IPSec + LDAP: required privileges are missing
I'm using pfSense 2.1 beta as I run it in a KVM environment and has virtualized drivers.
We already have a couple of deployment running fine.
On a third one I'm trying to configure IPSec with external LDAP auth but I'm having problems. I double checked IPSec and LDAP configuration and it's the exact same on another setup where it's working fine.
I'm sure LDAP settings are correct because I see pfSense can query the directory, and if I enter wrong credentials for VPN I get a specific error. So, when an LDAP user with correct credentials tries a IPSec connection I get the following in logs:
racoon: [Self]: INFO: ISAKMP-SA established 192.168.1.2-109.69.x.x spi:8ef5ae85dc9439b7:1d94dc59e519b03e
racoon: [109.69.x.x] INFO: received INITIAL-CONTACT
racoon: INFO: Using port 1
racoon: user 'prova' cannot authenticate through IPSec since the required privileges are missing.
racoon: user 'prova' could not authenticate.
racoon: INFO: Released port 1
racoon: INFO: login failed for user "prova"
The VPN works perfectly for pfsense's local users and we're actually using it this way, but I cannot understand why LDAP shouldn't work. What privileges are missing? I know local users must have IPSEC privileges, but this doesn't apply to LDAP users, AFAIK.
Any help welcome.