{"id":1958,"date":"2025-12-08T17:56:28","date_gmt":"2025-12-08T16:56:28","guid":{"rendered":"https:\/\/www.delixirpro.com\/blog\/?p=1958"},"modified":"2025-12-10T12:07:44","modified_gmt":"2025-12-10T11:07:44","slug":"windows-server-2025-et-authentification-ldap-dans-pfsense","status":"publish","type":"post","link":"https:\/\/www.delixirpro.com\/blog\/2025\/12\/08\/windows-server-2025-et-authentification-ldap-dans-pfsense\/","title":{"rendered":"Windows Server 2025 et Authentification LDAP dans Pfsense"},"content":{"rendered":"\n

Vous avez install\u00e9 un bel AD sous Windows 2025, et votre domaine fonctionne parfaitement<\/p>\n\n\n\n

Vous avez install\u00e9 un routeur PFSENSE, et le routage fonctionne parfaitement. Il ping bien votre ad, l’ad \u00e0 bien acc\u00e8s au r\u00e9seau, tout est parfait !<\/p>\n\n\n\n

Vous souhaitez donc mettre en place un VPN, avec une authentification via l’AD. Vous l’avez fait des centaines de fois, mais la :<\/p>\n\n\n\n

\n

php-fpm 30074 \/system_authservers.php: ERROR! ldap_get_user_ous() could not bind to server .<\/p>\n<\/blockquote>\n\n\n\n

Et oui, Microsoft \u00e0 encore frapp\u00e9, et vous devez configurer quelques Policies<\/em>:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Une version texte :<\/p>\n\n\n\n

Domain Controller Policy
===Computer Configuration
======Policies
=========Windows Settings
============Security Settings
===============Local Policies
==================Security Options
=====================Domain controller: LDAP server channel binding token requirements: \u00ab\u00a0When Supported\u00a0\u00bb
=====================Domain controller: LDAP server signing requirements: \u00ab\u00a0None\u00a0\u00bb
=====================Domain controller: LDAP server Enforce signing requirements: \u00ab\u00a0Disabled\u00a0\u00bb
=====================Network security: LDAP client encryption requirements: \u00ab\u00a0Negotiate Sealing\u00a0\u00bb
=====================Network security: LDAP client signing requirements: \u00ab\u00a0Negotiate Signing\u00a0\u00bb<\/p>\n\n\n\n

Sur pfsense, il faut cocher \u00ab\u00a0Allow unauthenticated bind\u00a0\u00bb :<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n

Source : https:\/\/forum.netgate.com\/topic\/187453\/ldap-authentication-with-active-directory-windows-server-2025-bind-fails<\/a><\/p>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Vous avez install\u00e9 un bel AD sous Windows 2025, et votre domaine fonctionne parfaitement Vous avez install\u00e9 un routeur PFSENSE, et le routage fonctionne parfaitement. Il ping bien votre ad, l’ad \u00e0 bien acc\u00e8s...<\/p>\n","protected":false},"author":9,"featured_media":1964,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,8],"tags":[231,112,232,27,107,47],"class_list":["post-1958","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-non-classe","category-tech-tips","tag-ad","tag-gpo","tag-ldap","tag-pfsense","tag-ssl","tag-windows-server"],"_links":{"self":[{"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/posts\/1958","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/comments?post=1958"}],"version-history":[{"count":5,"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/posts\/1958\/revisions"}],"predecessor-version":[{"id":1968,"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/posts\/1958\/revisions\/1968"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/media\/1964"}],"wp:attachment":[{"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/media?parent=1958"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/categories?post=1958"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/tags?post=1958"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}