I've been instructed to setup an OpenVPN Server on our local pfSense VM. I've combed over tutorials and guides, netgate, openvpn documentation and I feel I must be missing something.
I've tested the AD Servers ability to bind using ldp.exe*
I can also see my various "Authentication Containers" using the [Select a container] button. (Meaning the user I'm using to authenticate to the AD Server is able to authenticate).
However when using Diagnostics>Authentication screen I fail to authenticate and receive the error in my logs: /diag_authentication.php: ERROR! Either LDAP search failed, or multiple users were found.
I feel like my issue is stemming from my entire lack of knowledge on this subject… also in my LDAP Server settings:
LDAP Server Settings on pfSense:
Hostname or IP Address: 10.x.x.x (IP of AD Domain Controller)
Port Value: 389
Transport: TCP-Standard
Peer Cert Auth: Cert Authority I created for this purpose in pfSense
Protocol Version: 3
Server Timeout: 45
Search Scope: Entire Subtree
BASE DN: DC=mydomain,DC=local
Auth Containers: CN=Users;DC=mydomain,DC=local
Extended Query: memberOf=CN=VPNUsers,CN=Users,DC=mydomain,DC=local
I really think my extended query is wrong and this is what's causing my problem.
At one point i had it working it seemed but I managed to break it again?
Variations of extended query I've tried:
memberOf=CN=VPNUsers;CN=Users,DC=mydomain,DC=local
memberOf=CN=VPNUsers;CN=Builtin,DC=mydomain,DC=local
memberOf=CN=VPNUsers;CN=Users,CN=Builtin,DC=mydomain,DC=local
Best Answer
I'm not 100% sure, but I think this is wrong:
I don't think you should use
;but use,instead.Also here: