4. ActiveDirectory Authentication not working as expected

ActiveDirectory Authentication not working as expected

  • L

    Hi,
    I configured our domain controller as an authentication server in pfsense, so that users can use their domain login for VPN authentication. For this, I configured an AD group "VPN-Users": every member of this group is allowed to establish a VPN connection.

    This works perfect - but only as long as the user's AD account is in the same OU as the "VPN-Users" group. In other words: if I put the user's account in a subordinate OU, pfsense will throw an "authentication error".

    Any ideas on this? In theory, pfsense shouldn't bother about where the user account is located, as long as it is a member of the security group, no?

    0
  • Netgate Administrator

    It depends what your query is I would say. We are going to need to see you settings to tell you more.

    Steve

    0
  • L

    Hi Steve,
    while collecting the information for my reply, I think I found the relevant point:
    Search scope level was set to "one level". Setting it to "entire subtree" seems to fix the problem.

    Thanks!

    1
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy