[SOLVED] AD Authentication with OPNsense

[manjeet]

Hi, From my OPNsense, I need to use my UCS server as LDAP authentication.

Thing is i did used it before and it was working. Few weeks back my firewall crashed and i reinstalled it. Now i am not able to configure the server.
Before on my UCS i disabled the firewall and did some modification from some posts. Few weeks back i also migrated my Old UCS to new UCS server. I do not want to use those modifications and disabling the firewall.

I tried using OpenLdap and MS AD, tried using ports 389, 7389, and SSL 7636. No matter what i try i am not able to configure Ad authentication from OPNsense. I need help to setup the ldap. Thanks

[bartjsmit]

Have you considered RADIUS to link OPNsense to AD? It has a lot of security benefits and is specifically designed to allow authentication for edge devices.

I use it for a VPN and happy to assist.

Bart...

[amichel]

If you use MS AD, did you make sure that LDAP signing is disabled? You should see an event in the security log of the DC stating that the security  is too low.

Gesendet von meinem EML-L29 mit Tapatalk

[manjeet]

Thanks for the reply guys.

@bartjsmit, i also thought about to use the radius and i had some issues with it as well and do not have much time to work on it. I will be using radius in future.

@amichel, it was an MS AD in original then i migrated to Zentyal and then some other and at last on UCS. I am using the Windows and linux client both in my environment and i am not sure if it is completely MS AD compatible or not. I tried and it worked well before by using MS AD parameters but then like i mentioned i do not want to make unofficial changes to registry and server because it then hamper my other projects i need to work with AD as well as overall security.

This worked for me: https://help.univention.com/t/solved-ad-authentication-with-opnsense/12151/2
This also works well with groups which it didn't worked in my previous setup.