Messages

Hi,

Hello, in the authentication server (System - Access - Servers) there should be an option "Match case insensitive".

i've changed it yesterday on both LDAP Server configs - no User was deleted this Morning :)

it looks very good - thank you a lot.


regards
Ronny

Good Morning,

thanks a lot for your input.

i think we have found the/ our issue:
alle the users which where deleted have upercase letters in our AD!
for example: RStein instead of rstein

we changed the upn of these users this morning and wait for tomorrow morning.

(or can i run the script with:
configctl opnbe-core auth cleanup
directly from cli?)


regards
Ronny

thanks a lot.

btw - i cannot found anything about this feature. no documentation about this "feature" - not in this forum or anywhere else.

do you have an idea where i can looking for?


many thanks :)

thanks for your answers.

this night the user which i create manualy yesterday is still alive.
but a new one was deleted :(
this one appears for weeks on the opnsense...


how can i contact the deciso business support? is it there in the forum?

we only have the business subscription for opnsense...

i cannot see any diff to other users. no special characters or anything like that.
they are very normal users.

if these users logged on via User WebPortal (and create own OTP and download OVPN conf) - they can use the OVPN the whole day. no problems with authentication via LDAPS the whole day.


so what problem have the opnsense automation at every night?

and how can i stopp this behavior?


btw - its very interresting, that opnsense just have some cleanup job for like old/ deleted LDAP Users (offboarded Users).

oh - i see, my screenshot is missing at my first post. here is it again:

You cannot view this attachment.

Hi there,

thank you for your answers.

Maybe these users exist in the AD but not in the configured group/ou constraints that are configured for the authentication servers on OPNsense.

The Users are same configured like all other Users - there are 180 Users with no Problems.
same Groups and same Auth. Servers

Did you verify the AD replication? Might be that there are some lingering objects and users exist on one DC but not on the other.

we have 2 Auth-Servers in opnsense configured, with the same LDAPs backend server (our DC Server).
one auth config is for first logon and no OTP and the second auth config is with OTP for VPN.

 

oh - im sorry. i posted it under 25.7 :(

Hello,

i hope I'm in the right place.

We're observing a very strange behavior on our OPNsense system.

Initial situation:
We synchronize users from our Active Directory to OPNsense via LDAPS. So when users log in through the portal, they are automatically created.
After that, they download their VPN configuration, connect via OpenVPN – everything works perfectly.

Our Setup:
Type: opnsense-business (active license)
Version: 25.4.3
HA-Cluster with 2 Nodes

Problem:
Three users – always the same ones – are being deleted every night at 01:00 AM.
Attached is a screenshot showing the related messages.

Does anyone have an idea how we can prevent this?

The users are still available in Active Directory; nothing has changed there.
Thank you very much!


best regards
Ronny