Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [solved] Authentication Servers - LDAP Windows 2008 AD

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 1 Posters 14.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      reiserfs
      last edited by

      Hello everyone,

      I need some help to setup a ldap authentication server on my pfsense.

      This is my scenario, in my network i have a Windows 2008 AD (SRVDCEX01 - 192.168.10.2) working.
      My pfsense run squid using LDAP auth with this configs and everything works

      auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -R -b "dc=rad,dc=local" -D "cn=rad.adm,cn=users,dc=rad,dc=local" -w "PA$$W0RD" -f sAMAccountName=%s -h SRVDCEX01;
      auth_param basic children 15;
      auth_param basic realm CompanyName;
      auth_param basic credentialsttl 120 minutes;

      I have an Openfire server that use ldap auth with this Win 2k8AD too, and works without problem
      Openfire uses that configs:
      Host: 192.168.10.2
      Port: 389
      DN Base: dc="rad",dc="local"
      DN Administrator: cn="rad.adm",cn="users",dc="rad",dc="local"

      Ok now im trying to setup my pfsense auth to work with the ldap too.
      This is the settings im using

      So i save and go to Diagnostics: Authentication
      And test some user

      Got this error:
      The following input errors were detected:

      Authentication failed.

      Got an Warning on the top of pfsense page
      Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /etc/inc/auth.inc on line 1020

      And on System LOG i got this
      Nov 9 21:35:05 php: /diag_authentication.php: ERROR! Could not bind to server AD.

      I have entered in pfsense shell and have tested with ldapsearch command and had success.
      cmd used:
      [2.0-RELEASE][admin@srvfrw-01.rad.local]/root(2): ldapsearch -x -D "cn=rad.adm,cn=users,dc=rad,dc=local" -b "DC=RAD,DC=LOCAL" -W -h "192.168.10.2" "samAccountName=thiago.melo"

      result
      **Enter LDAP Password:

      extended LDIF

      LDAPv3

      base <dc=rad,dc=local>with scope subtree

      filter: samAccountName=thiago.melo

      requesting: ALL

      Thiago Melo, Users, RAD.LOCAL

      dn: CN=Thiago Melo,CN=Users,DC=RAD,DC=LOCAL
      objectClass: top
      objectClass: person
      objectClass: organizationalPerson
      objectClass: user
      cn: Thiago Melo
      sn: Melo
      …
      ...
      ...

      search reference

      ref: ldap://ForestDnsZones.RAD.LOCAL/DC=ForestDnsZones,DC=RAD,DC=LOCAL

      search reference

      ref: ldap://DomainDnsZones.RAD.LOCAL/DC=DomainDnsZones,DC=RAD,DC=LOCAL

      search reference

      ref: ldap://RAD.LOCAL/CN=Configuration,DC=RAD,DC=LOCAL

      search result

      search: 2
      result: 0 Success

      numResponses: 5

      numEntries: 1

      numReferences: 3</dc=rad,dc=local>**

      So i dont know what im doing wrong, i had used the search tool but cant find a solution.
      Help!  :)

      1 Reply Last reply Reply Quote 0
      • R
        reiserfs
        last edited by

        meh found the solution

        on user dn i had put only the username

        the right is to put "cn=rad.adm,cn=users,dc=rad,dc=local"

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.