Active directory authentication only works with new AD users



  • Hi

    I have pfsense 2.1.5 and have configured OpenVPN to use Windows Server 2012 AD to authenticate users. I have added in all of the  available Authentication Containers through the "Select" button so no chance of a spelling error.

    The problem:

    When I create a new user in AD (post OpenVPN setup), authentication works. If I try an existing AD user (pre OpenVPN setup) then that user does not work.The new users are created in the same organisational group as the exiting users and they have all been added to the " Router Admins"  group.

    I have tried more than one existing use and have reset the passwords just to make sure.

    Any on e know what may be causing this.

    Thanks in advance



  • OK, I have figured it out. Had nothing to do with when the user was created.

    The pfsense authentication is looking at the Display name and not the logon name. So, if the user is called Bob Jones with a user name of bob.jones, the authentication only works for 'Bob Jones' and not bob.jones.

    What configuration do I need to change to fix this?

    Thanks in advance



  • what is your "user name attribute" set to? is it samAccountName

    Can you show what settings you have so we can help more?



  • Thanks for the reply.

    I did not change those settings as they did not make sense to me as I am no LDAP guru. I have now changed the settings to

    User naming attribute = samAccountName
    Group naming attribute = cn
    Group member attribute = memberOf

    and it works

    Thanks!!!