[solved] Authentication Servers - LDAP Windows 2008 AD



  • Hello everyone,

    I need some help to setup a ldap authentication server on my pfsense.

    This is my scenario, in my network i have a Windows 2008 AD (SRVDCEX01 - 192.168.10.2) working.
    My pfsense run squid using LDAP auth with this configs and everything works

    auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -R -b "dc=rad,dc=local" -D "cn=rad.adm,cn=users,dc=rad,dc=local" -w "PA$$W0RD" -f sAMAccountName=%s -h SRVDCEX01;
    auth_param basic children 15;
    auth_param basic realm CompanyName;
    auth_param basic credentialsttl 120 minutes;

    I have an Openfire server that use ldap auth with this Win 2k8AD too, and works without problem
    Openfire uses that configs:
    Host: 192.168.10.2
    Port: 389
    DN Base: dc="rad",dc="local"
    DN Administrator: cn="rad.adm",cn="users",dc="rad",dc="local"

    Ok now im trying to setup my pfsense auth to work with the ldap too.
    This is the settings im using

    So i save and go to Diagnostics: Authentication
    And test some user

    Got this error:
    The following input errors were detected:

    Authentication failed.

    Got an Warning on the top of pfsense page
    Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /etc/inc/auth.inc on line 1020

    And on System LOG i got this
    Nov 9 21:35:05 php: /diag_authentication.php: ERROR! Could not bind to server AD.

    I have entered in pfsense shell and have tested with ldapsearch command and had success.
    cmd used:
    [2.0-RELEASE][admin@srvfrw-01.rad.local]/root(2): ldapsearch -x -D "cn=rad.adm,cn=users,dc=rad,dc=local" -b "DC=RAD,DC=LOCAL" -W -h "192.168.10.2" "samAccountName=thiago.melo"

    result
    **Enter LDAP Password:

    extended LDIF

    LDAPv3

    base <dc=rad,dc=local>with scope subtree

    filter: samAccountName=thiago.melo

    requesting: ALL

    Thiago Melo, Users, RAD.LOCAL

    dn: CN=Thiago Melo,CN=Users,DC=RAD,DC=LOCAL
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: user
    cn: Thiago Melo
    sn: Melo

    ...
    ...

    search reference

    ref: ldap://ForestDnsZones.RAD.LOCAL/DC=ForestDnsZones,DC=RAD,DC=LOCAL

    search reference

    ref: ldap://DomainDnsZones.RAD.LOCAL/DC=DomainDnsZones,DC=RAD,DC=LOCAL

    search reference

    ref: ldap://RAD.LOCAL/CN=Configuration,DC=RAD,DC=LOCAL

    search result

    search: 2
    result: 0 Success

    numResponses: 5

    numEntries: 1

    numReferences: 3</dc=rad,dc=local>**

    So i dont know what im doing wrong, i had used the search tool but cant find a solution.
    Help!  :)



  • meh found the solution

    on user dn i had put only the username

    the right is to put "cn=rad.adm,cn=users,dc=rad,dc=local"


Locked