Issue with login (event 13) using radius server from NPS
-
Hi !
I'm trying to setup a captive portal (pfsense 2.2) for the wifi in a network that is managed with pfsense firewall.
The pfsense wifi interface is 10.1.0.254/16 and lan is 10.0.0.254/16.
DC server is on lan @ 10.0.0.5.I'm using a vm to test portal authentication and the error i'm getting on with the windows server is an event 13 : https://technet.microsoft.com/en-us/library/cc735406%28v=ws.10%29.aspx
"A RADIUS message was received from the invalid RADIUS client IP address 10.0.0.254."The method i'm following is this one: https://www.youtube.com/watch?v=aCgsEAfn36c
I've managed successfully to make it work in another 2 setups so i know it can work that way.From a tcpdump on the pfsense, all i see when a login attempt happens is this log on the lan intf (nothing seems to happen on the wifi intf):
the ip 10.1.1.1 is the one of the vm that is logged in the domain, the NPS accepts all domain users.
10.0.0.254.59882 > 10.0.0.5.1812: [udp sum ok] RADIUS, length: 188 Access Request (1), id: 0xae, Authenticator: ***** NAS IP Address Attribute (4), length: 6, Value: 10.1.0.254 NAS ID Attribute (32), length: 21, Value: pfSense.localdomain Username Attribute (1), length: 4, Value: user Vendor Specific Attribute (26), length: 58, Value: Vendor: Microsoft (311) Vendor Attribute: 25, Length: 50, Value: ******* Vendor Specific Attribute (26), length: 24, Value: Vendor: Microsoft (311) Vendor Attribute: 11, Length: 16, Value: ...........F.7I1 Service Type Attribute (6), length: 6, Value: Login NAS Port Type Attribute (61), length: 6, Value: Ethernet NAS Port Attribute (5), length: 6, Value: 2002 Framed IP Address Attribute (8), length: 6, Value: 10.1.1.1 Called Station Attribute (30), length: 12, Value: 10.1.0.254
The thing is i got no issue with ip or dns pinging, so i can't figure out what is going wrong…
Ideas are much welcome !
Thanks for reading
-
Ok, well problem solved.
Issue was i didn't put the proper interface on pfsense cp & and nps radius client…
Had to be all LAN, even though CP is to be used on the wifi... :P Login from AD works now.