ActiveDirectory Authentication not working as expected

General pfSense Questions
Log in to reply
  • L

    Hi,
    I configured our domain controller as an authentication server in pfsense, so that users can use their domain login for VPN authentication. For this, I configured an AD group "VPN-Users": every member of this group is allowed to establish a VPN connection.

    This works perfect - but only as long as the user's AD account is in the same OU as the "VPN-Users" group. In other words: if I put the user's account in a subordinate OU, pfsense will throw an "authentication error".

    Any ideas on this? In theory, pfsense shouldn't bother about where the user account is located, as long as it is a member of the security group, no?

    0
  • stephenw10
    Netgate Administrator

    It depends what your query is I would say. We are going to need to see you settings to tell you more.

    Steve

    0
  • L

    Hi Steve,
    while collecting the information for my reply, I think I found the relevant point:
    Search scope level was set to "one level". Setting it to "entire subtree" seems to fix the problem.

    Thanks!

    1

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy