Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LDAP authentication from remote AD server?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 1 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dmad
      last edited by

      I'm using PFsense 2 as a VM FW appliance to a cloud environment.. the COLO environment holds a forest with a forest trust to the OFFICE forest.(connected with IPSEC vpn tunnel)

      The COLO hosts two CLIENTAPPs.

      Currently roadwarriors connect to the OFFICE network using PPTP through traditional methods, but it would be optimal to have them connect directly to the COLO site and utilize their applications.

      The applications use the forest trust/AD from OFFICE for authentication.

      Long story short, PFsense fails to communicate with the OFFICE subnet for purposes of LDAP communication. The COLO machines can ping and communicate over the IPSec vpn tunnel without issues, but when LDAP communication is tested (diagnostic authenication test in pfsense) I get the error:

      ldap_bind(): Unable to bind to server: Can't contact LDAP server in /etc/inc/auth.inc on line 1020

      The ldap connection/test works fine with the COLO domain…

      So, I tested TRACEROUTE via the PFsense shell, and it turns out the packets for the OFFICE subnet get routed out over the internet and die..

      SOOO

      How do I set a route that the PFsense unit will obey? clearly the route exists or was created when the tunnel was established or the LAN clients wouldn't be able to communicate with the other side of the tunnel (and vise versa).. It makes me want to create a new static route but it asks for a gateway - is this gateway the other end of the tunnel GW of the OFFICE subnet? I just tested pinging the remote GW with the same effect ->internet.

      1 Reply Last reply Reply Quote 0
      • D
        dmad
        last edited by

        Ah, figured it out. I created a static route to the OFFICE network that uses a gateway pointing at the PFsense LAN interface IP and voila

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.