Setting up LDAP Authentication for OPNSense
28#OPNSense #LDAP #ActiveDirectory #Authentication
Full steps can be found at https://i12bretro.github.io/tutorials...
01. Open a web browser and navigate to the OPNSense web UI
02. Log in to OPNSense
03. Select System ≫ Access ≫ Servers from the left navigation menu
04. Click the Add button in the top right of the screen
05. Complete the form with the following information
The setup below will allow members of the DnsAdmins AD group to authenticate, tweak as needed
Descriptive name: i12bretro.local
Type: LDAP
Hostname or IP address
i12bretro.local
Port value: 389
Transport: TCP - Standard
Protocol version: 3
Bind credentials:
User DN: CN=Readonly SVC,CN=Users,DC=i12bretro,DC=local
Password: Read0nly!!
Search scope: Entire Subtree
Base DN: DC=i12bretro,DC=local
Authentication containers: CN=Users,DC=i12bretro,DC=local
Extended Query:
&(memberOf=CN=DnsAdmins,CN=Users,DC=i12bretro,DC=local)
User naming attribute: sAMAccountName
06. Scroll to the bottom of the page and click the Save button
07. Select System ≫ Access ≫ Tester from the left navigation menu
08. Test the login capability of an LDAP user meeting the group requirements set above
09. Select System ≫ Settings ≫ General from the left navigation menu
10. Scroll down to the Authentication section
11. Click the Server dropdown and enable authentication against the LDAP server
12. Scroll to the bottom of the page and click the Save button
13. Select System ≫ Access ≫ Users from the left navigation menu
14. Click the cloud button at the bottom right of the user table
15. Select users from LDAP to allow access to OPNSense
16. Click the edit button next to each user and add the appropriate Group Memberships
17. Click Lobby ≫ Logout from the left navigation menu
18. Test logging in as an LDAP authenticated user
Connect with me and others ###
★ Discord: / discord
★ Reddit: / i12bretro
★ Twitter: / i12bretro