[2.0 RC1 x64] openVPN user auth in Windows Active Directory



  • Hi all, I installed pfSense 2.0 RC1 on a dedicated hardware server. All is working fine, including openVPN for "road warriors" users and squid (in trasparent mode)

    Actually I used the local db users for authenticate in openVPN. I would like use the Active Directory Server installed in my LAN (Windows 2008 R2 x64), but I just don't konw how to configure the server in "System -> User Manager -> Server" form

    I'm totally newbie with LDAP, but I've already tested the LDAP connection using ldp.exe MS tool and it works, I dont know what fields in this form means and how fill it (SEE ATTACHMENT)
    Best goals if I can filter user by usergroups (only "VPNusers" members can connect through VPN, but I can also manually select these users through the wole domain users list)

    any help would be appreciated
    sorry for my bad english.
    feel free to ask for more details.
    ![auth server.JPG](/public/imported_attachments/1/auth server.JPG)
    ![auth server.JPG_thumb](/public/imported_attachments/1/auth server.JPG_thumb)



  • another screen, here you can see that LDAP server is reachable and active. please help me with the configuration of pfsense, tnx.

    where must I set the LDAP admin login? I'm totally confused  ???



  • as usual was a stupid issue  ;D
    my AD server doesn't support anonimous bind, just unchecked anonimous bind option, set AD's admin user and and all is working fine. openVPN clients are using AD account for authenticate in pfsense  :D



  • I am trying to do something similar but I am setting up IAS(Radius) on a W2K3 domain controller.  After you do this you can create a new authentication server on pfSense using the Radius option and use this in your OpenVPN setup.  Look at this page, it is for an older version but if you watch it a couple times you can extract enough info to get going:

    http://files.chi.pfsense.org/mirror/tutorials/cp_config/radius_win2k3.htm

    I have mine working at least up to the point that my pfSense gateway can authenticate with my domain controller but haven't setup the OpenVPN part, still working on the way I want that to work.

    For my testing, after following the above instructions, go to Diagnostics -> Authentication in pfSense, test it here.  Make sure to enable logging in IAS so you can see failed auths.

    I am not sure if pfSense can use LDAP against Active Directory, I believe that you make run into issues with this because the pfSense machine isn't joined to the domain.

    -Jonathan



  • thanks for your help, my pfsense is right working since my last post  ;D

    Now I'm able to use my windows 2008R2 server as authentications server for pfsense, openVPN and squid using a LDAP connection.


Locked