0

A few months ago we switched from using on on-prem AD to using Azure AD with ADDS service.

Ever since then we are having a problem with our pfSense machine. It is configured to Authenticate through LDAP but sometimes loses connection randomly. When this happens our users can't log in and can't use the company openVPN.

Our error messages on pfSense look like this: /openvpn.auth-user.php: ERROR! Could not bind to LDAP server Azure AD. Please check the bind credentials.

We don't see error messages on Azure side.

Did anyone have a similar experience?

We use: pfSense 2.4.4 Azure AD Domain Services - Standard SKU

Arpi
  • 244
  • 3
  • 10

1 Answers1

0

Your configurations in pfsense LDAP server settings should be as follows: -

• Hostname or IP Address = or

• Port value = 389(636 if SSL/TLS)

• Transport = TCP - Standard

• Peer Cert Authority = No CA Identified

• Protocol Version = 3

• Server Timeout = 25

• Search Scope = Entire Subtree

• Base DN = Nothing here

• Auth Containers = (CN=Users,DC=my,DC=domain,DC=com)

• Extended Query = true

Query = memberOf=CN=<AD security group>,CN=Users,dc=<my>,dc=<domain>,dc=<com>

• Bind Anonymous = false

• Bind Credentials = (domain\user + password)

• User naming attribute = samAccountName

• Group naming attribute = cn

• Group member attribute = memberOf

• RCF 2307 Groups = false

• Group Object Class = posixGroup

• UTF8 Encode = false

• Username Alterations = false

Please check your configuration once and follow the below links for more clarification on configuring your Pfsense with Azure AD: -

https://docs.netgate.com/pfsense/en/latest/troubleshooting/authentication.html

https://openvpn.net/vpn-server-resources/openvpn-access-server-on-active-directory-via-ldap/

https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-ldaps

Thanking you,

Kartik Bhiwapurkar
  • 4,550
  • 2
  • 4
  • 9