Issue with AD Authentication Server
m0nKeY last edited by
I'm new to PfSense and I'm only using it for private usage and interest in it. I set up a AD server based on Ubuntu 18.04 and Samba, to centralize my user management. After a few tries I got it to work and I'm able to bind Windows and Linux machines to my local AD domain.
Unfortunately I'm not able to bind PfSense to it. I set everything up according to the many tutorials online. Here is my configuration:
Descriptive name: Active Directory Domain Controller Type: LDAP Hostname or IP address: addc Port value: 389 Transport: TCP - Standard Protocol version: 3 Server Timeout: 25 Search scope Level: Entire Subtree Search scope BaseDN: DC=DOMAIN,DC=LAN Authentication containers: CN=Users,DC=domain,DC=lan Extended query: true Query: memberOf=CN=Administrators,CN=Users,DC=domain,DC=lan Bind anonymous: false Bind credentials: firstname.lastname@example.org *password* User naming attribute: sAMAccountName Group naming attribute: cn Group member attribute: memberOf RFC 2307 Groups: false Group Object Class: posixGroup UTF8 Encode: false Username Alterations: false
If save and test my settings i get the following result:
Attempting connection to - addc - OK Attempting bind to - addc - OK Attempting to fetch Organizational Units from - addc - failed
And I'm also unable to use the "Select a container" under "System/User Manager/Authentication Servers/Edit". If try a message in red is displayed at the buttem of the page: "Could not connect to the LDAP server. Please check the LDAP configuration."
I set up the AD Server according to this howto: Link
But I used the command
sudo samba-tool domain provision --use-rfc2307 --interactive
to create the Samba Domain config files. Because, as far as I understand, the "--use-rfc2307" parameter generates POSIX prefixes into the AD configuration and I guessed it is needed for PfSense. In one of my first tries I generated the Samba Domain config with out the "--use-rfc2307" parameter, but I got the same result.
The syslog show entries like this:
Aug 19 09:02:16 php-fpm 17185 /system_authservers.php: ERROR! ldap_get_user_ous() could not bind to server . Aug 19 09:02:28 php-fpm 17185 /system_authservers.php: ERROR! ldap_get_user_ous() could not bind to server . Aug 19 09:02:36 php-fpm 17185 /system_usermanager_settings.php: ERROR! ldap_get_groups() could not bind to server Active Directory Domain Controller. Aug 19 09:02:36 php-fpm 17185 /system_usermanager_settings.php: ERROR! ldap_get_user_ous() could not bind to server Active Directory Domain Controller.
As I already said, Windows 10 and Ubuntu 18.04 don't have problems to bind to the AD server.
I hope someone can help me, because I really don't know to proceed.
m0nKeY last edited by
Is no one able to give advice?