Scribd Logo
Upload

Welcome to Scribd!

  • 596 views

    Log in To PfSense Based On Active Directory Group Membership

    Uploaded by

    Godspower Inibu
    This document provides instructions for configuring PfSense to allow authentication of users through Active Directory group membership. It describes creating a dedicated Active Directory account for PfSense to use to connect to AD. It then provides steps to define an LDAP authentication server in PfSense pointing to the Active Directory domain controller, and to create a remote PfSense group that maps to an AD group for authorization. Finally, it describes configuring the User Manager to use the new authentication server, allowing logins via AD accounts that are members of the designated group.

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd

    Log in To PfSense Based On Active Directory Group Membership

    Uploaded by

    Godspower Inibu
    596 views8 pages
    This document provides instructions for configuring PfSense to allow authentication of users through Active Directory group membership. It describes creating a dedicated Active Directory account for PfSense to use to connect to AD. It then provides steps to define an LDAP authentication server in PfSense pointing to the Active Directory domain controller, and to create a remote PfSense group that maps to an AD group for authorization. Finally, it describes configuring the User Manager to use the new authentication server, allowing logins via AD accounts that are members of the designated group.

    Original Description:

    Connecting active directory group to pfsense

    Original Title

    Log in to PfSense Based on Active Directory Group Membership

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document provides instructions for configuring PfSense to allow authentication of users through Active Directory group membership. It describes creating a dedicated Active Directory account for PfSense to use to connect to AD. It then provides steps to define an LDAP authentication server in PfSense pointing to the Active Directory domain controller, and to create a remote PfSense group that maps to an AD group for authorization. Finally, it describes configuring the User Manager to use the new authentication server, allowing logins via AD accounts that are members of the designated group.

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    596 views8 pages

    Log in To PfSense Based On Active Directory Group Membership

    Uploaded by

    Godspower Inibu
    This document provides instructions for configuring PfSense to allow authentication of users through Active Directory group membership. It describes creating a dedicated Active Directory account for PfSense to use to connect to AD. It then provides steps to define an LDAP authentication server in PfSense pointing to the Active Directory domain controller, and to create a remote PfSense group that maps to an AD group for authorization. Finally, it describes configuring the User Manager to use the new authentication server, allowing logins via AD accounts that are members of the designated group.

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    of 8

    Log in to PfSense based on Active Directory group membership

    You can assign an Active Directory group to log in to PfSense’s web interface.
    This article has a more elaborate discussion of two different methods to achieve an Active
    Directory link, here I’ll just describe the LDAP one. RADIUS will work as well.

    On your domain controller

    Create a PfSense group and add users who should be allowed to log in to PfSense.
    Create a dedicated account for PfSense to connect to AD with, for example ‘pfsense-ad’. Give
    the account a hard password, set it to never expire and do not make it a member of any particular
    groups. This account is only used to establish the connection to Active Directory, not to perform
    the actual authentication.

    On PfSense
    Define an Authentication Server: go to System > User Manager Authentication Servers
    and click Add.
    My AD information:
    Domain: test.lab
    Domain controller: server01.test.lab, 192.168.90.2
    Dedicated AD connection user: [email protected]

    Desciptive nam AD-adminsgroup


    Type LDAP
    Hostname or IP
    address your AD domain controller’s ip address
    Port value 389
    Transport TCP – Standard
    Protocol version 3
    Search Scrope Entire Subtree
    Base DN DC=TEST,DC=LAB
    Authentication
    containers CN=Users,DC=test,DC=lab
    Extended query Enabled
    Query memberOf=CN=PfSense,CN=Users,DC=test,DC=lab
    Bind anonymous Unchecked
    [email protected] (your dedicated PfSense AD
    Bind credentials account)
    Microsoft AD (this will set the next three values
    Initial Templace correctly)
    User naming
    attribute samAccountName
    Group naming
    attribute cn
    Group member
    attribute memberOf
    RFC 2307 Groups Unchecked
    Add the AD group to PfSense: go to System > User Manager > Groups and click Add.

    Group name PfSense (your AD group name)


    Scope Remote
    Group membership leave empty

    Click Save, then click the Edit icon for the group you just created and click Add.
    Select WebCfg – All pages (or any other pages you want to assign – ‘WebCfg – All pages’
    gives admin access) and click Save.
    Point the User Manager to the new Authentication Server: go to System > User Manager >
    Settings and set Authentication Server to AD-adminsgroup (the Authentication Server
    you just created).

    Click Save & Test.

    Now you can log into the PfSense web interface with your AD account if you are a member of
    the right group.

    You might also like