• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN with LDAP Windows 2012 R2 domain "AUTH_FAILED"

Scheduled Pinned Locked Moved OpenVPN
5 Posts 2 Posters 1.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • X
    xnyp
    last edited by Sep 16, 2014, 1:08 PM Sep 16, 2014, 9:52 AM

    Hi,

    I installed a pfsense with OpenVPN in bridge mode "tap". I get connected with a local account, but I can not connect with Active Directory.

    Tue 16 September 2014 11:29:13 AUTH: Received control message: AUTH_FAILED
    Tue September 16 11:29:13 2014 SIGUSR1 [soft, auth-failure] received, process restarting

    My domain is a domain level 2012 R2.
    ping the servers OK. I can browse and select my OUs (in system> users manager> server)

    I have a similar setup with a 2003 domain, it works.

    Do you have any tips please?

    Thank you in advance,
    regards

    1 Reply Last reply Reply Quote 0
    • B
      BeerCan
      last edited by Sep 16, 2014, 6:17 PM

      can you post your sanitized ldap config?
      Are you using extended queries?

      one thing that made a difference in my domain is the extended query is in the format
      memberOf=CN=Groupname,CN=Users,DC=domainname,DC=com
      and not
      CN=Groupname,OU=MyGroups,DC=example,DC=com

      Also group member attribute is set to memberOf

      1 Reply Last reply Reply Quote 0
      • X
        xnyp
        last edited by Sep 16, 2014, 7:33 PM

        Hi,

        Thank you for your reply.

        I do not use groups, it is not mandatory? OU contains only users …
        Attached screeshot ...

        adsettings.png
        adsettings.png_thumb

        1 Reply Last reply Reply Quote 0
        • X
          xnyp
          last edited by Sep 17, 2014, 12:38 PM Sep 17, 2014, 12:31 PM

          Hello,

          It's okay.

          The problem was my configuration (User naming attribute /  group naming attribute). It was incorrect.

          Attached screeshot (good configuration) to compare with the previous.

          Thank you so much!

          VPNOK.png
          VPNOK.png_thumb

          1 Reply Last reply Reply Quote 1
          • B
            BeerCan
            last edited by Sep 18, 2014, 2:29 PM

            I think the group member attribute is what is causing most peoples issues with ad/ldap.

            Glad you got it working. :)

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received