NEW Package: freeRADIUS 2.x
-
In general freeradius2 package is available for i386/amd64 installations using pfsense version 2.x
Full installation on HDD is supported and it should run on nanobsd installations, too.Not sure, why it will not be displayed on you installation but you can try this:
1.) login on pfsense
2.) access this URL: http://your_pfsense_IP/pkg_mgr_install.php?id=freeradius2 -
In general freeradius2 package is available for i386/amd64 installations using pfsense version 2.x
Full installation on HDD is supported and it should run on nanobsd installations, too.Not sure, why it will not be displayed on you installation but you can try this:
1.) login on pfsense
2.) access this URL: http://your_pfsense_IP/pkg_mgr_install.php?id=freeradius2this is my pfsense:
2.0.1-RELEASE (i386)
built on Mon Dec 12 17:53:52 EST 2011
FreeBSD 8.1-RELEASE-p6You are on the latest version.
im using the http://mirror.optus.net/pub/pfSense/downloads/pfSense-2.0.1-RELEASE-i386.iso.gz
installed everything on my hdd using vmware workstation 8
installed lusca and squidguard without problems…i have the same problem it does not show on available packages
here's the error on console when i try pkg_add -r freeradius2
and manual adding it on the pfsense webguiis there a way i can fetch it or modify the repo links or xml? how?
or how can i install it manually or add it on the available package list?
-
I have some different VMs with 2.0.1 x86/x64 installs and pfsense 2.1 installs.
I can install the package on all machines from the GUI.The parameter which indicates the version is the same as for lets say squid2 or squidguard:
<required_version>2.0</required_version>But I am not sure where the check is for the different installation types like CD, nanobsd and embedded :(
Can you try another .iso image from another mirror ?
-
I have some different VMs with 2.0.1 x86/x64 installs and pfsense 2.1 installs.
I can install the package on all machines from the GUI.The parameter which indicates the version is the same as for lets say squid2 or squidguard:
<required_version>2.0</required_version>But I am not sure where the check is for the different installation types like CD, nanobsd and embedded :(
Can you try another .iso image from another mirror ?
the url is invalid i found it here https://redmine.pfsense.org/issues/2075
https://redmine.pfsense.org/projects/pfsense/repository/revisions/c70452506a0ab84a9d72547656b516f6e61578da
i don't know how to apply the diff this is the fix… -
That's not the problem why you do not get freeradius in packagemanager GUI.
If you want to use pkg_add -r then just use the complete path to pfsense server.
x86:
pkg_add -r http://files.pfsense.org/packages/8/All/freeradius-2.1.12_1.tbzx64:
pkg_add -r http://files.pfsense.org/packages/amd64/8/All/freeradius-2.1.12_1.tbz -
That's not the problem why you do not get freeradius in packagemanager GUI.
If you want to use pkg_add -r then just use the complete path to pfsense server.
x86:
pkg_add -r http://files.pfsense.org/packages/8/All/freeradius-2.1.12_1.tbzx64:
pkg_add -r http://files.pfsense.org/packages/amd64/8/All/freeradius-2.1.12_1.tbzthanks! it's working now…
i tried this post to install the gui: http://forum.pfsense.org/index.php?topic=50572.0
Fatal error: Call to undefined function freeradius_install_command() in /usr/local/www/exec.php(244) : eval()'d code on line 9any solutions?
-
hi all! culd any one help me to config xmlrpc sync? i print gui ip adress, password, but sync does't done
-
Hello,
Just tried this package for the first time today and it's great! There's just one minor problem that I would need to solve before I could use this in production. Unfortunately, I'm not a programmer, so wouldn't know where to begin…
What I would like is to have a check box that lets me enter the plaintext password for the user, but encrypts it in the /usr/local/etc/raddb/users file because otherwise any admin can view the plaintext password. To get around this on my existing Linux FreeRADIUS server, I have a small perl script as follows:
#! /usr/bin/perl -w use strict; use Digest::MD5; use MIME::Base64; unless($ARGV[0]){ print "Please supply a password to create a MD5 hash from.\n"; exit; } my $ctx = Digest::MD5->new; $ctx->add($ARGV[0]); print encode_base64($ctx->digest,'')."\n";So, at the command line, to generate the MD5 password hash:
radius:~ # /root/md5pass.pl <chosen password=""> X03MO1qnZdYdgyfeuILPmQ==</chosen>Then to use this in my users file I would use the following:
"stuart" MD5-Password := "X03MO1qnZdYdgyfeuILPmQ=="Anyone have any thoughts on this?
