> Am 15.03.2020 um 08:21 schrieb S?rgio Basto via samba <samba at lists.samba.org>: > > ?On Sat, 2020-03-14 at 07:43 -0700, gabben via samba wrote: >> Your pfSense firewall has OpenVPN built into it already, and you can >> point pfSense authentication back to your samba AD. We support over >> 400 users in this model. The configuration file for OpenVPN is common >> to all users, and they authenticate with their AD credentials. > > can you give some example of configuration file for OpenVPN ? and more > about howto ?Hello, We also use this. The Documentation is very good: https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/index.html The Clients are easily installed using the client export functionality. Regards Christian> > Thank you, > -- > S?rgio M. B. > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba-- Dr. Christian Naumer Unit Head Bioprocess Development B.R.A.I.N Aktiengesellschaft Darmstaedter Str. 34-36, D-64673 Zwingenberg e-mail cn at brain-biotech.com, homepage www.brain-biotech.com fon +49-6251-9331-30 / fax +49-6251-9331-11 Sitz der Gesellschaft: Zwingenberg/Bergstrasse Registergericht AG Darmstadt, HRB 24758 Vorstand: Adriaan Moelker (Vorstandsvorsitzender), Manfred Bender, Ludger Roedder Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
Am 15.03.20 um 10:46 schrieb Christian Naumer via samba:> > >> Am 15.03.2020 um 08:21 schrieb S?rgio Basto via samba <samba at lists.samba.org>: >> >> ?On Sat, 2020-03-14 at 07:43 -0700, gabben via samba wrote: >>> Your pfSense firewall has OpenVPN built into it already, and you can >>> point pfSense authentication back to your samba AD. We support over >>> 400 users in this model. The configuration file for OpenVPN is common >>> to all users, and they authenticate with their AD credentials. >> >> can you give some example of configuration file for OpenVPN ? and more >> about howto ? > > Hello, > We also use this. The Documentation is very good: > https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/index.htmlI also have that running at a customer. Now with the new corona issues in austria I have to set that up for at least 2 other sites as well ... Unfortunately the pfsense GUI isn't very intuitive or helpful with connecting to AD: "Could not connect to the LDAP server" means everything from DNS to wrong user to missing client cert etc
>> Unfortunately the pfsense GUI isn't very intuitive or helpful with >> connecting to AD:>> "Could not connect to the LDAP server" means everything from DNS to >> wrong user to missing client cert etcI too struggled with "Could not connect to the LDAP server". The settings all looked good but still no luck. I finally discovered the cause, a bug in php. Look here: https://www.reddit.com/r/PFSENSE/comments/esxwrv/could_not_bind_to_ldap_server/ Quoting: " he way PHP requires an LDAP connection to be setup in the environment sometimes gets tripped up when you make changes. It's best to run 16/11 after making any change to LDAP settings. I'd love to switch to a more reliable method, but it is still broken in PHP 7.3. See https://redmine.pfsense.org/issues/9417 for more detail there." So, after configuring the LDAP page in pfSense, go to the console menu and use option 16 (Restart PHP-FPM) followed by option 11 (Restart webConfigurator). Suddenly, it all works. :-)