• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Active Directory/LDAP and WebGUI

Scheduled Pinned Locked Moved General pfSense Questions
9 Posts 4 Posters 11.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Z
    zarje
    last edited by Sep 6, 2016, 8:11 PM

    Hi All

    I'm trying to setup LDAP authentication with my Active Directory domain in pfSense 2.3.2 so that I can login using an AD account when authenticating with the WebGUI. I followed the instructions at:

    https://forum.pfsense.org/index.php?topic=44689.0

    After setting all this up I can go into Diagnostics–-> Authentication and can successfully test authenticating with one of my AD accounts. But when I try logging in via the WebGUI it says that I am entering the incorrect username/password. What am I doing wrong here? I have setup the group with the necessary roles/permissions and added the account I want to use to authenticate with the WebGUI to the "pfSense Admins" group I created in AD and pfSense.

    Here are my authentication server and group settings:

    My domain controller runs Windows Server 2012 R2. As another test I delibrately entered an incorrect password when testing the authentication under diagnostics and I can see an Audit failed entry in the event viewer on the domain controller so pfSense is connecting to the DC.

    What have I missed here?  ::)

    1 Reply Last reply Reply Quote 0
    • R
      rlrobs
      last edited by Sep 7, 2016, 3:59 AM

      Menu settings/ Authentication Server: select your AD configuration

      In permissions group, select "WebCfg - All pages" only.

      1 Reply Last reply Reply Quote 0
      • Z
        zarje
        last edited by Sep 7, 2016, 6:26 AM

        @rlrobs:

        Menu settings/ Authentication Server: select your AD configuration

        In permissions group, select "WebCfg - All pages" only.

        I tried that but I still can't login via the webgui using my AD account. Is there anything else I can try?

        1 Reply Last reply Reply Quote 0
        • R
          rlrobs
          last edited by Sep 7, 2016, 1:25 PM

          Note: only the users in the container "OU = Admins OU=…." are allowed to authenticate

          1 Reply Last reply Reply Quote 0
          • Z
            zarje
            last edited by Sep 7, 2016, 3:42 PM

            @rlrobs:

            Note: only the users in the container "OU = Admins OU=…." are allowed to authenticate

            Correct. I am using an account located in the Admins OU to authenticate.

            1 Reply Last reply Reply Quote 0
            • Z
              zarje
              last edited by Sep 10, 2016, 2:24 PM

              Any other ideas? I just can't get my AD authentication working with teh webgui…

              1 Reply Last reply Reply Quote 0
              • Z
                zarje
                last edited by Oct 6, 2016, 12:38 PM

                Does anyone have any further ideas as to what I can do to get this working? I still can't login with an AD account to the webgui in pfsense…

                1 Reply Last reply Reply Quote 0
                • D
                  dreamslacker
                  last edited by Oct 6, 2016, 3:15 PM

                  Those steps only setup LDAP/ AD as a authentication server but doesn't assign it for use.

                  To use that server as an authentication server for pfSense itself, head over to:

                  System -> User Manager -> Settings

                  Switch "Authentication Server" from Local Database to the AD server instance you've setup.

                  J 1 Reply Last reply Dec 12, 2019, 4:25 AM Reply Quote 1
                  • J
                    jreinhart @dreamslacker
                    last edited by Dec 12, 2019, 4:25 AM

                    @dreamslacker Bingo, that was the piece I forgot, thanks!

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received