User Assigned Privileges Question



  • Hello All,

    I'm a noob to the forums and pfsense in general so I apologize if this is a stupid question. I've researched and can't seem to find a solution. I've created two active directory groups (Admin and Read-only). I'm using LDAP to connect back to the AD server. I can login just fine with my domain credentials. Now I want to setup privileges. Full admin rights work just fine. However User - Config - Deny Config Write does not work for active directory users.

    Right now the assigned privileges for the read-only group are "User - Config - Deny Config Write" and "WebCfg - All pages". I created a local user and assigned these same privileges and it worked as intended (the account could not save changes). However it just doesn't work for active directory accounts. I also verified that the account is a member of the read-only group. Does anyone have any ideas?


  • Rebel Alliance Developer Netgate

    Are you certain the user is being put into the correct group?

    I can't think of any reason why that privilege wouldn't work from LDAP unless the user wasn't actually being detected as a member of the group that included the privilege.