Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ActiveDirectory Authentication not working as expected

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 243 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      luas
      last edited by

      Hi,
      I configured our domain controller as an authentication server in pfsense, so that users can use their domain login for VPN authentication. For this, I configured an AD group "VPN-Users": every member of this group is allowed to establish a VPN connection.

      This works perfect - but only as long as the user's AD account is in the same OU as the "VPN-Users" group. In other words: if I put the user's account in a subordinate OU, pfsense will throw an "authentication error".

      Any ideas on this? In theory, pfsense shouldn't bother about where the user account is located, as long as it is a member of the security group, no?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        It depends what your query is I would say. We are going to need to see you settings to tell you more.

        Steve

        1 Reply Last reply Reply Quote 0
        • L
          luas
          last edited by

          Hi Steve,
          while collecting the information for my reply, I think I found the relevant point:
          Search scope level was set to "one level". Setting it to "entire subtree" seems to fix the problem.

          Thanks!

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.