ActiveDirectory Authentication not working as expected
I configured our domain controller as an authentication server in pfsense, so that users can use their domain login for VPN authentication. For this, I configured an AD group "VPN-Users": every member of this group is allowed to establish a VPN connection.
This works perfect - but only as long as the user's AD account is in the same OU as the "VPN-Users" group. In other words: if I put the user's account in a subordinate OU, pfsense will throw an "authentication error".
Any ideas on this? In theory, pfsense shouldn't bother about where the user account is located, as long as it is a member of the security group, no?
It depends what your query is I would say. We are going to need to see you settings to tell you more.
while collecting the information for my reply, I think I found the relevant point:
Search scope level was set to "one level". Setting it to "entire subtree" seems to fix the problem.