Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    LDAP Authentication Servers with Peer Certificate Authority not working properly

    General pfSense Questions
    3
    5
    55
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      abockhold last edited by

      Hello everybody,

      I've got a really weird problem configuring two distinct LDAP Authentication Servers. I imported both CAs (just certificates, no keys) into the Certificate Manager setting different names, configured both LDAP Authentication Servers and set the imported CAs respectively.

      Now in one moment this configuration works (both logging in via VPN which is what I use them for and clicking on the button "Select a container") and in the next moment the configuration does not work anymore (login via VPN not possible, red error message "Could not connect to the LDAP server. Please check the LDAP configuration." on the bottom). A moment later maybe one server does work again, later not anymore. This changes at random whenever I save the (unchanged) configuration.

      As the whole configuration does work when I switch both back to no SSL this seems to be a problem with the webConfigurator? Does somebody have a hint where I could look for the problem or a log file?

      Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • stephenw10
        stephenw10 Netgate Administrator last edited by

        Seems unlikely to be a problem with the webgui directly since it also affects the VPN login which is all backend.

        Do you see any errors logged?

        Does the config file itself change between working and not working?

        I assume you've checked this:
        https://docs.netgate.com/pfsense/en/latest/usermanager/ldap-troubleshooting.html

        Steve

        1 Reply Last reply Reply Quote 0
        • A
          abockhold last edited by

          Hi Stephen,

          thanks a lot for your answer!

          Before starting checking your hints I rebooted the VM for good measure. And whatever it did, for now the problem does not reoccur. I can try the blue button as much as I want with SSL enabled, it works all the time... On the one hand this is great, on the other I would have liked to find the error.

          Where would the error logging be? I had had a look in System -> General and found nothing.

          Which config file is touched here?

          I had a look at the documentation you mentioned, unfortunately I cannot apply the patch because I get "5 out of 5 hunks failed while patching etc/inc/auth.inc" and "1 out of 1 hunks failed while patching etc/inc/system.inc".

          Regards!

          1 Reply Last reply Reply Quote 0
          • stephenw10
            stephenw10 Netgate Administrator last edited by

            You mean that patch for debugging in 2.1? That will only apply to ancient versions. You shouldn't need it in current.

            Steve

            1 Reply Last reply Reply Quote 1
            • jimp
              jimp Rebel Alliance Developer Netgate last edited by

              After you make any change to LDAP SSL settings, run 16 and 11 from the console menu (ssh or physical console). Then test things again.

              PHP gets weird sometimes when populating the environment variables needed for LDAP to work.

              Unfortunately the PHP settings to configure LDAP directly don't work.

              On 2.5.0 you could have both CAs added to the trust store for the OS which would also likely solve it.

              1 Reply Last reply Reply Quote 2
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense Plus
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy