Messages

Solved applying this policies: https://forum.netgate.com/topic/187453/ldap-authentication-with-active-directory-windows-server-2025-bind-fails/3

Thanks!

Are you using LDAP (port 389) or LDAPS (port 636)? If not the latter, why not?

I'm using LDAP (389) since it's how the AD server it's (apparently) configured.

Locally using bind with credentials works ok without SSL, simple bind is what fails and I guess that's the bind mode OPNSense is using.

I'm trying to setup with SSL but now the connection to the server fails (ldap_error: Can't contact LDAP server), I'm taking a look to the AD configuration in the Windows side.

Hi

I have a Windows Server 2025 as AD, the server has the policy Network security: LDAP client signing requirements as undefined (I've also tried with disabled), the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity has the value 1, so all seems to be configured to accept LDAP binding without SSL/TLS.

In OPNSense I configure all the LDAP settings but when I test the connection it shows this error:

Code Select Expand

The following input errors were detected:
Authentication failed.
error: 00002028: LdapErr: DSID-0C090343, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v65f4
ldap_error: Strong(er) authentication required
Probably it's a Windows Server issue but I can't find how to solve it, seems that MS has disable the simple bind since when I try that from the server the same error appears (it works if I use bind with credentials).

Any idea?