Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal with RADIUS and NPS no authentication possible

    Captive Portal
    3
    4
    680
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fbmm
      last edited by fbmm

      Hi everyone,

      I've come to a point where I don't know how to proceed. The setting:

      • pfSense with Captive Portal
      • NPS on a Windows Server 2019 on the same network

      Everything has been configured following this guide: https://docs.netgate.com/pfsense/en/latest/recipes/radius-windows.html#thirdparty-radius-windows-server

      When I test authentication in the Captive Portal or in Diagnostics -> Authentication, it will result in either of these options

      • "Authentication failed."
      • nginx 502 Bad gateway
      • System log: "php-fpm 16019 /index.php: Error during RADIUS authentication : Operation timed out"

      The funny thing is: when I check NPS logs, authentication is logged as successful and access is granted to the user. pfSense tries to authenticate three times in a row, with 5 seconds in between the attempts.

      Any ideas why authentication on pfSense will result in a Timeout when authentication actually seems to be successful?

      Thanks very much for your ideas.

      Edit: from the nginx logs:
      2023/08/30 11:25:43 [error] 62296#100352: *466 upstream prematurely closed connection while reading response header from upstream, client: 192.168.40.204, server: , request: "POST /index.php?zone=wlan_gast HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket:", host: "192.168.40.1:8002", referrer: "http://192.168.40.1:8002/index.php?zone=wlan_gast"

      GertjanG Y 2 Replies Last reply Reply Quote 0
      • GertjanG
        Gertjan @fbmm
        last edited by

        @fbmm said in Captive Portal with RADIUS and NPS no authentication possible:

        2023/08/30 11:25:43 [error] 62296#100352: *466 upstream prematurely closed connection while reading response header from upstream, client: 192.168.40.204, server: , request: "POST /index.php?zone=wlan_gast HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket:", host: "192.168.40.1:8002", referrer: "http://192.168.40.1:8002/index.php?zone=wlan_gast"

        The 192.168.40.1 is the captive portal interface address - and 192.168.40.204 is the captive portal client ?
        You are using the default build in captive portal login page ?

        To test :
        Stop this one :

        2076a664-1e16-4993-aec6-e75fb6748b5f-image.png

        and open an SSH or console connection. Use option 8.
        Execute radius in debug mode :

        radiusd -X

        Now, you'll see a lot of info.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • Y
          yanqian @fbmm
          last edited by

          @fbmm I also failed to use NPS as radius server before, discussed in this thread, but hadn't found solution at that time:
          https://forum.netgate.com/topic/149744/windows-radius-server

          You may search the forum, and refer to other working NPS related posts.

          Y 1 Reply Last reply Reply Quote 0
          • Y
            yanqian @yanqian
            last edited by yanqian

            Update:
            I tried to use NPS on server 2016 as RADIUS server just now, it works.
            Pfsense version is 2.7.0, RADIUS MS-CHAPv2 .

            1 Reply Last reply Reply Quote 0
            • First post
              Last post