Issue with AD Authentication Server



  • Hi everyone,

    I'm new to PfSense and I'm only using it for private usage and interest in it. I set up a AD server based on Ubuntu 18.04 and Samba, to centralize my user management. After a few tries I got it to work and I'm able to bind Windows and Linux machines to my local AD domain.

    Unfortunately I'm not able to bind PfSense to it. I set everything up according to the many tutorials online. Here is my configuration:

    Descriptive name: Active Directory Domain Controller
    Type: LDAP
    Hostname or IP address: addc
    Port value: 389
    Transport: TCP - Standard
    Protocol version: 3
    Server Timeout: 25
    Search scope Level: Entire Subtree
    Search scope BaseDN: DC=DOMAIN,DC=LAN
    Authentication containers: CN=Users,DC=domain,DC=lan
    Extended query: true
    Query: memberOf=CN=Administrators,CN=Users,DC=domain,DC=lan
    Bind anonymous: false
    Bind credentials: pfsense-ad@domain.lan *password*
    User naming attribute: sAMAccountName
    Group naming attribute: cn
    Group member attribute: memberOf
    RFC 2307 Groups: false
    Group Object Class: posixGroup
    UTF8 Encode: false
    Username Alterations: false
    

    If save and test my settings i get the following result:

    Attempting connection to  - addc - OK
    Attempting bind to - addc - OK
    Attempting to fetch Organizational Units from - addc - failed
    

    And I'm also unable to use the "Select a container" under "System/User Manager/Authentication Servers/Edit". If try a message in red is displayed at the buttem of the page: "Could not connect to the LDAP server. Please check the LDAP configuration."

    I set up the AD Server according to this howto: Link

    But I used the command

    sudo samba-tool domain provision --use-rfc2307 --interactive
    

    to create the Samba Domain config files. Because, as far as I understand, the "--use-rfc2307" parameter generates POSIX prefixes into the AD configuration and I guessed it is needed for PfSense. In one of my first tries I generated the Samba Domain config with out the "--use-rfc2307" parameter, but I got the same result.

    The syslog show entries like this:

    Aug 19 09:02:16	php-fpm	17185	/system_authservers.php: ERROR! ldap_get_user_ous() could not bind to server .
    Aug 19 09:02:28	php-fpm	17185	/system_authservers.php: ERROR! ldap_get_user_ous() could not bind to server .
    Aug 19 09:02:36	php-fpm	17185	/system_usermanager_settings.php: ERROR! ldap_get_groups() could not bind to server Active Directory Domain Controller.
    Aug 19 09:02:36	php-fpm	17185	/system_usermanager_settings.php: ERROR! ldap_get_user_ous() could not bind to server Active Directory Domain Controller.
    

    As I already said, Windows 10 and Ubuntu 18.04 don't have problems to bind to the AD server.

    I hope someone can help me, because I really don't know to proceed.

    Greetings
    m0nKeY



  • Is no one able to give advice?