ActiveDirectory Authentication not working as expected



  • Hi,
    I configured our domain controller as an authentication server in pfsense, so that users can use their domain login for VPN authentication. For this, I configured an AD group "VPN-Users": every member of this group is allowed to establish a VPN connection.

    This works perfect - but only as long as the user's AD account is in the same OU as the "VPN-Users" group. In other words: if I put the user's account in a subordinate OU, pfsense will throw an "authentication error".

    Any ideas on this? In theory, pfsense shouldn't bother about where the user account is located, as long as it is a member of the security group, no?


  • Netgate Administrator

    It depends what your query is I would say. We are going to need to see you settings to tell you more.

    Steve



  • Hi Steve,
    while collecting the information for my reply, I think I found the relevant point:
    Search scope level was set to "one level". Setting it to "entire subtree" seems to fix the problem.

    Thanks!


Log in to reply