Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Configuring LDAP authentication server with MS-AD/Samba

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 678 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mjsengineer
      last edited by

      I'm trying to configure pfsense to use an authentication server via samba's LDAP server. Oddly sometimes it works and most times it doesn't. When it works, I jot down the settings. 15 minutes later, the same setting do not work. For the life of me I can see the difference between working and failing setup.

      I created a global security group named VPNadmin and I created a user name 'ldap-bind-user' to login for the bind. I also added the 'ldap-bind-user' to the VPNadmin group. These are the "non-working" settings:

      hostname: ADS.internal.external.com
      Port: 636
      Transport: SSL-Encrypted
      Peer certificate Authority: Samba-CA imported from /var/lib/samba/private/tls/ca.pem
      Client Certificate: samba-server-cert imported from /var/lib/samba/private/tls/cert.pem & key.pem
      Protocol Version: 3
      Server Timeout: 25
      Search Scope: Entire Subtree
      base DN: DC=internal,DC=external,DC=com
      Authentication Containers: CN=Users,DC=internal,DC=external,DC=com
      Extend Query: memberof=CN=VPNadmin,CN=Users,DC=internal,DC=external,DC=com
      Bind Credentials:
      user: CN=ldap-bind-user,CN=Users,DC=internal,DC-external,DC=com
      passwd: apassword
      User naming attribute: samAccountName
      Group Naming Attribute: cn
      Group Member Attribute: memberOf

      On occasion I have been able to bind to the LDAP server.
      In those instances it returns the following organizational units:

      OU=Domain Controllers,DC=internal,DC=external,DC=com
      CN=Users.CN=Builtin,DC=internal,DC=external,DC=com
      CN=Users,DC=internal,DC=external,DC=com

      Not sure if this is a pfsense, LDAP or samba issue.

      Any thought would be greatly appreciated.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.