Active Directory/LDAP and WebGUI



  • Hi All

    I'm trying to setup LDAP authentication with my Active Directory domain in pfSense 2.3.2 so that I can login using an AD account when authenticating with the WebGUI. I followed the instructions at:

    https://forum.pfsense.org/index.php?topic=44689.0

    After setting all this up I can go into Diagnostics–-> Authentication and can successfully test authenticating with one of my AD accounts. But when I try logging in via the WebGUI it says that I am entering the incorrect username/password. What am I doing wrong here? I have setup the group with the necessary roles/permissions and added the account I want to use to authenticate with the WebGUI to the "pfSense Admins" group I created in AD and pfSense.

    Here are my authentication server and group settings:

    My domain controller runs Windows Server 2012 R2. As another test I delibrately entered an incorrect password when testing the authentication under diagnostics and I can see an Audit failed entry in the event viewer on the domain controller so pfSense is connecting to the DC.

    What have I missed here?  ::)



  • Menu settings/ Authentication Server: select your AD configuration

    In permissions group, select "WebCfg - All pages" only.



  • @rlrobs:

    Menu settings/ Authentication Server: select your AD configuration

    In permissions group, select "WebCfg - All pages" only.

    I tried that but I still can't login via the webgui using my AD account. Is there anything else I can try?



  • Note: only the users in the container "OU = Admins OU=…." are allowed to authenticate



  • @rlrobs:

    Note: only the users in the container "OU = Admins OU=…." are allowed to authenticate

    Correct. I am using an account located in the Admins OU to authenticate.



  • Any other ideas? I just can't get my AD authentication working with teh webgui…



  • Does anyone have any further ideas as to what I can do to get this working? I still can't login with an AD account to the webgui in pfsense…



  • Those steps only setup LDAP/ AD as a authentication server but doesn't assign it for use.

    To use that server as an authentication server for pfSense itself, head over to:

    System -> User Manager -> Settings

    Switch "Authentication Server" from Local Database to the AD server instance you've setup.



  • @dreamslacker Bingo, that was the piece I forgot, thanks!


Log in to reply