pfsense and users from Zentyal 4.0 over LDAPS

A quick show and tell getting pfsense 2.2 doing user authentication from Zentyal/ Samba Server on port 636.

On the zentyal host run

openssl s_client -showcerts -connect localhost:636

pfsense will need a few things from Zentyal/Samba.
1. on the line that says

  i:/O=Samba Administration/OU=Samba - temporary autogenerated certificate/CN=servernamehere.domain.lan

servernamehere.domain.lan will be used as the hostname to connect to. This FQDN MUST PING on the pfsense firewall.  In the DNS Forwarder on pfsense add in servernamehere.domain.lan  and the ip of the zentyal machine.

2.  Copy certificate data, and upload to pfsense Cert. Manager.  From the above command copy BEGIN CERT to the END CERT into the Cert Manager as a new CA. Any description name should do.  Hit save.

pfsense Configuration Snapshot

Create a User in Zentyal that will allow the bind "pfsenseconnect" or some such user.  Also get the BASE DN from Zentyal Users and Computers -> Ldap Settings.

Click select and if you see your LDAP tree, you are connecting over SSL!

Go Here https://doc.pfsense.org/index.php/LDAP_Troubleshooting for more information