Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Trying to login with LDAP removes my account from the admin group
« previous
next »
Print
Pages: [
1
]
Author
Topic: Trying to login with LDAP removes my account from the admin group (Read 2338 times)
loganx1121
Full Member
Posts: 123
Karma: 0
Trying to login with LDAP removes my account from the admin group
«
on:
October 09, 2020, 02:55:40 am »
So I've had LDAP configured for a while on the firewall, but I figured I should start using it to actually login instead of just using the local database. My account is a member of the local admins group. I RDP'd to a VM, logged into the fw as root, Settings | Admninistration | Authentication...I checked both domain controllers and the local database for a backup. I tried to login with my local account, which has the same username and password as my domain admin account, and the page kind of blinks and just shows me the login screen again. When I check the user section from the virtual machine using the root account, my account has been removed from the admin group...
The tester works fine for my account, as well as various other test user accounts I've made. Anyone know why this thing is kicking me out of the admin group?
Oddly enough, if I change the account on the firewall to use a different password than my domain password, it logs in fine. I'm assuming this is just using the local database and not AD auth though.
Logged
loganx1121
Full Member
Posts: 123
Karma: 0
Re: Trying to login with LDAP removes my account from the admin group
«
Reply #1 on:
October 09, 2020, 02:58:15 am »
Oh I also tried creating a new group with admin permissions, and adding my account using the import option. Same result.
Logged
loganx1121
Full Member
Posts: 123
Karma: 0
Re: Trying to login with LDAP removes my account from the admin group
«
Reply #2 on:
October 09, 2020, 03:02:30 am »
Ok so doing some more testing. If I give my actual account permissions to everything, it works. If I add the account to a group, say, admins, and give the -group- permissions to everything, it kicks me out of the group.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Trying to login with LDAP removes my account from the admin group
«
Reply #3 on:
October 09, 2020, 06:00:15 am »
You have synchronize option ticked but groups doesnt match
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
loganx1121
Full Member
Posts: 123
Karma: 0
Re: Trying to login with LDAP removes my account from the admin group
«
Reply #4 on:
October 11, 2020, 03:28:00 am »
Good call. Thanks!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Trying to login with LDAP removes my account from the admin group