Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    [2.0 RC1 x64] openVPN user auth in Windows Active Directory

    OpenVPN
    2
    5
    5136
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dannyb78 last edited by

      Hi all, I installed pfSense 2.0 RC1 on a dedicated hardware server. All is working fine, including openVPN for "road warriors" users and squid (in trasparent mode)

      Actually I used the local db users for authenticate in openVPN. I would like use the Active Directory Server installed in my LAN (Windows 2008 R2 x64), but I just don't konw how to configure the server in "System -> User Manager -> Server" form

      I'm totally newbie with LDAP, but I've already tested the LDAP connection using ldp.exe MS tool and it works, I dont know what fields in this form means and how fill it (SEE ATTACHMENT)
      Best goals if I can filter user by usergroups (only "VPNusers" members can connect through VPN, but I can also manually select these users through the wole domain users list)

      any help would be appreciated
      sorry for my bad english.
      feel free to ask for more details.
      ![auth server.JPG](/public/imported_attachments/1/auth server.JPG)
      ![auth server.JPG_thumb](/public/imported_attachments/1/auth server.JPG_thumb)

      1 Reply Last reply Reply Quote 0
      • D
        dannyb78 last edited by

        another screen, here you can see that LDAP server is reachable and active. please help me with the configuration of pfsense, tnx.

        where must I set the LDAP admin login? I'm totally confused  ???

        1 Reply Last reply Reply Quote 0
        • D
          dannyb78 last edited by

          as usual was a stupid issue  ;D
          my AD server doesn't support anonimous bind, just unchecked anonimous bind option, set AD's admin user and and all is working fine. openVPN clients are using AD account for authenticate in pfsense  :D

          1 Reply Last reply Reply Quote 0
          • T
            taylorjonl last edited by

            I am trying to do something similar but I am setting up IAS(Radius) on a W2K3 domain controller.  After you do this you can create a new authentication server on pfSense using the Radius option and use this in your OpenVPN setup.  Look at this page, it is for an older version but if you watch it a couple times you can extract enough info to get going:

            http://files.chi.pfsense.org/mirror/tutorials/cp_config/radius_win2k3.htm

            I have mine working at least up to the point that my pfSense gateway can authenticate with my domain controller but haven't setup the OpenVPN part, still working on the way I want that to work.

            For my testing, after following the above instructions, go to Diagnostics -> Authentication in pfSense, test it here.  Make sure to enable logging in IAS so you can see failed auths.

            I am not sure if pfSense can use LDAP against Active Directory, I believe that you make run into issues with this because the pfSense machine isn't joined to the domain.

            -Jonathan

            1 Reply Last reply Reply Quote 0
            • D
              dannyb78 last edited by

              thanks for your help, my pfsense is right working since my last post  ;D

              Now I'm able to use my windows 2008R2 server as authentications server for pfsense, openVPN and squid using a LDAP connection.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post