• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Load Balancing LDAP for pfsense Authentication

Scheduled Pinned Locked Moved General pfSense Questions
5 Posts 2 Posters 769 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    guyp
    last edited by May 9, 2019, 10:51 AM

    I'm running a new number of LDAP severs which I've put behind pfsense load balancing. All systems inside the network are able to correctly reach the load balancer and thus authenticate to anyone of the LDAP servers.

    However, I'm trying to do the same with pfSense's authentication. However when I select the VIP of the load balancer in the settings, it's not able to reach anything. If I specify a specific LDAP server then all is well.

    Has anyone tried to use pfsense to load balancer for a service it's using?

    From the CLI of pfsense I'm not able to tenet to ldap VIP port 389. I'm guessing I need to add some specific NAT rules to force the traffic, which I did for internal systems.

    Any ideas?

    1 Reply Last reply Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by May 13, 2019, 10:42 PM

      What sort of load-balancing is it? Does that VIP respond to pfSense in any other way?

      Steve

      1 Reply Last reply Reply Quote 0
      • G
        guyp
        last edited by May 31, 2019, 9:37 AM

        I was using the load balancer Application built into pfsense.. I've now swapped to HAProxy inside pfsense which is working perfectly.

        1 Reply Last reply Reply Quote 0
        • S
          stephenw10 Netgate Administrator
          last edited by May 31, 2019, 1:54 PM

          Ah, OK! Yes HAProxy will work there as it's a true proxy. relayd is basically a dynamic port forward so you run into the same routing issues you would with a normal port forward when sourcing from the firewall itself.
          Better to be on HAProxy anyway as Relayd will very likely be removed in 2.5.

          Steve

          1 Reply Last reply Reply Quote 0
          • G
            guyp
            last edited by May 31, 2019, 1:56 PM

            Yes indeed... very impressed with HAProxy in pfsense..
            My only slight complaint, is that I would like to use a port alias to simplify my configurations but it seems HAProxy doesn't currently support that.

            So for a web site hosting 80 and 443 connections I need to duplicate everything once for port 80 and once for port 443.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              [[user:consent.lead]]
              [[user:consent.not_received]]