Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Newbie, 2.0 RC2 7/6/2011 Build - LDAP/Active Directory Setup

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    3 Posts 2 Posters 7.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H Offline
      HarvUK
      last edited by

      Hi,

      I'm in the process of moving our firewall from SmoothWall to PFsense, have been playing abotu with PF and love it, however, I'm tearing my hair our in setting up the openvpn / active directory authentication.

      Machine
      HP DL360 G3, 2gb Ram, 4 NIC ports

      Network config :-

      LAN
      PFSense 192.168.16.190/24 static
      SBS2008R2 Server 192.168.16.3
      All clients assigned IP addresses by the SBS DHCP server
      SBS Domain DMS.local

      WAN
      Both wan ports disabled for now

      DNS Server
      DNS Server set to 192.168.16.3 (the SBS server - this is the way SW is configured, and that works)

      Pfsense Name
      Hostname: Firewall
      Domain:DMS.local

      I can Ping the SBS box perfectly, so that appears fine, and if I enable the WAN ports, I can connect to the internet and update the PFsense build etc.

      Everything else is completely as per a clean install - I thought one of the packages I had installed might be messing things up, so did another clean install.

      The problem I have is in the configuration of the AD authentication.. under user manager > servers

      It seems that no matter what settings I enter, I get the message :-

      "Could not connect to the LDAP server. Please check your LDAP configuration."

      I'll attach a screenshot of the config in case the error is there.

      I've installed jXplorer on my desktop machine to try the AD authentication,and that seems to work fine.

      Could anyone give me a helping hand please?

      Many thanks in advance.

      Harv

      FirewallLDAP.png
      FirewallLDAP.png_thumb

      1 Reply Last reply Reply Quote 0
      • H Offline
        HarvUK
        last edited by

        Thought I would update this in case anyone else is going through the same pain!

        As a test, I went to system > user manager > settings

        Then selected my AD server, and clicked save and test. The first 2 tests passed, but it failed on the 3rd. This would appear to indicate an authentication problem, so after a couple more hours messing about with the settings for LDAP I came up with a set that works!

        I'll post here.. hopefully it will be of use to someone.

        Note that LDAP Auth is the first name and last name of a user created to allow ad authentication without rights anywhere else.

        Image attached.

        ![LDAP AD 2.png](/public/imported_attachments/1/LDAP AD 2.png)
        ![LDAP AD 2.png_thumb](/public/imported_attachments/1/LDAP AD 2.png_thumb)

        1 Reply Last reply Reply Quote 0
        • N Offline
          nedm
          last edited by

          I seem to be going through a similar problem – I get the same "Could not connect to the LDAP server. Please check your LDAP configuration." message -- see my post at http://forum.pfsense.org/index.php/topic,38257.0.html
          When I run the test, it does connect and bring up some OUs and objects for me, as described in the link, but I'm stuck at either allowing all users in the domain to log in (by manually adding CN=Users to the Authentication containers) or none, as any other group I enter doesn't seem to work.

          I note that you're trying to authenticate against an SBS – while I'm using a Windows 2003 standard server, the domain itself was created on an SBS 2000 server many moons ago but has since been migrated to non-SBS DCs.

          I wonder if the issue is the AD/OU structure created by SBS being slightly different than a non-SBS-created AD, which the LDAP connector in pfSense in its current form doesn't know how to traverse properly.

          UPDATE: See my post linked above for a workaround for filtering by group.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.