[Samba] OpenPVN authentication via Samba AD

Daniel Lopes de Carvalho daniel at cepetro.unicamp.br
Tue Sep 1 17:36:51 UTC 2020

Hello Marco.

I have a working OpenVPN pfSense authenticating via Samba AD 4.12.

I'm not sure if it is possible to attach the configuration screen shots
here in Samba mailing. Then, I'll send it directly to you, OK?


On Tue, Sep 1, 2020 at 2:27 PM Marco Shmerykowsky via samba <
samba at lists.samba.org> wrote:

> A little off topic, but this does revolve around
> Samaba.
> I'm hoping someone can help me get to a working aolution.
> I haven't been able to find a clear quide, but it must
> have been done by others.
> I'm trying to use setup a VPN using OpenVPN on Pfsense
> with authentication via my Samba AD (Version 4.9.4-Debian)
> I keep getting a "Could not connect to LDAP server" error
> when tying to configure the authentication server. When
> I try to test the server I get a "Attempting to fetch Organizational
> Units from XXXX failed" error.
> The "button" in the gui that allows for "selecting a container"
> for setting the authentication container doesn't work so
> I set it manually (CN=users;DC=internal,DC=company,DC=com)
> I've copied the ca.pem, cert.pem and key.pem files over to
> pfsense to create the certificates.
> The authentication server is set to type "LDAP" using a
> transport of "TCP - standard" and a port of 389.  The
> Peer Certificate Authority uses the cert created from
> importing ca.pem.  The client certificate uses the cert
> created from importing cert.pem and key.pem.
> The base DN is correct (DN=internal,DN=company,DN=com).
> The pfsense box can resolve the host name of the Samaba
> machine  (machine.internal.company.com).
> I have it set to use anonymous binds.
> Some kind of connection issue I gather with connecting
> to the Samba internal LDAP server.
> Can anyone please point me in the correct direction? Thanks.
> --
> Marco
> marco at sce-engineers.com
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


Daniel Lopes de Carvalho
daniel at cepetro.unicamp.br
19 3521-1221

More information about the samba mailing list