Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec + LDAP: required privileges are missing

    2.1 Snapshot Feedback and Problems - RETIRED
    1
    1
    2.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • maxxerM
      maxxer
      last edited by

      Hi.
      I'm using pfSense 2.1 beta as I run it in a KVM environment and has virtualized drivers.
      We already have a couple of deployment running fine.
      On a third one I'm trying to configure IPSec with external LDAP auth but I'm having problems. I double checked IPSec and LDAP configuration and it's the exact same on another setup where it's working fine.
      I'm sure LDAP settings are correct because I see pfSense can query the directory, and if I enter wrong credentials for VPN I get a specific error. So, when an LDAP user with correct credentials tries a IPSec connection I get the following in logs:

      racoon: [Self]: INFO: ISAKMP-SA established 192.168.1.2[4500]-109.69.x.x[11026] spi:8ef5ae85dc9439b7:1d94dc59e519b03e
      racoon: [109.69.x.x] INFO: received INITIAL-CONTACT
      racoon: INFO: Using port 1
      racoon: user 'prova' cannot authenticate through IPSec since the required privileges are missing.
      racoon: user 'prova' could not authenticate.
      racoon: INFO: Released port 1
      racoon: INFO: login failed for user "prova"

      The VPN works perfectly for pfsense's local users and we're actually using it this way, but I cannot understand why LDAP shouldn't work. What privileges are missing? I know local users must have IPSEC privileges, but this doesn't apply to LDAP users, AFAIK.

      Any help welcome.
      thanks

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.