PfSense 2.0 and LDAP / AD Authentication - Group Membership



  • I know I'm probably missing the obvious but it's Friday and it escapes me.

    Looking at the server setup for LDAP, I've got authentication working with my AD server specifying the Auth container of the users OU.

    What I'm lost on is if there is a way to specify only users in a specific AD group (admins) that are allowed to log into the GUI.  I've tried specifying the DN of a specific user and the DN to the admin group with no luck.

    The AD structure is:
    ou=users,dc=example,dc=com
    ou=localgroups,dc=example,dc=com

    so user:
    cn=test admin,ou=users,dc=example,dc=com

    is a memberOf
    cn=admins,ou=localgroups,dc=example,dc=com

    But the login is against the sAMAccountName which is test.admin.

    Thanks.

    ETA: The "select" button next to Authentication Containers doesn't appear to be doing anything.  I'm not getting a script error in the browser.  I've tried it in Chrome and FF 3.6.



  • I am not 100% sure if group look up is supported yet.
    http://redmine.pfsense.org/issues/1009

    This was for Openvpn, not sure if the same code is used for auth to pfsense.



  • @vito:

    I am not 100% sure if group look up is supported yet.
    http://redmine.pfsense.org/issues/1009

    This was for Openvpn, not sure if the same code is used for auth to pfsense.

    I missed that one.  I'm betting it's the same as you still define the ovpn auth server the same way and then point to that entry.  I'll look at the auth file he attached, maybe I can mod it for now.

    Thx vito.



  • no problem,
    I am going to take a look at this again also since i did not notice the newer files in the ticket.
    worth testing..



  • Just checking…
    Did you ever get this working?
    Not having any luck here with the new files.
    appears to fail getting groups from AD.


Log in to reply