[SOLVED] AD Authentication with OPNsense

manjeet · May 22, 2019, 4:50am

Hi, I have OPNsense installed as my router/firewall. I need to use my UCS server as LDAP authentication for various purposes on OPNsense. It has a module to configure server so that same server can be used to authenticate on various modules.

Thing is i did used it before and it was working. Few weeks back my firewall crashed and i reinstalled it. Now i am not able to configure the server.
Before on my UCS i disabled the firewall and did some modification from some posts. Now few weeks back i also migrated my Old UCS to new UCS server. I do not want to use those modifications and disabling the firewall.

I tried using OpenLdap and MS AD, tried using ports 389, 7389, and SSL 7636. No matter what i try i am not able to configure Ad authentication from OPNsense. I need help to setup the ldap. Thanks

pider · May 22, 2019, 8:33am

Hello,

i have the same setup but without samba. Maybe my example config is a hint for you.

Type: ldap
Hostname/IP: dc.example.tld
Port: 7636
Transport: SSL
Peer Cert: ucs-ca -> (you have to import it from the dc)
Proto: 3
Bind Creds: uid=opnse,cn=Users,dc=example,dc=tld -> (create a bind user in ucs)
Pass: xxx
Search Scope: One Level
Base: dc=example,dc=tld
Auth Container: cn=Users,dc=example,dc=tld
Ext Query: memberOf=cn=opn,cn=Groups,dc=example,dc=tld -> (i use the memberOf Attritbute, create a group)
User Naming: uid

Hope it helps

manjeet · May 22, 2019, 10:18am

Thanks @pider, This worked perfectly.

cdietz · March 5, 2021, 3:55pm

Hello, How and where do I import (Export) the certificate, OPNsense 21.1.2-amd64, OPNsense 21.1.2-amd64
THX