[solved] Authentication Servers - LDAP Windows 2008 AD
-
Hello everyone,
I need some help to setup a ldap authentication server on my pfsense.
This is my scenario, in my network i have a Windows 2008 AD (SRVDCEX01 - 192.168.10.2) working.
My pfsense run squid using LDAP auth with this configs and everything worksauth_param basic program /usr/local/libexec/squid/squid_ldap_auth -R -b "dc=rad,dc=local" -D "cn=rad.adm,cn=users,dc=rad,dc=local" -w "PA$$W0RD" -f sAMAccountName=%s -h SRVDCEX01;
auth_param basic children 15;
auth_param basic realm CompanyName;
auth_param basic credentialsttl 120 minutes;I have an Openfire server that use ldap auth with this Win 2k8AD too, and works without problem
Openfire uses that configs:
Host: 192.168.10.2
Port: 389
DN Base: dc="rad",dc="local"
DN Administrator: cn="rad.adm",cn="users",dc="rad",dc="local"Ok now im trying to setup my pfsense auth to work with the ldap too.
This is the settings im using
So i save and go to Diagnostics: Authentication
And test some userGot this error:
The following input errors were detected:Authentication failed.
Got an Warning on the top of pfsense page
Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /etc/inc/auth.inc on line 1020And on System LOG i got this
Nov 9 21:35:05 php: /diag_authentication.php: ERROR! Could not bind to server AD.I have entered in pfsense shell and have tested with ldapsearch command and had success.
cmd used:
[2.0-RELEASE][admin@srvfrw-01.rad.local]/root(2): ldapsearch -x -D "cn=rad.adm,cn=users,dc=rad,dc=local" -b "DC=RAD,DC=LOCAL" -W -h "192.168.10.2" "samAccountName=thiago.melo"result
**Enter LDAP Password:extended LDIF
LDAPv3
base <dc=rad,dc=local>with scope subtree
filter: samAccountName=thiago.melo
requesting: ALL
Thiago Melo, Users, RAD.LOCAL
dn: CN=Thiago Melo,CN=Users,DC=RAD,DC=LOCAL
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Thiago Melo
sn: Melo
…
...
...search reference
ref: ldap://ForestDnsZones.RAD.LOCAL/DC=ForestDnsZones,DC=RAD,DC=LOCAL
search reference
ref: ldap://DomainDnsZones.RAD.LOCAL/DC=DomainDnsZones,DC=RAD,DC=LOCAL
search reference
ref: ldap://RAD.LOCAL/CN=Configuration,DC=RAD,DC=LOCAL
search result
search: 2
result: 0 SuccessnumResponses: 5
numEntries: 1
numReferences: 3</dc=rad,dc=local>**
So i dont know what im doing wrong, i had used the search tool but cant find a solution.
Help! :) -
meh found the solution
on user dn i had put only the username
the right is to put "cn=rad.adm,cn=users,dc=rad,dc=local"