OPNsense Forum
Archive => 16.7 Legacy Series => Topic started by: Pimmal on September 02, 2016, 03:47:55 pm
-
Active Directory Authentication is working but is not receiving any groups.
Whats wrong here?
User: Pimmal authenticated successfully.
This user is a member of these groups:
-
Hi Primmal, if possible comment this issue opened with your details.
https://github.com/opnsense/core/issues/1169
I 'm getting the same problem
Best regards
-Carlos
-
I have the same problem too with LDAP and RADIUS authentication (Active Directory)
I have added the AD group in OPNSense with all permissions and specified a Class containing the group name in remote access policy of the RADIUS server.
The test is successful but with no group membership
On the login page:
With LDAP authentication, there is no access
With RADIUS authentication, the login is successful but since the AD group is not recognized (but well configured), there is no access to any pages.
-
Group membership is managed per user in OPNsense (as mentioned in the issue on GitHub).
We will supply some additional documentation later about this subject, but if the user doesn't exist in the firewall it can't have access rights. It's a design choice we made earlier, to avoid cluttering the ACL system with all sorts of calls to the outside world.
This behaviour won't change, we may at some point add some scripts to help automate the LDAP import process on regular basis.
The steps are simple.
- for Radius add users manually (radius doesn't support a "list users" call to help importing the users)
- for LDAP, import users from the server when primary UI authentication is set to LDAP, which imports the User distinguished name with it.