• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Using primaryGroupID as group member attribute

Scheduled Pinned Locked Moved General pfSense Questions
1 Posts 1 Posters 227 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    theo96
    last edited by Jul 1, 2020, 7:31 AM

    TL;DR: Why can I not use "primaryGroupID" as "group member attribute"?

    In my AD (Win 2019) I have defined a set of admin users. The admins can be members of either group_a or group_b. Some of those admins have their primary group set as group_a or group_b.

    I.e. the structure might look something like this

    • domain . com
      • Admins
        • User1
        • User2
        • ...
    • Groups
      • group_a
      • group_b
      • ...

    User1 is a member of "Domain Users" and "group_a". User2 has the same membership as User1. The difference between User1 and User2 is that User1 has its primary group set as group_a while User2 has its primary group set as Domain Users.

    According to this link (https://ldapwiki.com/wiki/MemberOf) I cannot use the "memberOf" attribute to find out the primary group of a user authenticating towards pfSense.

    I only want users that has their primary group set to either group_a or group_b to have local access rights to the pfSense firewall.

    So I figured that in the pfsense web gui (User manager - authentication servers), I would use "primaryGroupID" as the "group member attribute". I have created user groups locally on pfsense that are named the same as the group's ID's (in my case, 1013 and 1014 for group_a and group_b respectively).

    Having done this, whenever i use Diagnostics - Authentication, the group membership is not displayed (i.e. User1 and User2 can be authenticated but are not members of any group(s)).

    What am I missing? Please note: Changing the primary group back to the default "Domain users" is not an option.

    I'm using pfSense 2.3.4

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received