FreeRadius
-
That's correct, a rebot or a simple save in the pfSensewebgui at the radiuspages will recreate all the config files from scratch and revert anything that you might have manually entered there.
You probably could use the xmlrpc procedures used when syncing configurations in a clustered install to add users to the config.xml.
-
Thank you for your reply.
yes it's for the captive portal authentification !
Why to do it? because I don't want to give access to non technical user directly to the firewall.I have make the software who download the config.xml read, modify or create radius user.
It send back the modified config.xml.
I know it's not a good solution (I' ll prefer edit /usr/local/etc/raddb/users)
if I reboot Pfsense, my change are applied and it's ok.
What I want to do now it's to find how apply the change without rebooting (like when we create users with the freeradius interface).If someone have any idea?
-
pfSense 1.3 will have a usermanager where you can exclude guipages for special users. This way you could create users that just can work on the freeradius pages for example, if that would help you.
-
Hoba !
yes it will be a great feature !
But at this times I need it do it and squid working.
I Use 1.2 RC2 who seem to work well with squidMarc
-
What I want to do now it's to find how apply the change without rebooting (like when we create users with the freeradius interface).
If someone have any idea?
/usr/local/etc/rc.d/rc.radiusd stop && /usr/local/etc/rc.d/rc.radiusd start… or whatever the radiusd startup script is called.
You could possibly just do a restart instead of the stop and start, sorry I dont have radius installed on my pfs box so you'd have to look into the script itself to see if it has the restart option and whether it picks up your changes fully.
-
I'm come back !
Thank you for your help !
Finally the software work.
It can connect to pfsense, download the config.xml and the user for radius, edit them.
When we have finish to edit the user, it send back to pfsense kill radius and start it again.
It can halt or restart the box, and I have a system setting for pfsense (ip, port, login, password).
I Can now edit the captiveportal user witout loggin into pfsense :-)
I'm going to add a function 'who is online).
Suggestions are welcome !
Marc -
Nice! I guess the community would love if you made this available to the public ;)
-
Marc,
Very nice work on the utility - could you post the user utility for freeradius so we can try it?
Thanks
Hal
-
Hi again !
Nice! I guess the community would love if you made this available to the public
Yes, i test a little bit more and i send a link to the files in one week.
Marc -
I maintain the FreeRADIUS 1.x and 2.x ports for FreeBSD, and I'm a pfSense user, so I try to respond to the FreeRADIUS threads when I notice them.
/usr/local/etc/rc.d/rc.radiusd stop && /usr/local/etc/rc.d/rc.radiusd start… or whatever the radiusd startup script is called.
You could possibly just do a restart instead of the stop and start, sorry I dont have radius installed on my pfs box so you'd have to look into the script itself to see if it has the restart option and whether it picks up your changes fully.
That should be:
/usr/local/etc/rc.d/radiusd restartFreeRADIUS 1.x doesn't support HUP - almost certainly it will end messily. There's limited support for HUP in FreeRADIUS 2.x (if I remember rightly, you can change the users file and HUP, but changes to most other parts of the configuration still require a restart), which is now available in FreeBSD ports as the net/freeradius2 port. Unfortunately I submitted the FreeRADIUS 2 port too late to make it into 6.3-RELEASE and 7.0-RELEASE.
If it would help anyone, I can probably build a FreeRADIUS 2 package for 6.3-RELEASE i386 and/or 7.0-RELEASE i386 thanks to VMware.
It may be possible to authenticate directly against the pfSense user database using rlm_perl or rlm_python (only available in 2.x unless you enable EXPERIMENTAL support). My perl skills are rather rudimentary at the moment - I do intend to improve my perl when I get the time.
David
-
This is my first screenshot…
