• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Issue with AD Authentication Server

Scheduled Pinned Locked Moved General pfSense Questions
6 Posts 4 Posters 2.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    m0nKeY
    last edited by Aug 20, 2018, 5:44 PM

    Hi everyone,

    I'm new to PfSense and I'm only using it for private usage and interest in it. I set up a AD server based on Ubuntu 18.04 and Samba, to centralize my user management. After a few tries I got it to work and I'm able to bind Windows and Linux machines to my local AD domain.

    Unfortunately I'm not able to bind PfSense to it. I set everything up according to the many tutorials online. Here is my configuration:

    Descriptive name: Active Directory Domain Controller
    Type: LDAP
    Hostname or IP address: addc
    Port value: 389
    Transport: TCP - Standard
    Protocol version: 3
    Server Timeout: 25
    Search scope Level: Entire Subtree
    Search scope BaseDN: DC=DOMAIN,DC=LAN
    Authentication containers: CN=Users,DC=domain,DC=lan
    Extended query: true
    Query: memberOf=CN=Administrators,CN=Users,DC=domain,DC=lan
    Bind anonymous: false
    Bind credentials: pfsense-ad@domain.lan *password*
    User naming attribute: sAMAccountName
    Group naming attribute: cn
    Group member attribute: memberOf
    RFC 2307 Groups: false
    Group Object Class: posixGroup
    UTF8 Encode: false
    Username Alterations: false
    

    If save and test my settings i get the following result:

    Attempting connection to  - addc - OK
    Attempting bind to - addc - OK
    Attempting to fetch Organizational Units from - addc - failed
    

    And I'm also unable to use the "Select a container" under "System/User Manager/Authentication Servers/Edit". If try a message in red is displayed at the buttem of the page: "Could not connect to the LDAP server. Please check the LDAP configuration."

    I set up the AD Server according to this howto: Link

    But I used the command

    sudo samba-tool domain provision --use-rfc2307 --interactive
    

    to create the Samba Domain config files. Because, as far as I understand, the "--use-rfc2307" parameter generates POSIX prefixes into the AD configuration and I guessed it is needed for PfSense. In one of my first tries I generated the Samba Domain config with out the "--use-rfc2307" parameter, but I got the same result.

    The syslog show entries like this:

    Aug 19 09:02:16	php-fpm	17185	/system_authservers.php: ERROR! ldap_get_user_ous() could not bind to server .
    Aug 19 09:02:28	php-fpm	17185	/system_authservers.php: ERROR! ldap_get_user_ous() could not bind to server .
    Aug 19 09:02:36	php-fpm	17185	/system_usermanager_settings.php: ERROR! ldap_get_groups() could not bind to server Active Directory Domain Controller.
    Aug 19 09:02:36	php-fpm	17185	/system_usermanager_settings.php: ERROR! ldap_get_user_ous() could not bind to server Active Directory Domain Controller.
    

    As I already said, Windows 10 and Ubuntu 18.04 don't have problems to bind to the AD server.

    I hope someone can help me, because I really don't know to proceed.

    Greetings
    m0nKeY

    1 Reply Last reply Reply Quote 0
    • M
      m0nKeY
      last edited by Aug 22, 2018, 6:11 PM

      Is no one able to give advice?

      1 Reply Last reply Reply Quote 0
      • M
        mc-amz
        last edited by Feb 28, 2022, 10:09 PM

        hi, were you able to fix this? i am in exact same situation

        1 Reply Last reply Reply Quote 0
        • S
          stephenw10 Netgate Administrator
          last edited by Mar 1, 2022, 3:02 PM

          Not exactly that same because it's 4 years later and I assume you're using pfSense 2.6? And probably not Ubuntu 18.06.

          So what exactly are you seeing now? What have you tried? How is it configured?

          Steve

          1 Reply Last reply Reply Quote 0
          • M
            mc-amz
            last edited by Mar 1, 2022, 3:18 PM

            hi Steve, exact situation referred to same error message; fixed it by disabling on the AD LDAP Domain Signing in gpedit. thx for asking!

            C 1 Reply Last reply Jan 3, 2023, 3:32 PM Reply Quote 1
            • C
              conejero @mc-amz
              last edited by Jan 3, 2023, 3:32 PM

              @mc-amz Just in case anyone stumbles upon this issue. We were able to fix it by adding the setting
              "ldap server require strong auth = no"
              to our smb.conf file.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received