Radius seems not to be working

Hugovsky

Ive just installed 25.03.b.20250306.0140 and I'm having a problem with radius server. I use it with unifi APs and Í can't authenticate anything. No errors in log.

Lots of these:

 	udp 	10.1.140.3:48847 -> 10.1.140.29:1812 	NO_TRAFFIC:SINGLE 	36 / 0 	8 KiB / 0 B

Seems NAS are trying to authenticate but go nowhere.

What do you think?

maverick_slo

@Hugovsky
You mean you have freeradius3 installed as a package on pfsense and it`s not starting?

If yes, I have the same issue...
No logs nothing.
I just uninstalled and reinstalled, same thing.

Moved to different radius solution.

Hugovsky

Yes, as a package. Seems like it's blocked somewhere. I've tried with NTRadPing and nothing. Reverting the boot environment restored functionality. I will wait for the next beta to see if it's resolved.

Hugovsky

@maverick_slo said in Radius seems not to be working:

Moved to different radius solution.

out of curiosity, what is your solution?

maverick_slo

@Hugovsky
Sure, I have freeradius on Ubuntu and Windows NPS

Gertjan

@Hugovsky said in Radius seems not to be working:

Ive just installed 25.03.b.20250306.0140 and I'm having a problem with radius server.

I saw something when upgrading to the latest "25_03_b_20250306".
FreeRadius showed in the GUI : it was stopped. Started it with the start button from the dashboard, but it was a no go.
I asked FreeRadius what the problem was.
For this, you need to stop it in the GUI first, and this was already the case.

Then, on then SSH/console access, start radiusd in the debug mode :

radiusd -X

and it shows something new : it couldn't start because some file was missing :

[25.03-BETA][root@pfSense.bhf.tld]/usr/local/share/freeradius: radiusd -X
FreeRADIUS Version 3.2.6
Copyright (C) 1999-2023 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/local/share/freeradius/dictionary
including dictionary file /usr/local/share/freeradius/dictionary.dhcp
including dictionary file /usr/local/share/freeradius/dictionary.vqp
including dictionary file /usr/local/etc/raddb/dictionary
......
et bang ... it errors out here.

Look at the file /usr/local/etc/raddb/dictionary :

# Local dictionary, does not need to include the master dictionary
ATTRIBUTE               MOTP-Init-Secret                900     string
ATTRIBUTE               MOTP-PIN                        901     string
ATTRIBUTE               MOTP-Offset                     902     string

$INCLUDE /usr/share/doc/radius/dictionary.pfsense
$INCLUDE /usr/local/pkg/dictionary.mpd

I want to use (INCLUDE) a file called "dictionary.pfsense" located in "/usr/share/doc/radius/" and sure enough, it wasn't there !
Strange, that same dictionary file is present in " /usr/local/share/freeradius/".

So, several solutions :
Copy the file from /usr/local/share/freeradius/ to /usr/share/doc/radius/.
Or, what I did : I linked it.

From now on, radius started again.

When I delete the this file (link) and re-install FreeRadius 0.15.13 - thats the version I have when using pfSense Beta 25.03.b.20250306.0140, it fails again.

A bug ?

edit : Here : "Chase relocating dictionary.pfsense", a 0.15.4 is in the works since last February, 2025 : https://github.com/pfsense/FreeBSD-ports/commit/90818fbb6140e193318471896a36815ce34837ab

so this is where the bug is introduced ?

/usr/share/doc/radius/dictionary.pfsense is moved to /usr/local/share/pfSense/radius/dictionary.pfsense

and forgot to update /usr/local/etc/raddb/dictionary so it points to the new location.

stephenw10

That patch should fix this. the 0.15.14 pkg version starts and runs fine. It will be in te next build which should be available very soon.