Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FreeRadius Configured with Unifi (3 Access Points)

    Scheduled Pinned Locked Moved
    General pfSense Questions
    2
    5
    234
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CloudNode
      last edited by

      Hello; I am trying to setup freeRadius using MAC Auth (WPA2) with 3 Unifi Access Points. I have installed freeRadius on pfSense and the NAS / Clients section I have entered in one of my unifi access point IP with a shared secret password. Then under Interface, i have left is as defeat as a * for the IP and 1812\auth.

      On the Unifi side, I have created a Radius profile with the pfsense interface IP and port of the radius server and then i enabled Radius MAC Auth under one of my SSID's and selected the Radius profile i just made.

      When i try connecting one of my wifi devices to this SSID, it does not connect to wifi ((1) Login incorrect (Failed retrieving values required to evaluate condition))

      The only way I can connect is if i manually add the device MAC into the user section of Radius; but I am not 100% sure if it should work that way. My understanding is any device that tries to connect to that SSID, will talk to radius in pfSense and will make a connection and then later on, i can edit that user and have it go to a different VLAN if wanted.

      Not sure what I am missing with this setup, any help would be awesome!!

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Hmm, if you set MAB auth then I'd expect it to only authorise known MAC addresses. But that shouldn't be required for WPA2/Ent AFAIK.

        It has been a while since I set that up though.

        C 1 Reply Last reply Reply Quote 0
        • C
          CloudNode @stephenw10
          last edited by

          @stephenw10 so for known MAC addresses, I would assume that’s any mac coming from the bad client (access point)? I have the bad client setup as well. I couldn’t imagine that I would have to enter each Mac in manually as a user for any devices that connect.

          I am using Mac auth via wpa2 just for vlan management as I don’t want to have too many SSIDs for each vlan.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            You might be better with PPSK?
            https://forum.netgate.com/topic/183241/unifi-aps-ppsk-function

            I've never used that myself though.

            C 1 Reply Last reply Reply Quote 0
            • C
              CloudNode @stephenw10
              last edited by

              @stephenw10 thanks, I happened to come across that last night and it works good.. my only concern is when I updrade to a 6ghz band access point then I would need to move over to wpa3 and that does not support PPSK (as far as I know). I am just trying to see what method should I move forward with.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post