<![CDATA[Upgrade to 21.02 -> Client Cert on LDAP server no Longer Accepted]]>I have two authentication servers configured. Both use the same CA which was generated by Samba4. Both are using SSL/TLS Encrypted transport.

One server has nothing defined for the "client certificate" and the other has a certificate which was imported from Samba.

Pre-upgrade, both configurations worked. Post-upgrade, the configuration with the Samba generated cert can no longer authenticate.

When connecting via OpenVPN, the now non-working configuration logs the following:

2021-02-19 09:04:43 AUTH: Received control message: AUTH_FAILED
2021-02-19 09:04:44 SIGUSR1[soft,auth-failure] received, process restarting
2021-02-19 09:04:53 ERROR: could not read Auth username/password/ok/string from management interface
2021-02-19 09:04:53 Exiting due to fatal error

Has anyone seen anything similar?

]]>https://forum.netgate.com/topic/161087/upgrade-to-21-02-client-cert-on-ldap-server-no-longer-acceptedRSS for NodeSun, 15 Mar 2026 14:15:10 GMTFri, 19 Feb 2021 14:30:50 GMT60<![CDATA[Reply to Upgrade to 21.02 -> Client Cert on LDAP server no Longer Accepted on Mon, 19 Apr 2021 07:48:51 GMT]]>@airwave said in Upgrade to 21.02 -> Client Cert on LDAP server no Longer Accepted:

I updated to 2.5.1 AND now it works and a connection is established and traffic is been delivered, but ONLY ONCE after openvpn service start.
When I then disconnect and reconnect, again I get a connection, but the communication / traffic (ping etc.) is not working. Only in the first connection traffic works. When I restart the openvpn service then, its again working once...

Hi all,

I tested a bit deeper and found out, that the attribute "explicit-exit-notify" in the openvpn client configuration seems to remove my issue with "no communication on reconnect".

So then I guess this problem is fixed with 2.5.1 and explicit-exit-notify.

Cheers

]]>https://forum.netgate.com/post/978621https://forum.netgate.com/post/978621Mon, 19 Apr 2021 07:48:51 GMT<![CDATA[Reply to Upgrade to 21.02 -> Client Cert on LDAP server no Longer Accepted on Sun, 18 Apr 2021 19:46:15 GMT]]>Hello,

anyone has an idea so far with that issue, workaround etc.?

I updated to 2.5.1 AND now it works and a connection is established and traffic is been delivered, but ONLY ONCE after openvpn service start.
When I then disconnect and reconnect, again I get a connection, but the communication / traffic (ping etc.) is not working. Only in the first connection traffic works. When I restart the openvpn service then, its again working once...

Anyone could help, guide?

Thanks in advance.

Cheers

]]>https://forum.netgate.com/post/978542https://forum.netgate.com/post/978542Sun, 18 Apr 2021 19:46:15 GMT<![CDATA[Reply to Upgrade to 21.02 -> Client Cert on LDAP server no Longer Accepted on Mon, 22 Feb 2021 00:06:07 GMT]]>Hi,

same issue here after updating pfsense to 2.5.0-RELEASE from before 2.4.5-RELEASE-p1 but with Authentication Servers --> Local Database.
Found out, when you try the same connection and put in user admin credentials, it works perfectly.
So maybe the certificates could not be the issue?

Thanks

]]>https://forum.netgate.com/post/966469https://forum.netgate.com/post/966469Mon, 22 Feb 2021 00:06:07 GMT