Trying AD authentication group based on Squid



  • Hi,

    I'm trying to get AD authentication work on group level in Squid.
    I am succesfully able to login with domain users to PFSense itself, so my AD setup is working, and PFSense has access to LDAP, DNS etc.

    I configured LDAP:

    • authentication server: domain controller IP
    • authentication port: 389
    • LDAP Server user DN: CN=serviceaccount,OU=service,OU=Accounts,OU=domainname,dc=domainname,dc=local
    • Base Domain: dc=domainname,dc=local
    • Search filter: memberOf=CN=gg-Internet-Access,OU=Groups,OU=domainname,DC=domainname,DC=local

    The user get's the authentication prompt, but I'm not able to authenticate. I'm sure I'm doing something wrong, just not sure what.

    Thanks,

    Mark



  • Hi Mark….

    Whats username and password you use to authenticate user in active directory ?

    Please check all information bellow:

    User gg is member domain admins ?
    User gg have special caracter in password? example "@" ?

    Dansguardian cannot pass authenthication in Active Directory if user used contain special caracter in password.

    God Luck! and sorry my english !



  • Hello,

    As per experience during implementation. There are 2 problems in pFSense Squid.

    1. Base domain can't use "DC=Domain,DC=local", you must use something like OU=something,DC=domain,DC=local . And OU needs to be the same one using in "Search Filter"
    2. The AD user needs exists in that OU, user accounts located from other OU, Container or anywhere. Even these accounts in Search filter group". Authentication remains fail

Log in to reply