Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] Captive portal and RADIUS Authentication

    Scheduled Pinned Locked Moved Captive Portal
    3 Posts 2 Posters 4.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nicola.ferrari
      last edited by

      Hi everybody.
      I'm new to the forum. I'm Italian so please sorry for my poor english.

      I just set up a new PFSense 2.1.4.
      I'm trying to use RADIUS Auth for the Captive portal.
      Captive Portal with Local Auth is working fine.

      I set up RADIUS Role on my Win2008R2 DC .
      It's working. If I add the server in "User management -> Servers" and then try with "Diagnostics -> Authentication" I can see the authentication attempt in my Windows Event Viewer, and PFSense says "User authenticated succesfully"

      But if I try to use RADIUS in Captive portal configuration:

      • with PAP auth I get a red message in the captive portal page after authentication "Error sending request. No RADIUS server specified" and on the top of the page something such a PHP error:
        "Warning: invalid argument supplied for foreach in /usr/local/captiveportal/radius_authentication.inc line 87

      • with MSCHAPv2 auth I get a blank page with the PHP error, plus information about memory allocation
        "Fatal error. Allowed memory size of 268435856 bytes exhausted (tried to allocate 4294967295 bytes) in /etc/inc/radius.inc line 446.

      Where is my mistake?
      Thanks!
      Nick

      1 Reply Last reply Reply Quote 0
      • N
        nicola.ferrari
        last edited by

        OK, now it's working with NDS Radius on Win2008R2 and radius settings
        directly in Captive Portal.

        I think the problem was simply a "too strong"/too long shared secret
        with non standard characters such as @, commas and others…
        maybe encoding problems??

        Now I deleted some of that characters from the shared secret and
        everything is working.
        (anyway I'm using : \ / and others...)

        My Win2008R2 RADIUS config for future reference if someone will need it:

        
        - Added network access policy role with con servizio Network policy
        server service.
        
        - New radius client: pfSense - <ip_of_your_pfsense>, shared secret
        
        - Connection request policy:
        New -> pfSense
        Conditions: IPv4 client address - 192.168.0.246
        
        - Network policy:
        New -> PFSense Captive Portal
        Condition 1: Users group - DOMAIN\ADGroup
        Condition 2: NAS Identifier - pfsense.localdomain (as you entered in
        pfsense initial wizard)
        Condition 3: NAS port type - Ethernet
        Protocol: MSCHAPv2
        
        In the "Network policy server" service properties, enter only RADIUS
        standard port 1812 (connection) and 1813 (accounting), and delete any
        other port.
        
        Stop and restart the service.</ip_of_your_pfsense>
        

        Captive portal side config:

        
        Services -> Captive portal -> New
        
        Enable Captive Portal
        Authentication: RADIUS Autentication - MSCHAPv2
        Primary RADIUS server: <your_win2008_ip>RADIUS NAS IP attribute: <your_pfsense_ip_on_the_lan_side>Shared Secret: same as on server</your_pfsense_ip_on_the_lan_side></your_win2008_ip> 
        

        Cheers,
        Nick

        1 Reply Last reply Reply Quote 0
        • J
          jultra
          last edited by

          Hi,

          I am experiencing the same issue right now on my captive portal radius authentication setup.

          I am getting an error every time I try to re-login for the second time, first time produces an error. This is the error:

          Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 4294967295 bytes) in /etc/inc/radius.inc on line 446

          I've tried to follow you "too long" secret key suggestion but it did not work for me. Anyway, maybe you have some other idea about what might be causing that error.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.