[Samba] PFsense via Samba Authentication Server -> ERROR! ldap_get_groups() could not bind
Marco Shmerykowsky
marco at sce-engineers.com
Tue Sep 15 15:33:33 UTC 2020
I've been trying to setup OPENVPN on a Netgate appliance
running pfsense.
Initially, the authentication server I created appears
to function. A connection is made, the "bind" is completed
and the organizational units are fetched from the server
and returned.
A few minutes later - without making any changes -
the same test returns the following errors:
php-fpm 67757 /system_usermanager_settings.php: ERROR!
ldap_get_groups() could not bind to server ADS-server.
php-fpm 67757 /system_usermanager.php: ERROR! ldap_get_groups() could
not bind to server ADS-server.
I've tried restarting PHP-FPM and webconfigurator,
but that doesn't seem to solve the problem.
I've configured an authentication server as follows:
hostname: samba.internal.external.com
(This resolves to the IP with a hostname entry)
port: 636
Transport: SSL-Encrypted
Peer Certificate Authority: Samba-CA (imported from samba's ca.pem file)
Client Certificate: Samaba-server-cert (imported from samba's cert.pem
and key.pem files)
Protocol: 3
Server Timeout: 25
Search Scope: Entire Subtree
Base DN: DC=internal,DC=external,DC=com
Auth. Container: CN=Users,DC-internal,DC=external,DC=com
Enable Extended Query:
Query: memberof=CN=Domain
Users,CN=Users,DC-internal,DC=external,DC=com
Bind credentials:
user: CN=binduser,CN=Users,DC-internal,DC=external,DC=com
passwd: apassword
User naming attribute: samAccountName
Group naming attribute: cn
Group member attribute: memberof
This seems like it should be straight forward. What am I missing?
Thanks
--
Marco
More information about the samba
mailing list