Thanks,
Stuart -
i found out the solution…
ok to everyone that has no freeradius2 on their package list here's the simple fix...
execute this > ./package.sh off -
hi all! culd any one help me to config xmlrpc sync? i print gui ip adress, password, but sync does't done
Could you please explain more in detail whats your problem ?
You have freeradius-server-A and freeradius-server-B
You want to sync from A to B
On A Enable "Automatically sync freeRADIUS configuration changes?"
On A enter the protocol, the IP, the port of B
Enable the "Enable" checkbox in front of this line.
SaveThat's it.
-
Hello,
Just tried this package for the first time today and it's great! There's just one minor problem that I would need to solve before I could use this in production. Unfortunately, I'm not a programmer, so wouldn't know where to begin…
What I would like is to have a check box that lets me enter the plaintext password for the user, but encrypts it in the /usr/local/etc/raddb/users file because otherwise any admin can view the plaintext password. To get around this on my existing Linux FreeRADIUS server, I have a small perl script as follows:
#! /usr/bin/perl -w use strict; use Digest::MD5; use MIME::Base64; unless($ARGV[0]){ print "Please supply a password to create a MD5 hash from.\n"; exit; } my $ctx = Digest::MD5->new; $ctx->add($ARGV[0]); print encode_base64($ctx->digest,'')."\n";So, at the command line, to generate the MD5 password hash:
radius:~ # /root/md5pass.pl <chosen password=""> X03MO1qnZdYdgyfeuILPmQ==</chosen>Then to use this in my users file I would use the following:
"stuart" MD5-Password := "X03MO1qnZdYdgyfeuILPmQ=="Anyone have any thoughts on this?
Thanks,
StuartI attached you two files. Replace them with the existing ones in /usr/local/pkg
I used example one on this page. Try if it is ok or if there is something to be changed:
http://php.net/manual/en/function.md5.phpIf you want to check the code edit freeradius.inc and watch lines 394-402
–- edit ---
it seems that we do not just need a md5 encoding but after that a base64 encoding of the md5 hash. Could you please try your cript with a password and post your password here and the according hash for that ? So we could do some more tests.
or someone could explain what is done in this perl script ;o) -
i found out the solution…
ok to everyone that has no freeradius2 on their package list here's the simple fix...
execute this > ./package.sh offThank you for your feedback. It would be interesting why this is needed on some .iso images and not on others.
But it is nice to hear that it is working for you now :) -
Could you please explain more in detail whats your problem ?
You have freeradius-server-A and freeradius-server-B
You want to sync from A to B
On A Enable "Automatically sync freeRADIUS configuration changes?"
On A enter the protocol, the IP, the port of B
Enable the "Enable" checkbox in front of this line.
SaveThat's it.
yes, i do all this step and allow all trafic in firewall rule, but server don't sync, in log type:
nov 13 09:42:11 php: /pkg.php: FreeRADIUS: Starting XMLRPC process (freeradius_do_xmlrpc_sync) with timeout seconds.
nov 13 09:42:11 php: /pkg.php: FreeRADIUS: XMLRPC Sync with x.x.x.x has incomplete credentials. No XMLRPC Sync done!
nov 13 09:42:11 php: /pkg.php: FreeRADIUS: Finished XMLRPC process (freeradius_do_xmlrpc_sync). -
XMLRPC Sync with x.x.x.x has incomplete credentialsPerhaps you are using some special characters in your password which are not allowed.
Can you try a simple password like "password123" and then try again ?It MUST be the password for the "admin" account of pfsense. no other account will work.
-
Hi,
Thanks for your very speedy reply. I'll try the attached files later today.
I attached you two files. Replace them with the existing ones in /usr/local/pkg
I used example one on this page. Try if it is ok or if there is something to be changed:
http://php.net/manual/en/function.md5.phpIf you want to check the code edit freeradius.inc and watch lines 394-402
–- edit ---
it seems that we do not just need a md5 encoding but after that a base64 encoding of the md5 hash. Could you please try your cript with a password and post your password here and the according hash for that ? So we could do some more tests.
or someone could explain what is done in this perl script ;o)For info, I implemented strong passwords on my Linux FreeRADIUS server based on info I found here:
http://www.packtpub.com/article/freeradius-authentication-storing-passwords
To be honest, it doesn't need to be an MD5 password but that's just the first thing I tried that worked. I was in a hurry yesterday when I posted - what I meant by "check box" was in the user creation tab, have a check box marked "encrypt password" and if selected, hash using MD5 or some other workable way.
