4. [solved] Authentication Servers - LDAP Windows 2008 AD

[solved] Authentication Servers - LDAP Windows 2008 AD

  • R

    Hello everyone,

    I need some help to setup a ldap authentication server on my pfsense.

    This is my scenario, in my network i have a Windows 2008 AD (SRVDCEX01 - 192.168.10.2) working.
    My pfsense run squid using LDAP auth with this configs and everything works

    auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -R -b "dc=rad,dc=local" -D "cn=rad.adm,cn=users,dc=rad,dc=local" -w "PA$$W0RD" -f sAMAccountName=%s -h SRVDCEX01;
    auth_param basic children 15;
    auth_param basic realm CompanyName;
    auth_param basic credentialsttl 120 minutes;

    I have an Openfire server that use ldap auth with this Win 2k8AD too, and works without problem
    Openfire uses that configs:
    Host: 192.168.10.2
    Port: 389
    DN Base: dc="rad",dc="local"
    DN Administrator: cn="rad.adm",cn="users",dc="rad",dc="local"

    Ok now im trying to setup my pfsense auth to work with the ldap too.
    This is the settings im using

    So i save and go to Diagnostics: Authentication
    And test some user

    Got this error:
    The following input errors were detected:

    Authentication failed.

    Got an Warning on the top of pfsense page
    Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /etc/inc/auth.inc on line 1020

    And on System LOG i got this
    Nov 9 21:35:05 php: /diag_authentication.php: ERROR! Could not bind to server AD.

    I have entered in pfsense shell and have tested with ldapsearch command and had success.
    cmd used:
    [2.0-RELEASE][admin@srvfrw-01.rad.local]/root(2): ldapsearch -x -D "cn=rad.adm,cn=users,dc=rad,dc=local" -b "DC=RAD,DC=LOCAL" -W -h "192.168.10.2" "samAccountName=thiago.melo"

    result
    **Enter LDAP Password:

    extended LDIF

    LDAPv3

    base <dc=rad,dc=local>with scope subtree

    filter: samAccountName=thiago.melo

    requesting: ALL

    Thiago Melo, Users, RAD.LOCAL

    dn: CN=Thiago Melo,CN=Users,DC=RAD,DC=LOCAL
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: user
    cn: Thiago Melo
    sn: Melo

    ...
    ...

    search reference

    ref: ldap://ForestDnsZones.RAD.LOCAL/DC=ForestDnsZones,DC=RAD,DC=LOCAL

    search reference

    ref: ldap://DomainDnsZones.RAD.LOCAL/DC=DomainDnsZones,DC=RAD,DC=LOCAL

    search reference

    ref: ldap://RAD.LOCAL/CN=Configuration,DC=RAD,DC=LOCAL

    search result

    search: 2
    result: 0 Success

    numResponses: 5

    numEntries: 1

    numReferences: 3</dc=rad,dc=local>**

    So i dont know what im doing wrong, i had used the search tool but cant find a solution.
    Help!  :)

    0
  • R

    meh found the solution

    on user dn i had put only the username

    the right is to put "cn=rad.adm,cn=users,dc=rad,dc=local"

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy