Configuring LDAP authentication server with MS-AD/Samba
-
I'm trying to configure pfsense to use an authentication server via samba's LDAP server. Oddly sometimes it works and most times it doesn't. When it works, I jot down the settings. 15 minutes later, the same setting do not work. For the life of me I can see the difference between working and failing setup.
I created a global security group named VPNadmin and I created a user name 'ldap-bind-user' to login for the bind. I also added the 'ldap-bind-user' to the VPNadmin group. These are the "non-working" settings:
hostname: ADS.internal.external.com
Port: 636
Transport: SSL-Encrypted
Peer certificate Authority: Samba-CA imported from /var/lib/samba/private/tls/ca.pem
Client Certificate: samba-server-cert imported from /var/lib/samba/private/tls/cert.pem & key.pem
Protocol Version: 3
Server Timeout: 25
Search Scope: Entire Subtree
base DN: DC=internal,DC=external,DC=com
Authentication Containers: CN=Users,DC=internal,DC=external,DC=com
Extend Query: memberof=CN=VPNadmin,CN=Users,DC=internal,DC=external,DC=com
Bind Credentials:
user: CN=ldap-bind-user,CN=Users,DC=internal,DC-external,DC=com
passwd: apassword
User naming attribute: samAccountName
Group Naming Attribute: cn
Group Member Attribute: memberOfOn occasion I have been able to bind to the LDAP server.
In those instances it returns the following organizational units:OU=Domain Controllers,DC=internal,DC=external,DC=com
CN=Users.CN=Builtin,DC=internal,DC=external,DC=com
CN=Users,DC=internal,DC=external,DC=comNot sure if this is a pfsense, LDAP or samba issue.
Any thought would be greatly appreciated.