[Solved] [1.2.3RC3] Radius problem when request pass thru pfSense…
-
Hi,
I actually have a problem with my pfSense Installation, here it is :
-
First case, on left: my Wifi AP is on my LAN network, when the AP made request to the Radius server (on my MZ Network) the server (2003 Server + IAS) give an error : "The Remote Authentication Dial-In User Service (RADIUS) request was not properly formatted."
-
Second case, on right: my Wifi AP is on the same network than my Radius server, everything is OK, my users can connect (but on the wrong network)
Everything was OK for the first case but since I have upgraded to pfSense 1.2.3RC-3, the problem appeared… any ideas ? or a workaround ? (not the one to stay with the AP on my MZ network ;) )
thx !!! (and excuse me for my bad english!)
-
-
Hi,
Nice graph ;-)Are you sure that your NAT rules are OK, maybe a problem occured during upgrade ?
You can activate the logging feature of the rule and monitor the system log to see if it is triggered…
Does the radius server see the AP ?
Are there any interesting lines in the pfSense system log ?
Are there any interesting lines in the radius server log ?
Are there any interesting lines in the wifi ap system log ?
Lots of questions... maybe you could tell us what debugging actions did you take and what are your conclusions at this point?Note: Just a comment a little out of topic, but i'm quite perplex with your setup, because, i would have put the radius server in the lan and the wifi ap in the dmz... don't you ?
A radius server contains very sensitive informations, so it should be in the "safe area", and a wifi ap is (for me) a network security hole, so it should be in the " not safe area".Bye.
Mat
-
ok, I've solved my problem with disabling "Firewall Scrub" in "System: Advanced functions".
Everything work well now, thanks for your help…
@themat : to help you understand my network architecture, here is my full network diagram :
-
What did you use to make that diagram? It's very nice.
-
Omnigraffle 5 (http://www.omnigroup.com/applications/omnigraffle/ - Mac only)
-
Just curious, which stencil are you using? I can't find it anywhere on Graffletopia :/
Merci :)