Add Active Directory users to Pfsense users list
in the past about the pfSense firewall, which is one of the strongest open source firewall that has been fully debated.
In this article, we are going to teach you how to add Active Directory users to the Pfsense user list. After configuring, you can use IPSec, OpenVPN, or other tasks required using AD authentication.
Configuring pfSense with Active directory authentication
In the first step, you need to make sure that you communicate between the Active Directory and pfsense. You can use the Ping option to test the connection from the Diagnostics menu. It should be noted that in case of non-communication, you must create the necessary access to the Rule menu in the firewall.
After ensuring that Pfsense communicates with Active Directory, you must add Active Directory DNS to pfSense. To do this, you must select the General Setup option from the System menu.
In the DNS Servers section, enter the DNS address of your active directory server. If you have other DNSs, you can enter it and then click Save on the bottom.
After assigning DNS, in the next step, you must use the AD server in pfSense for authentication.
From the System menu, select the User Manager option, and then click on the Authintication Server tab and click on the add option. The fields that need to be completed are as follows
At this point, if you can correctly record information, you can use the Select a container option to view all groups, OUs and Active Directory users as Distinguished Name.
After making the configuration settings, click the save button and go to the setting tab, and in Authintication Server, which is located on the Local Database, and only uses its local users, on the name given in the previous step. Set Descriptive Name.
Of course, the following steps should be taken:
1. After the end of the above steps, pfSense will only use AD users for authentication. And if the configuration is not done properly, you will only be able to login to pfSense with the admin user.
2- Before you modify the database in the Authintication Server, select the Authintication option from the Diagnostics menu and ensure communication with the AD server.
You will not be able to access any page in pfSense after changing the database on the Authintication Server and Logout and Login with the user’s domain members. To resolve this problem, the names in the Groups and Active Directory groups must be named, which will allow users to login to Pfsense. In the final step, you must specify the user’s access level for this group.
Hope to be useful for friends and colleagues.