NEW Package: freeRADIUS 2.x
-
Hi all,
I read the entire topic, because i wanna use Freeradius to authenticate against AD.
In the topic there are suggestions to make it possible via the gui.My question is. Is it now possible to authencate against AD without the tweaking?
Or do i have to use the tutorial from MatSim (Nachtfalke, marcelloc)Thanx in advance.
-
Hi all,
I read the entire topic, because i wanna use Freeradius to authenticate against AD.
In the topic there are suggestions to make it possible via the gui.My question is. Is it now possible to authencate against AD without the tweaking?
Or do i have to use the tutorial from MatSim (Nachtfalke, marcelloc)Thanx in advance.
Unfortunately my last info is that it does not work without any tweaks and only with GUI.
I do not know which topic/tutorial you mean but probably it is the correct one ;-) -
Unfortunately my last info is that it does not work without any tweaks and only with GUI.
I do not know which topic/tutorial you mean but probably it is the correct one ;-)NachtFalke,
Thanx for your reply. I meant the post of MatSim in this topic.
I hope still that in the near feature someone can make the solution.
I can be probely help with testing:)
At this moment I will try MatSim his tutorial.@MatSim:
I have shortened and rewritten what I took out of the FreeRADIUS beginners guide and put that in a Google doc to check if I am on the wrong way. This is a very much WiP and also a temporary place:
https://docs.google.com/document/d/1i536CfITm478tAddzoxSLrjl9KcEqGGA-F_LG9Iwy6A/edit
With ntlm_auth it's possible to add a AD group requirement haven't tried that yet.I'd also agree with marcelloc that it's not the best idea to pull in Samba automatically by freeradius since it's only needed when ntlm_auth comes into the game.
P.S: Nifty idea I came across - any plans to support virtual servers on pfSense with freeradius instead of default sites-enabled/default?
-
Hi Nachtfalke,
would it be possible for you to compile a radius version with eDIr Support? Just add the WITH_eDIR Option when compiling.
Thanks
Rainer
-
Hi Nachtfalke,
would it be possible for you to compile a radius version with eDIr Support? Just add the WITH_eDIR Option when compiling.
Thanks
Rainer
Hallo Rainer,
unfortunately I was never familar with these compile option syntax on pfsense github. There were always other people who added these parameters (for me) :P. So if you are more familar with that then just add your option to these two files on github:
https://github.com/pfsense/pfsense-packages/blob/master/pkg_config.8.xml
https://github.com/pfsense/pfsense-packages/blob/master/pkg_config.8.xml.amd64Then contact a moderator - as far as I know jimp could be the right person - to compile a new freeradius package.
PS: I cannot do any tests on this package anymore nor can I add further features because I left my old company and the new one is not really open for open source products so probably no pfsense for me anymore the next time :-\
So if anybody else likes to maintain this package please feel free to do so!
Good luck!
-
freeradius 3 is available.
hopefully someone will continue this package. -
Dear Package Developers & Experts,
please consider, if the settings unter "EAP" and then "CERTIFICATES FOR TLS" do work as intended in the freeradius2, 2.1.12_1/2.2.4 pkg v. 1.6.7_3 package. My aim is to use EAP-TLS.
The settings suggest that one can choose between the FreeRADIUS Cert-Manager (not recommended) and Firewall Cert-Manager (recommended). To use the recommended variant, one has to check the box in "Choose Cert-Manager". As indicated, the Firewall Cert-Manager generates certificates with no private key passwords. Correspondingly, the instructions on "Private Key Password" are "… The certificates created by the firewall's built-in Cert Manager are not protected so you must leave this field empty.". However, the eap.conf file - as far as I can tell - always contains either the password that one does actively enter into the field or the default password (private_key_password = whatever). I think that a configuration with an empty password cannot be generated. With a private_key_password set to anything or "whatever" or at least not nothing at all, the configuration does not seem to work with keyless certificates of the Firewall Cert-Manager. What happens if it does not work is described in more detail under https://forum.pfsense.org/index.php?topic=78684.msg429199#msg429199.
Regards,
Michael Schefczyk
-
Hi,
try to modify the line 899 from this:
$vareapconfprivatekeypassword = ($eapconf['vareapconfprivatekeypassword']?$eapconf['vareapconfprivatekeypassword']:'whatever');
to this:
$vareapconfprivatekeypassword = ($eapconf['vareapconfprivatekeypassword']?$eapconf['vareapconfprivatekeypassword']:'');
Then try again with an empty field on the freeradius EAP GUI.
