Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense + LDAP: Start TLS

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 1 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by

      Hi,

      Some questions concerning the freeRADIUS implementation on pfSense:

      • Can you use ldap (389) port when you select TLS options (i.e. use StartTLS over 389)?  Or does this only work over ldaps?

      • Do you have to supply a copy of the server cert?  Normally with LDAP clients I only need the CA cert.  Does pfSense work if I only select the CA cert and leave the server cert as none?

      • Do any explicit firewall rules need to exist to allow traffic from the router to the LDAP server on the LAN?  Does the traffic get seen as coming from the gateway address on the LAN, or does the router automatically have access to the LAN net from the localhost?

      Regards,
      Rob.

      1 Reply Last reply Reply Quote 0
      • ?
        A Former User
        last edited by

        Solved.

        • Yes you can, the config option "start_tls" is used, independent of the protocol type.

        • No you do not, however there is some "faf" you have to go through to get FreeRadius to operate with only the CA cert, see here: https://forum.pfsense.org/index.php?topic=84564.0

        • No rules appear to be required, the router services have access onto the VLAN without explicit rules.

        Regards,
        Rob.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.