Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Yet another question about LDAP group membership support

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      afshin
      last edited by

      Hi Guys,

      I'm using pfsense 2.1-RC0 and trying to configure it to FreeIPA. It is authenticating with no problem but does not recognize group membership. Here is the FreeIPA log trace which seems be ok ! I've created the expected group to pfsense as well.

      appreciate all comments,
      Afshin Afzali

      conn=41 fd=66 slot=66 connection from 192.168.254.2 to 192.168.254.3
      conn=41 op=0 BIND dn="" method=128 version=3
      conn=41 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
      conn=41 op=1 SRCH base="" scope=2 filter="(uid=admin)" attrs="memberOf"
      conn=41 op=1 RESULT err=32 tag=101 nentries=0 etime=0
      conn=41 op=2 UNBIND
      conn=41 op=2 fd=66 closed - U1
      conn=42 fd=66 slot=66 connection from 192.168.254.2 to 192.168.254.3
      conn=42 op=0 BIND dn="" method=128 version=3
      conn=42 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
      conn=42 op=1 SRCH base="" scope=2 filter="(uid=admin)" attrs="memberOf"
      conn=42 op=1 RESULT err=32 tag=101 nentries=0 etime=0
      conn=42 op=2 UNBIND
      conn=42 op=2 fd=66 closed - U1
      conn=43 fd=67 slot=67 connection from 192.168.254.2 to 192.168.254.3
      conn=43 op=0 BIND dn="" method=128 version=3
      conn=43 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
      conn=43 op=1 SRCH base="cn=users,cn=accounts,dc=basamadco,dc=local" scope=2 filter="(uid=afshin)" attrs=ALL
      conn=43 op=1 RESULT err=0 tag=101 nentries=1 etime=0
      conn=43 op=2 BIND dn="uid=afshin,cn=users,cn=accounts,dc=basamadco,dc=local" method=128 version=3
      conn=43 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=afshin,cn=users,cn=accounts,dc=basamadco,dc=local"
      conn=44 fd=66 slot=66 connection from 192.168.254.2 to 192.168.254.3
      conn=44 op=0 BIND dn="" method=128 version=3
      conn=44 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
      conn=43 op=3 UNBIND
      conn=43 op=3 fd=67 closed - U1
      conn=44 op=1 SRCH base="uid=afshin,cn=users,cn=accounts,dc=basamadco,dc=local" scope=2 filter="(uid=afshin)" attrs="memberOf"
      conn=44 op=1 RESULT err=0 tag=101 nentries=1 etime=0
      conn=44 op=2 UNBIND
      conn=44 op=2 fd=66 closed - U1

      1 Reply Last reply Reply Quote 0
      • D Offline
        doktornotor Banned
        last edited by

        You need to create the matching group in User Manager as well.

        1 Reply Last reply Reply Quote 0
        • A Offline
          afshin
          last edited by

          Actually I did as I wrote in first post. But the problem was in bind credentials option. I could resolve it by changing anonymous binding to a known user.

          Thanks

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.