Pfsense LDAPS binding issue with V4.2.5 amazon
-
Despite of entering all right parameters
Type : LDAP
hostname - serverhostname.mydomain.intra
Port - 636
Transport - SSL Encrypted
Peer Authority - Custom CA
Client Certificate - manually created on Custom CA
protocol v - 3
Server timeout - 25
Search type - Level - Entire subtree
Search type - Base DN - mydomain.intra
Authentication container = (popultes automatically for LDAP but not for LDAPS)
OU=customeUSerOU,DC=mydomain,DC=intra;OU=domainAdmins,DC=mydomain,DC=intra
Extended query - unchecked
Bind anonymous - Unchecked
Bind Credentials - Interred from AD correctly (binding Tested working with ldp.exe app in AD)
User naming attribute - samAccountName
Group naming attribute -cn
Group member attribute - memberOf
RFC 2307 Groups - unchecked
Group Object Class -posixGroup
UTF8 Encode - unchecked
Username Alterations - uncheckedWhen test we get following error in system logs
Jun 9 16:26:32 php-fpm: /system_usermanager.php: ERROR! ldap_get_groups() could not bind to server Active Directory.
&
Jun 9 14:40:18 php-fpm[338]: /system_authservers.php: ERROR! ldap_get_user_ous() could not bind to server .Refferred to https://redmine.pfsense.org/issues/9433. though patch is for older version given it a shot patch does not work with following error
Patch can NOT be applied cleanly (detail)
Patch can NOT be reverted cleanly (detail)detail shows following output
/usr/bin/patch --directory=/ -t -p2 -i /var/patches/5edf27817cc72.patch --check --forwardHmm... Looks like a unified diff to me...
The text leading up to this was:|From 996a1ad90e5682bf881bafd8b75d1b1a7e3f7831 Mon Sep 17 00:00:00 2001
|From: jim-p
|Date: Thu, 21 Mar 2019 15:17:08 -0400
|Subject: [PATCH] LDAP TLS option update. Implements #9417
|
|---
| src/etc/inc/auth.inc | 62 +++++++++++++++++++++-----------------------
| 1 file changed, 30 insertions(+), 32 deletions(-)
|
|diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc
|index 0ba3a5d8408..d8620b80fe3 100644
|--- a/src/etc/inc/auth.inc+++ b/src/etc/inc/auth.inc Patching file etc/inc/auth.inc using Plan A... Hunk #1 succeeded at 982 (offset 23 lines). Hunk #2 failed at 993. Hunk #3 succeeded at 1017 (offset 22 lines). Hunk #4 succeeded at 1067 (offset 23 lines). Hunk #5 succeeded at 1077 (offset 22 lines). Hunk #6 succeeded at 1155 (offset 23 lines). Hunk #7 succeeded at 1165 (offset 22 lines). Hunk #8 succeeded at 1300 (offset 23 lines). Hunk #9 succeeded at 1310 (offset 22 lines). Hunk #10 succeeded at 1453 (offset 23 lines). 1 out of 10 hunks failed while patching etc/inc/auth.inc done Where Hunk #2 failed at 993
Checked binding with credentials on ldp.exe and works perfectly well.
Port 636 is open from pfsense to AD and able to run port test successfully
dnsresolution to mydomain.intra resolves IP of AD properly.Unable to get what can be the issue. Please help.
-
@awebster i've seen you help https://forum.netgate.com/topic/145578/ldaps-ad-bind/19.
Can you please point me in direction where i need to troubleshoot this issue?