Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
[SOLVED] AD Authentication with OPNsense
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] AD Authentication with OPNsense (Read 3816 times)
manjeet
Jr. Member
Posts: 54
Karma: 4
[SOLVED] AD Authentication with OPNsense
«
on:
May 22, 2019, 07:35:44 am »
Hi, From my OPNsense, I need to use my UCS server as LDAP authentication.
Thing is i did used it before and it was working. Few weeks back my firewall crashed and i reinstalled it. Now i am not able to configure the server.
Before on my UCS i disabled the firewall and did some modification from some posts. Few weeks back i also migrated my Old UCS to new UCS server. I do not want to use those modifications and disabling the firewall.
I tried using OpenLdap and MS AD, tried using ports 389, 7389, and SSL 7636. No matter what i try i am not able to configure Ad authentication from OPNsense. I need help to setup the ldap. Thanks
«
Last Edit: May 24, 2019, 08:11:36 am by manjeet
»
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: AD Authentication with OPNsense
«
Reply #1 on:
May 22, 2019, 08:07:14 am »
Have you considered RADIUS to link OPNsense to AD? It has a lot of security benefits and is specifically designed to allow authentication for edge devices.
I use it for a VPN and happy to assist.
Bart...
Logged
amichel
Jr. Member
Posts: 87
Karma: 8
Re: AD Authentication with OPNsense
«
Reply #2 on:
May 22, 2019, 08:17:36 am »
If you use MS AD, did you make sure that LDAP signing is disabled? You should see an event in the security log of the DC stating that the security is too low.
Gesendet von meinem EML-L29 mit Tapatalk
Logged
manjeet
Jr. Member
Posts: 54
Karma: 4
Re: AD Authentication with OPNsense
«
Reply #3 on:
May 24, 2019, 08:09:40 am »
Thanks for the reply guys.
@bartjsmit, i also thought about to use the radius and i had some issues with it as well and do not have much time to work on it. I will be using radius in future.
@amichel, it was an MS AD in original then i migrated to Zentyal and then some other and at last on UCS. I am using the Windows and linux client both in my environment and i am not sure if it is completely MS AD compatible or not. I tried and it worked well before by using MS AD parameters but then like i mentioned i do not want to make unofficial changes to registry and server because it then hamper my other projects i need to work with AD as well as overall security.
This worked for me:
https://help.univention.com/t/solved-ad-authentication-with-opnsense/12151/2
This also works well with groups which it didn't worked in my previous setup.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
[SOLVED] AD Authentication with OPNsense