[Samba] OpenPVN authentication via Samba AD

miguel medalha medalist at sapo.pt
Tue Sep 1 17:49:41 UTC 2020

I have it working but I struggled for a while before getting there.

Read this page:


Due to a bug in PHP, what you set in the LDAP page doesn't stick. You have
to go to the pfsense's console menu and press option 16 followed by option

"The way PHP requires an LDAP connection to be setup in the environment
sometimes gets tripped up when you make changes. It's best to run 16/11
after making any change to LDAP settings."

Once I did that, it all worked like magic.

-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Marco
Shmerykowsky via samba
Sent: 1 de setembro de 2020 18:08
To: samba at lists.samba.org
Subject: [Samba] OpenPVN authentication via Samba AD

A little off topic, but this does revolve around

I'm hoping someone can help me get to a working aolution.
I haven't been able to find a clear quide, but it must
have been done by others.

I'm trying to use setup a VPN using OpenVPN on Pfsense
with authentication via my Samba AD (Version 4.9.4-Debian)

I keep getting a "Could not connect to LDAP server" error
when tying to configure the authentication server. When
I try to test the server I get a "Attempting to fetch Organizational
Units from XXXX failed" error.

The "button" in the gui that allows for "selecting a container"
for setting the authentication container doesn't work so
I set it manually (CN=users;DC=internal,DC=company,DC=com)

I've copied the ca.pem, cert.pem and key.pem files over to
pfsense to create the certificates.

The authentication server is set to type "LDAP" using a
transport of "TCP - standard" and a port of 389.  The
Peer Certificate Authority uses the cert created from
importing ca.pem.  The client certificate uses the cert
created from importing cert.pem and key.pem.

The base DN is correct (DN=internal,DN=company,DN=com).

The pfsense box can resolve the host name of the Samaba
machine  (machine.internal.company.com).

I have it set to use anonymous binds.

Some kind of connection issue I gather with connecting
to the Samba internal LDAP server.

Can anyone please point me in the correct direction? Thanks.

marco at sce-engineers.com

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list