If it works - consider making a change on github. -
Dear Nachtfalke,
Thank you very much! I am generally able to edit files on the pfSense server using Diagnostics->edit file or via ssh. I can also see the freeradius.inc-file on github. However, I lack the skills required to connect both sides. In particular, I did have a hard time locating the file to be edited on the pfsense server, if this is what you imply. I assume that it may be in /user/pbi/freeradius-amd64, however, there is a large directory structure with many files there. Could you plese tell me where to find the file in question?
Regards,
Michael Schefczyk
-
Hi Nachtfalke,
do you have plans to make freeradius2 work on 2.2? Sadly it still refuses to start with the following output, I just updated my system to the latest Alpha release.
Jul 8 11:18:27 root: /usr/pbi/freeradius-amd64/etc/rc.d/radiusd: WARNING: /usr/local/etc/raddb is not a directory. Jul 8 11:18:27 root: /usr/pbi/freeradius-amd64/etc/rc.d/radiusd: WARNING: failed precmd routine for radiusd
-
You can go to shell a do a search for the files you are looking for like this:
find / -iname "*freeradius*"
This shows you all files which contain "freeradius" within with any letters before or behind.
The file you are looking for is "freeradius.inc" You will find this file here:/usr/local/pkg/
@athurdent
I left my old company more than 6 months ago and the new company does not use pfsense nor are there plans to do so :(
So I personally will not do any changes on this package anymore but everyone who is able to do so and has time please feel free to do it!I only built this package in the past because I needed it and I had the hardware to test all or most of these features in my environment.
-
Dear Nachtfalke, dear all,
It turns out that a change in freeradius.inc is not required to solve the underlying problem.
The real cause is that the CRL does not work, when using the pfsense cert manager with freeradius. The CRL stays – unlike all my other CRLs on the machine – marked as not in use (“NO” in the “In Use” column) while selected in the freeradius package. This does not depend on the CRL beeing empty or containing at least one certificate. If one selects “none” for “SSL Revocation List”, things (including advanced features, such as VLAN ID assignment per user) do work, albeit without a CRL.
Beyond that, I did notice the following issues with EAP-TLS – comments would be appreciated a lot:
-
The end user device connecting needs to provide an identity which is equivalent to the client certificate CN and the freeradius user name. The identity can be typed in at most end user devices, e.g, Android. Other identities cannot be spoofed, I think. But without the identity (i.e., if the user leaves it blank), the items listed for the user (e.g., VLAN ID) will not apply. Hence, if certain VLANs are giving escalated rights, they should not be made the default VLAN. Given the issues below, if one seriously wants to use the items specified per user, one will probably need to assign a mute VLAN as default to avoid the user getting access without specifying the identity – not an elegant solution.
-
Without a CRL it is difficult to block users, once they are in possession of a certificate. It seems that only user settings can prevent a user from being authenticated. That is problematic given the previous comment. I had no luck adding “DEFAULT Auth-Type = Reject” to the “Additional RADIUS Attributes on the TOP” field or similar attempts.
-
Assuming that the end user has control of the certificate, i.e., he has the file and knows the install password, if applicable, it would be nice to be able to limit the certificate / user to a set of devices identified by MAC addresses. Limiting a user to one device works by adding “Calling-Station-Id := AA-BB-CC-DD-EE-FF” to “Additional RADIUS Attributes (CHECK-ITEM)”. What I did not manage is to specify a set of IPs permissible either for an individual user or for all users at large.
I would like to thank Nachtfalke very much for his contributions. I hope that the package freeradius will not disappear in future versions of pfsense despite Nachtfalke’s departure from the package!
Regards,
Michael Schefczyk
-
-
Now, one year later: Is Active Directory Authentication working via GUI-Configuration out of the box?
or do i still need to install a selfcompiled samba package and tweak?
Hi all,
I read the entire topic, because i wanna use Freeradius to authenticate against AD.
In the topic there are suggestions to make it possible via the gui.My question is. Is it now possible to authencate against AD without the tweaking?
Or do i have to use the tutorial from MatSim (Nachtfalke, marcelloc)Thanx in advance.
Unfortunately my last info is that it does not work without any tweaks and only with GUI.
I do not know which topic/tutorial you mean but probably it is the correct one ;-) -
Hi zlyzwy;
Hi Nachtfalke;
Hi Everyone;
Your conversation on the following thread makes my learning curve easier.
https://forum.pfsense.org/index.php?topic=43675.msg235475#msg235475
I want to thank you both for this.
