LDAP-Authentification with Samba-ADCs
-
On a pfSense-24.03 we have 2 Authentication Servers configured:
they should talk to 2 Samba-AD-Domain-Controllers, and are used for authenticating openvpn-users.
I set up the auth servers to use SSL/TLS on port 636, with authenticated bind.
This has worked for a long time. Right now I have to replace the CA and cert of one DC "ADC1" as it is expiring in a few weeks.
I imported the new ca.pem in "Authorities" and assigned it in the auth-server-config.
even more detailled:
I copied the old ADC1-config, renamed it to ADC1-2024, and made the adjustment of the CA there. And then reconfigured the ovpn-server to use ADC1-2024 instead of ADC1-2023 ...
What is strange now:
- the authentication test with ADC2 (untouched config) works
- it doesn't work with ADC1
- when I open the config of both servers and "test" the bind by clicking "choose container" (or similar, in my case it's displayed in german) both servers fail to display the containers
- I restarted the WebGUI and php-fpm several times, I remember there was some PHP-related issue back then
Now I have the OpenVPN-server running with one working auth server only. OK for now, but I'd like to get the redundancy up again soon.
pls advise
-
SOLVED:
a very basic issue, non-related to pfsense etc
The Lastpass-Chrome-extension always substituted my username into the field for the bind-user in the auth-server-config. And that could not work.
Now with tests on the shell I figured that out and replaced it with a correct bind-user. Things work now!
sry for the noise