Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense 2.0 and LDAP / AD Authentication - Group Membership

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 7.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TomBodet
      last edited by

      I know I'm probably missing the obvious but it's Friday and it escapes me.

      Looking at the server setup for LDAP, I've got authentication working with my AD server specifying the Auth container of the users OU.

      What I'm lost on is if there is a way to specify only users in a specific AD group (admins) that are allowed to log into the GUI.  I've tried specifying the DN of a specific user and the DN to the admin group with no luck.

      The AD structure is:
      ou=users,dc=example,dc=com
      ou=localgroups,dc=example,dc=com

      so user:
      cn=test admin,ou=users,dc=example,dc=com

      is a memberOf
      cn=admins,ou=localgroups,dc=example,dc=com

      But the login is against the sAMAccountName which is test.admin.

      Thanks.

      ETA: The "select" button next to Authentication Containers doesn't appear to be doing anything.  I'm not getting a script error in the browser.  I've tried it in Chrome and FF 3.6.

      1 Reply Last reply Reply Quote 0
      • V
        vito
        last edited by

        I am not 100% sure if group look up is supported yet.
        http://redmine.pfsense.org/issues/1009

        This was for Openvpn, not sure if the same code is used for auth to pfsense.

        1 Reply Last reply Reply Quote 0
        • T
          TomBodet
          last edited by

          @vito:

          I am not 100% sure if group look up is supported yet.
          http://redmine.pfsense.org/issues/1009

          This was for Openvpn, not sure if the same code is used for auth to pfsense.

          I missed that one.  I'm betting it's the same as you still define the ovpn auth server the same way and then point to that entry.  I'll look at the auth file he attached, maybe I can mod it for now.

          Thx vito.

          1 Reply Last reply Reply Quote 0
          • V
            vito
            last edited by

            no problem,
            I am going to take a look at this again also since i did not notice the newer files in the ticket.
            worth testing..

            1 Reply Last reply Reply Quote 0
            • V
              vito
              last edited by

              Just checking…
              Did you ever get this working?
              Not having any luck here with the new files.
              appears to fail getting groups from AD.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.