OpenVPN with LDAP Windows 2012 R2 domain "AUTH_FAILED"

xnyp · Sep 16, 2014, 1:08 PM

Hi,

I installed a pfsense with OpenVPN in bridge mode "tap". I get connected with a local account, but I can not connect with Active Directory.

Tue 16 September 2014 11:29:13 AUTH: Received control message: AUTH_FAILED
Tue September 16 11:29:13 2014 SIGUSR1 [soft, auth-failure] received, process restarting

My domain is a domain level 2012 R2.
ping the servers OK. I can browse and select my OUs (in system> users manager> server)

I have a similar setup with a 2003 domain, it works.

Do you have any tips please?

Thank you in advance,
regards

BeerCan · Sep 16, 2014, 6:17 PM

can you post your sanitized ldap config?
Are you using extended queries?

one thing that made a difference in my domain is the extended query is in the format
memberOf=CN=Groupname,CN=Users,DC=domainname,DC=com
and not
CN=Groupname,OU=MyGroups,DC=example,DC=com

Also group member attribute is set to memberOf

xnyp · Sep 16, 2014, 7:33 PM

Hi,

Thank you for your reply.

I do not use groups, it is not mandatory? OU contains only users …
Attached screeshot ...

xnyp · Sep 17, 2014, 12:38 PM

Hello,

It's okay.

The problem was my configuration (User naming attribute / group naming attribute). It was incorrect.

Attached screeshot (good configuration) to compare with the previous.

Thank you so much!

BeerCan · Sep 18, 2014, 2:29 PM

I think the group member attribute is what is causing most peoples issues with ad/ldap.

Glad you got it working. :)