If MD5 is the preferred option, then here are some sample hashes for you:
radius:~ # ./md5pass.pl hello XUFAKrxLKna5cZ2REBfFkg== radius:~ # ./md5pass.pl pfsense OktMTd5JTSzsPg6mjkN+Fw== radius:~ # ./md5pass.pl qwertyuiop buqbfvGReaBpVO3Q9sBc6w==Thanks,
Stuart -
XMLRPC Sync with x.x.x.x has incomplete credentialsPerhaps you are using some special characters in your password which are not allowed.
Can you try a simple password like "password123" and then try again ?It MUST be the password for the "admin" account of pfsense. no other account will work.
i using this config and i set admin password "123456", but server don't sync, I can't mistake, I set firewall that he logging packets between server, but I do not see any packet
-
XMLRPC Sync with x.x.x.x has incomplete credentialsPerhaps you are using some special characters in your password which are not allowed.
Can you try a simple password like "password123" and then try again ?It MUST be the password for the "admin" account of pfsense. no other account will work.
i using this config and i set admin password "123456", but server don't sync, I can't mistake, I set firewall that he logging packets between server, but I do not see any packet
Strange. Are both systems using the same protocol and the same port ?
Can you try to set both to http and port 80.But in general it works for me with different ports and protocols and some other users are using this, too.
-
Hi,
Thanks for your very speedy reply. I'll try the attached files later today.
I attached you two files. Replace them with the existing ones in /usr/local/pkg
I used example one on this page. Try if it is ok or if there is something to be changed:
http://php.net/manual/en/function.md5.phpIf you want to check the code edit freeradius.inc and watch lines 394-402
–- edit ---
it seems that we do not just need a md5 encoding but after that a base64 encoding of the md5 hash. Could you please try your cript with a password and post your password here and the according hash for that ? So we could do some more tests.
or someone could explain what is done in this perl script ;o)For info, I implemented strong passwords on my Linux FreeRADIUS server based on info I found here:
http://www.packtpub.com/article/freeradius-authentication-storing-passwords
To be honest, it doesn't need to be an MD5 password but that's just the first thing I tried that worked. I was in a hurry yesterday when I posted - what I meant by "check box" was in the user creation tab, have a check box marked "encrypt password" and if selected, hash using MD5 or some other workable way.
If MD5 is the preferred option, then here are some sample hashes for you:
radius:~ # ./md5pass.pl hello XUFAKrxLKna5cZ2REBfFkg== radius:~ # ./md5pass.pl pfsense OktMTd5JTSzsPg6mjkN+Fw== radius:~ # ./md5pass.pl qwertyuiop buqbfvGReaBpVO3Q9sBc6w==Thanks,
StuartHi Stuart,
I think I got it. Then enconding in php is different than in perl but this hint gave me the reason:
If the optional raw_output is set to TRUE, then the md5 digest is instead returned in raw binary format with a length of 16\.I attached the new freeradius.inc file. Try it again with that file, check if the passwords/hashes are correct and please try if it is really working/authentication.
-
hello everyone…
im new to pfsense and im interested in implementing this to our school.
ive been reading the whole thread of this topic.
one thing caught my eyes and mind is the topic of @zlyzwy and @Nachtfalke about the SQL feature of freeradius
ive tried the ones posted by @zlyzwy on how to have a database table schema for the user authentication of captive portal
i used an external database server with XAMPP server running...
i created the database on the xampp server with the table schema's posted by @zlyzwyi reconfigured the freeradius SQL, NAS/Clients, Interface and Captive Portal to redirect to the external database server...
but unfortunately, when i tried testing to connect to the external DB server radtest always gives me the no response from server message.
what could be the problem and why?the normal CP + freeradius2 configuration with the user entry on freeradius works fine for me but i want to add 2,500 user accts and have a separate webGUI to process,add,delete users on the users table.
if @zlyzwy can only post again on how to populate the table and what tables on the table schema's that he posted should be populated for the user accts and how to connect it to an external db server.
i hope i hear soon from @zlyzwy and @Nachtfalke or anyone who could help me on this inquiry, thank you very much for this topic.
-
Can you run freeradius in debug mode and try again.
Configure everything on GUI, save and the stop the radiusd service on the GUI.after that go to the pfsense console and type:
radiusd -XThen try to authenticate a user and check the output of freeradius. It probably tells you what you have to do or what is not correct.
Or perhaps you are using a password which is using special characters which are not allowed. Try a simple password first.
Or the firewall rules on the xampp server do not allow traffic from pfsense - check this and disable all firewall rules.