Active Directory/LDAP and WebGUI

zarje · Sep 6, 2016, 8:11 PM

Hi All

I'm trying to setup LDAP authentication with my Active Directory domain in pfSense 2.3.2 so that I can login using an AD account when authenticating with the WebGUI. I followed the instructions at:

https://forum.pfsense.org/index.php?topic=44689.0

After setting all this up I can go into Diagnostics–-> Authentication and can successfully test authenticating with one of my AD accounts. But when I try logging in via the WebGUI it says that I am entering the incorrect username/password. What am I doing wrong here? I have setup the group with the necessary roles/permissions and added the account I want to use to authenticate with the WebGUI to the "pfSense Admins" group I created in AD and pfSense.

Here are my authentication server and group settings:

My domain controller runs Windows Server 2012 R2. As another test I delibrately entered an incorrect password when testing the authentication under diagnostics and I can see an Audit failed entry in the event viewer on the domain controller so pfSense is connecting to the DC.

What have I missed here? ::)

rlrobs · Sep 7, 2016, 3:59 AM

Menu settings/ Authentication Server: select your AD configuration

In permissions group, select "WebCfg - All pages" only.

zarje · Sep 7, 2016, 6:26 AM

@rlrobs:

Menu settings/ Authentication Server: select your AD configuration

In permissions group, select "WebCfg - All pages" only.

I tried that but I still can't login via the webgui using my AD account. Is there anything else I can try?

rlrobs · Sep 7, 2016, 1:25 PM

Note: only the users in the container "OU = Admins OU=…." are allowed to authenticate

zarje · Sep 7, 2016, 3:42 PM

@rlrobs:

Note: only the users in the container "OU = Admins OU=…." are allowed to authenticate

Correct. I am using an account located in the Admins OU to authenticate.

zarje · Sep 10, 2016, 2:24 PM

Any other ideas? I just can't get my AD authentication working with teh webgui…

zarje · Oct 6, 2016, 12:38 PM

Does anyone have any further ideas as to what I can do to get this working? I still can't login with an AD account to the webgui in pfsense…

dreamslacker · Oct 6, 2016, 3:15 PM

Those steps only setup LDAP/ AD as a authentication server but doesn't assign it for use.

To use that server as an authentication server for pfSense itself, head over to:

System -> User Manager -> Settings

Switch "Authentication Server" from Local Database to the AD server instance you've setup.

jreinhart · Dec 12, 2019, 4:25 AM

@dreamslacker Bingo, that was the piece I forgot, thanks!