PfSense 2.0 and LDAP / AD Authentication - Group Membership

TomBodet

I know I'm probably missing the obvious but it's Friday and it escapes me.

Looking at the server setup for LDAP, I've got authentication working with my AD server specifying the Auth container of the users OU.

What I'm lost on is if there is a way to specify only users in a specific AD group (admins) that are allowed to log into the GUI.  I've tried specifying the DN of a specific user and the DN to the admin group with no luck.

The AD structure is:
ou=users,dc=example,dc=com
ou=localgroups,dc=example,dc=com

so user:
cn=test admin,ou=users,dc=example,dc=com

is a memberOf
cn=admins,ou=localgroups,dc=example,dc=com

But the login is against the sAMAccountName which is test.admin.

Thanks.

ETA: The "select" button next to Authentication Containers doesn't appear to be doing anything.  I'm not getting a script error in the browser.  I've tried it in Chrome and FF 3.6.

vito

I am not 100% sure if group look up is supported yet.
http://redmine.pfsense.org/issues/1009

This was for Openvpn, not sure if the same code is used for auth to pfsense.

TomBodet

@vito:

I am not 100% sure if group look up is supported yet.
http://redmine.pfsense.org/issues/1009

This was for Openvpn, not sure if the same code is used for auth to pfsense.

I missed that one.  I'm betting it's the same as you still define the ovpn auth server the same way and then point to that entry.  I'll look at the auth file he attached, maybe I can mod it for now.

Thx vito.

vito

no problem,
I am going to take a look at this again also since i did not notice the newer files in the ticket.
worth testing..

vito

Just checking…
Did you ever get this working?
Not having any luck here with the new files.
appears to fail getting groups from AD.