ADS

On the “System Authentication Servers” page in pfsense the example listed to add an Extended Query “Example: CN=Groupname,OU=MyGroups,DC=example,DC=com;OU=OtherUsers,DC=example,DC=com” was not working for me. This setting is required to authenticated only members of an ADS group. Worked nicely once I appended “memberOf=”. Level: Entire Subtree (but this can probably work at one level too) Base DN: DC=domain,DC=local Containers: DC=domain,DC=local Extended Query (checked): memberOf=CN=VPNgroup,OU=Groups,DC=domain,DC=local Kudos to BloodyIron! Reference