LDAP + Timebased OTP does not create user

Started by haebi5, May 17, 2024, 04:48:27 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 17, 2024, 04:48:27 PM Last Edit: May 20, 2024, 02:14:19 PM by haebi5
Hi all

I have configured an Access Server with LDAP + Timebased OTP configuration. Logging into the portal ends up with the error: No page assigned to this user! Click here to logout.

The user name@domain is in the AD group "VPN" which I have created manually on the local user DB. The VPN group has assigned priviledges to "System: User Password Manager"

The user is not created as described and stated in the WiKi. It shows the same behaviour, when I import the user with the cloud icon.

The log says:
/index.php: Successful login for user 'name@domain' from: IP
user name@domain authenticated successfully for WebGui [using OPNsense\Auth\Services\WebGui + OPNsense\Auth\LDAP]

What else am I missing?

Any help appreciated.

Best,
rene
May 23, 2024, 07:26:42 PM #1
I can confirm, that it is working under the following condition:

System:Access:Servers:"User naming attribute" to [sAMAccountName]

Under the following condition it is not working:

System:Access:Servers:"User naming attribute" to [UserPrincipalName] (which is the eMail address)

It would be nice, if the user would be able to login everywhere whith the same login name.
May 23, 2024, 10:33:51 PM #2
Have you tried using [mail] instead of [UserPrincipalName]?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
May 25, 2024, 12:22:15 PM #3
Interesting approach.

The behaviour is slightly different. The prompt falls back to the empty login screen, no visible error to the user.

The log says, the user is authenticated, the user is not created.
Print
Go Up Pages1
User actions