Project

General

Profile

Actions
Copy link

Bug #14943

closed

Authentication server LDAPs Unknown CA

Added by Marcelo Cury about 1 year ago. Updated about 1 year ago.

Status:
Not a Bug
Priority:
Low
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Release Notes:
Default
Affected Plus Version:
23.05.1
Affected Architecture:
4100

Description

Found that if you configure an authentication server without authentication (Standard TCP 389), and after that you change the configuration to SSL/TLS encrypted, connection works but you get a Unknown CA after a while.
Unknown CA message comes from pfSense's IP address.

Found this capturing packets on port 636 from the firewall to the LDAP server (samba-ad).


To solve this, you have to delete the authentication server completely, and recreate it again using the TLS/SSL 636 option, with the same settings.

Files

Download all files
clipboard-202311051542-wbx8j.png (58.2 KB) clipboard-202311051542-wbx8j.png Marcelo Cury, 11/05/2023 06:42 PM
clipboard-202311051543-far2k.png (31.5 KB) clipboard-202311051543-far2k.png Marcelo Cury, 11/05/2023 06:43 PM
clipboard-202311051557-lvshf.png (231 KB) clipboard-202311051557-lvshf.png Marcelo Cury, 11/05/2023 06:57 PM
Actions
Copy link
 #1

Updated by Marcelo Cury about 1 year ago

Weird, it seems that this only happens in the Dashboard.
Even when I remove the authentication server entirely and recreate it, the problem still happens, but only in the Dashboard.

Logs:

Actions
Copy link
 #2

Updated by Marcelo Cury about 1 year ago

Fixed by connecting to the console and ran menu options 16 then 11 as suggested in https://docs.netgate.com/pfsense/en/latest/troubleshooting/authentication.html

Kindly go ahead and close this bug report.

Thanks pfSense team.

Actions
Copy link
 #3

Updated by Jim Pingle about 1 year ago

  • Status changed from New to Not a Bug
Actions
Copy link

Also available in: Atom PDF