[Samba] PFsense via Samba Authentication Server -> ERROR! ldap_get_groups() could not bind

Marco Shmerykowsky marco at sce-engineers.com
Tue Sep 15 19:53:24 UTC 2020

On 2020-09-15 1:13 pm, miguel medalha wrote:
>> I've tried restarting PHP-FPM and webconfigurator,
>> but that doesn't seem to solve the problem.
> This must be done each time after you edit the configuration using the 
> authentication setup page. Otherwise the changes won't stick. Before I 
> knew
> this, I did suffer a lot trying to make it work and not understanding 
> why it
> didn't.

Yea - I'm lost.  I keep trying the same thing hoping for different
results.  I think that is the definition of insanity.

I've tried:

create new OU called VPNusers and a user within that call bind-user-1
Also created a user under Users called bind-user-2

then I set the following:

extended query => memberof=OU=vpnusers,DC=internal,DC=external,DC=com
authentication container => OU=vpnusers,DC=internal,DC=external,DC=com
bind user => 

no go.  Also tried:

extended query => memberof=CN=users,DC=internal,DC=external,DC=com
authentication container => CN=users,DC=internal,DC=external,DC=com
bind user => CN=vpn-bind-user-2,CN=users,DC=internal,DC=external,DC=com

After each change I run options 16 (restart php-fpm) and 11 (restart 

Tried Using 389/TCP-Standard, 389-TCP-STARTTLS, & 636/SSL-Encrypted

Tried using "Global Root CA List & No Client Cert" and "Samba CA & 

Keeps failing to bind.

More information about the samba mailing list