.9.1 to 192.168.9.40 [29/Aug/2016:14:04:48.235407055 -0400] conn=920 TLS1.2 128-bit AES-GCM [29/Aug/2016:14:04:48.235580038 -0400] conn=920 op=0 BIND dn="" method=128 version=3 [29/Aug/2016:14:04:48.235707311 -0400] conn=920 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [29/Aug/2016:14:04:48.235933249 -0400] conn=920 op=1 SRCH base="cn=users,cn=accounts,dc=int,dc=Domain,dc=co" scope=1 filter="(uid=USER)" attrs=ALL [29/Aug/2016:14:04:48.237354202 -0400] conn=920 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [29/Aug/2016:14:04:48.237720822 -0400] conn=920 op=2 BIND dn="uid=USER,cn=users,cn=accounts,dc=int,dc=DOMAIN,dc=co" method=128 version=3 [29/Aug/2016:14:04:48.238458289 -0400] conn=920 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=USER,cn=users,cn=accounts,dc=int,dc=DOMAIN,dc=co" [29/Aug/2016:14:04:48.240488363 -0400] conn=921 fd=113 slot=113 SSL connection from 192.168.9.1 to 192.168.9.40 [29/Aug/2016:14:04:48.240554189 -0400] conn=920 op=3 UNBINDThis is when I use the Query
[29/Aug/2016:14:08:01.025673659 -0400] conn=924 fd=108 slot=108 SSL connection from 192.168.9.1 to 192.168.9.40 [29/Aug/2016:14:08:01.041093468 -0400] conn=924 TLS1.2 128-bit AES-GCM [29/Aug/2016:14:08:01.041302088 -0400] conn=924 op=0 BIND dn="" method=128 version=3 [29/Aug/2016:14:08:01.041422327 -0400] conn=924 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [29/Aug/2016:14:08:01.041725139 -0400] conn=924 op=1 SRCH base="cn=users,cn=accounts,dc=int,dc=DOMAIN,dc=co" scope=1 filter="(&(uid=USER)(&(cn=firewall_admins,cn=groups,cn=accounts,dc=int,dc=DOMAIN,dc=co)))" attrs=ALL [29/Aug/2016:14:08:01.042189533 -0400] conn=924 op=1 RESULT err=0 tag=101 nentries=0 etime=0 [29/Aug/2016:14:08:01.042428661 -0400] conn=924 op=2 UNBIND [29/Aug/2016:14:08:01.042447310 -0400] conn=924 op=2 fd=108 closed - U1This is when I try to use a Bind Credential
[29/Aug/2016:14:09:35.839203738 -0400] conn=925 fd=108 slot=108 SSL connection from 192.168.9.1 to 192.168.9.40 [29/Aug/2016:14:09:35.870809172 -0400] conn=925 TLS1.2 128-bit AES-GCM [29/Aug/2016:14:09:35.871177563 -0400] conn=925 op=0 BIND dn="air_pfsense" method=128 version=3 [29/Aug/2016:14:09:35.871309020 -0400] conn=925 op=0 RESULT err=32 tag=97 nentries=0 etime=0 [29/Aug/2016:14:09:35.871598105 -0400] conn=925 op=1 UNBIND [29/Aug/2016:14:09:35.871617569 -0400] conn=925 op=1 fd=108 closed - U1