PFSense, Active Directory and SSH

broyuken

Hi all,

I have pfsense community edition installed on an old check point firewall.

2.6.0-RELEASE (amd64)
built on Mon Jan 31 19:57:53 UTC 2022
FreeBSD 12.3-STABLE

Everything seems to be going fine, I have AD integrated for a group to delegate admin rights, and that works for logging into the webui. However it is not working for SSH access.

I have the shell authentication group dn set for the same group I use to access the webui
CN=PFSense-Admins,CN=Users,DC=xxxxxxxxxxx,DC=com

and I have the check box for Use Authentication Server for Shell Authentication checked under user management settings.

When I try to log in, I get the following in my logs.

Jun 16 13:41:29 	sshd 	48006 	Connection closed by invalid user pfsenseadminuser 10.0.86.149 port 61127 [preauth]
Jun 16 13:41:28 	sshd 	48006 	Postponed keyboard-interactive for invalid user pfsenseadminuser from 10.0.86.149 port 61127 ssh2 [preauth]
Jun 16 13:41:28 	sshd 	48006 	Failed keyboard-interactive/pam for invalid user pfsenseadminuser from 10.0.86.149 port 61127 ssh2
Jun 16 13:41:28 	sshd 	48006 	error: PAM: Authentication error for illegal user pfsenseadminuser from 10.0.86.149
Jun 16 13:41:28 	sshd 	48441 	pam_ldap: error trying to bind as user "CN=My Name Admin,CN=Users,DC=xxxxxxxxxxx,DC=com" (Invalid credentials)
Jun 16 13:41:23 	sshd 	48006 	Postponed keyboard-interactive for invalid user pfsenseadminuser from 10.0.86.149 port 61127 ssh2 [preauth]
Jun 16 13:41:23 	sshd 	48006 	Failed keyboard-interactive/pam for invalid user pfsenseadminuser from 10.0.86.149 port 61127 ssh2
Jun 16 13:41:23 	sshd 	48006 	error: PAM: Authentication error for illegal user pfsenseadminuser from 10.0.86.149
Jun 16 13:41:23 	sshd 	48387 	pam_ldap: error trying to bind as user "CN=My Name Admin,CN=Users,DC=xxxxxxxxxxx,DC=com" (Invalid credentials)
Jun 16 13:41:23 	sshd 	48006 	Postponed keyboard-interactive for invalid user pfsenseadminuser from 10.0.86.149 port 61127 ssh2 [preauth]
Jun 16 13:41:23 	sshd 	48006 	Invalid user pfsenseadminuser from 10.0.86.149 port 61127 

Logs and settings edited to remove my AD info. Anyone have any idea what I could be missing?