LDAP administration and VPN with 2.3.2



  • Good day fellow firewall administrators.
    I have been working on PFsense for over 5 years and have mostly found the resolutions to all my issues with the great people of this board. 
    This time it's different, and would appreciate any help you may provide.

    I have setup a FreeIPA server as I was looking for a multi master DNS server like you would get in AD.
    I have started using the authentication function of this system and would like to integrate it with PFSense.

    This is what i followed…
    https://ask.fedoraproject.org/en/question/63089/how-can-i-integrate-freeipa-with-pfsense-for-authentication/

    I have followed many other posts :
    https://forum.pfsense.org/index.php?topic=117322.msg649999#msg649999
    https://forum.pfsense.org/index.php?topic=64669.msg350596#msg350596

    I manage to get authentication to work with Use anonymous binds to resolve distinguished names.
    Next, I tried to use groups, this did not work.  I used this in the query &(cn=firewall_admins,cn=groups,cn=accounts,dc=int,dc=DOMAIN,dc=co).  My best guess is it requires bind credentials.
    Next I removed the extended query and try to add the bind credentials, but this step fails as well.

    Would you have any hints I could use?

    This is working with anonymous and no Query

    [29/Aug/2016:14:04:48.228386389 -0400] conn=920 fd=111 slot=111 SSL connection from 192.168.9.1 to 192.168.9.40
    [29/Aug/2016:14:04:48.235407055 -0400] conn=920 TLS1.2 128-bit AES-GCM
    [29/Aug/2016:14:04:48.235580038 -0400] conn=920 op=0 BIND dn="" method=128 version=3
    [29/Aug/2016:14:04:48.235707311 -0400] conn=920 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
    [29/Aug/2016:14:04:48.235933249 -0400] conn=920 op=1 SRCH base="cn=users,cn=accounts,dc=int,dc=Domain,dc=co" scope=1 filter="(uid=USER)" attrs=ALL
    [29/Aug/2016:14:04:48.237354202 -0400] conn=920 op=1 RESULT err=0 tag=101 nentries=1 etime=0
    [29/Aug/2016:14:04:48.237720822 -0400] conn=920 op=2 BIND dn="uid=USER,cn=users,cn=accounts,dc=int,dc=DOMAIN,dc=co" method=128 version=3
    [29/Aug/2016:14:04:48.238458289 -0400] conn=920 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=USER,cn=users,cn=accounts,dc=int,dc=DOMAIN,dc=co"
    [29/Aug/2016:14:04:48.240488363 -0400] conn=921 fd=113 slot=113 SSL connection from 192.168.9.1 to 192.168.9.40
    [29/Aug/2016:14:04:48.240554189 -0400] conn=920 op=3 UNBIND
    
    

    This is when I use the Query

    [29/Aug/2016:14:08:01.025673659 -0400] conn=924 fd=108 slot=108 SSL connection from 192.168.9.1 to 192.168.9.40
    [29/Aug/2016:14:08:01.041093468 -0400] conn=924 TLS1.2 128-bit AES-GCM
    [29/Aug/2016:14:08:01.041302088 -0400] conn=924 op=0 BIND dn="" method=128 version=3
    [29/Aug/2016:14:08:01.041422327 -0400] conn=924 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
    [29/Aug/2016:14:08:01.041725139 -0400] conn=924 op=1 SRCH base="cn=users,cn=accounts,dc=int,dc=DOMAIN,dc=co" scope=1 filter="(&(uid=USER)(&(cn=firewall_admins,cn=groups,cn=accounts,dc=int,dc=DOMAIN,dc=co)))" attrs=ALL
    [29/Aug/2016:14:08:01.042189533 -0400] conn=924 op=1 RESULT err=0 tag=101 nentries=0 etime=0
    [29/Aug/2016:14:08:01.042428661 -0400] conn=924 op=2 UNBIND
    [29/Aug/2016:14:08:01.042447310 -0400] conn=924 op=2 fd=108 closed - U1
    
    

    This is when I try to use a Bind Credential

    [29/Aug/2016:14:09:35.839203738 -0400] conn=925 fd=108 slot=108 SSL connection from 192.168.9.1 to 192.168.9.40
    [29/Aug/2016:14:09:35.870809172 -0400] conn=925 TLS1.2 128-bit AES-GCM
    [29/Aug/2016:14:09:35.871177563 -0400] conn=925 op=0 BIND dn="air_pfsense" method=128 version=3
    [29/Aug/2016:14:09:35.871309020 -0400] conn=925 op=0 RESULT err=32 tag=97 nentries=0 etime=0
    [29/Aug/2016:14:09:35.871598105 -0400] conn=925 op=1 UNBIND
    [29/Aug/2016:14:09:35.871617569 -0400] conn=925 op=1 fd=108 closed - U1
    

Log in to reply