IPSEC + Xauth not seeing System Group Authentication
-
Greetings
I have Ldap setup with my MS-AD and groups. the group auth for the UI is working but when I attempt to login with a valid AD user not in the IPSEC-Xauth group they are passed through as though they were. Should there be a different option for the ldap group as well or should the system group be blocking non group members. I am using snapshot from 8/14/13
-
It should behave identically from Diagnostics > Authentication and from the user xauth login.
Is anything logged differently in the system logs when you try to login both ways?
-
when i log in with an unprivileged user in diagnostics authentication the user authenticates with no group membership. And when they login to the vpn client they are passed straight through. ย The Xauth permission doesnt seem to matter.
-
The problem is that you have to restrict with container.
Group membership is not finished completely in 2.1 and is in the roadmap with 2.2.
So only the container by specifying the ou as a limit will help in this regard, if that's an option at all. -
Extended Query should work so long as you specify it using the correct syntax. Others on the forum have said it worked for them, but I haven't tested it.
See http://doc.pfsense.org/index.php/LDAP_Troubleshooting#Extended_Query