I hope I am not asking too much. I have a question about how to setup sqlcounter in reference to zlyzwy and if I understand it right, the setup is "pfsense+freeradius" + "external databse." Its like after connecting "pfsense+freeradius" to "external database", all accounting stuffs will be logged to the "radacct" table of the external database. I wonder how to setup the counter in pfsense box and how does pfsense send a "disconnect message" if a user has reached a quota like the "download size" in a day or "maximum session" in a day.
Regards; -
Updates pkg v1.4.3:
-
Added: GUI to configure FreeRADIUS2 with LDAP. This will only work if we can use the new binaries.
-
Updated: FreeRADIUS 2.x package documentation on http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package
Reference Version: pfsense 2.1.5 Freeradius 2.2.5_3 pkg v1.6.11
I think there is a misunderstanding on LDAP Authorization and Authentication. When I uncheck "Enable LDAP For Authorization", the General Configuration fields are disabled and emptied. Without this values the Authentication does not know how to connect to LDAP, so it fails. The way is working in my reference Version, you have to Authorize to be able to Authenticate, and that is not correct for all the cases.
I had to modify manually the sites-enable file in order to disable LDAP Authorize for my configuration to work correctly. If you want, follow the freeradius user mailing list for the detail in my situation.
http://freeradius.1045715.n5.nabble.com/Authenticating-users-on-LDAP-based-on-Group-name-td5732701i20.html
-
-
I set up FreeRADIUS for use on my guest wifi network with EAP. At this time I'm not planning on using Captive Portal- I just wanted to be able to provide per-user passwords and bandwidth limits.
However, I'd like to be able to disable users without deleting them. I don't see a "disable" button, but I figure there might be a way to do something similar. I tried setting "Number of simultaneous connections" to 0 and wasn't overly surprised when it didn't work (I'm just using a Asus consumer-grade AP).
Is there a way to effectively disable a user without deleting it?
-
I need to customise freeradius with a custom site file and a custom script for the authentication, where should I place these files in order for them to survive a pfsense upgrade?
Until now I saved these files in /usr/pbi/freeradius/etc/raddb but they are not restored after a system upgrade.
I saw reference to /usr/local/etc/raddb, chall I use that directory instead? -
I set up FreeRADIUS for use on my guest wifi network with EAP. At this time I'm not planning on using Captive Portal- I just wanted to be able to provide per-user passwords and bandwidth limits.
However, I'd like to be able to disable users without deleting them. I don't see a "disable" button, but I figure there might be a way to do something similar. I tried setting "Number of simultaneous connections" to 0 and wasn't overly surprised when it didn't work (I'm just using a Asus consumer-grade AP).
Is there a way to effectively disable a user without deleting it?
Hi,
bandwidth limit and number of connections are features that must be supported by your Wireless AP. If the AP does not support it it will not work. A chance that it could work is if your AP supports "accounting" but then you need the coresponding RADIUS attributes from your vendor.
To disable a user there is no "disable" button but I think you can workaround with the "Expiration date". Thi will only work for a specific date.
If you need to disable an account for a specific time then you should add possible time ranges with the "Possiblöe Time Ranges" option. Using both together should allow you to disable a user. -
I need to customise freeradius with a custom site file and a custom script for the authentication, where should I place these files in order for them to survive a pfsense upgrade?
Until now I saved these files in /usr/pbi/freeradius/etc/raddb but they are not restored after a system upgrade.
I saw reference to /usr/local/etc/raddb, chall I use that directory instead?Hi,
I would give you a suggestion to use the additional package "System Patches". The make a "diff" of the original and your new file and paste the diff into the "System Patches" package and then you can enable "auto apply" so it should apply after upgrades - unless there is no change on the original file.For complete new custom scripts - don't know where the best place on pfsense is. Here is a path where freeradius stores custom scripts:
/usr/pbi/freeradius-amd64/etc/raddb/scripts
or you add your script to the freeradius.inc so it will be created on specific action:https://github.com/pfsense/pfsense-packages/blob/master/config/freeradius2/freeradius.inc
Have a look at lines 4143 - 4180
function freeradius_datacounter_auth_resync() { global $config; $conf = ''; $conf .= <<<eod<br>#!/bin/sh ### USAGE: datacounter_auth.sh USERNAME TIMERANGE ### We need this parameters from freeradius users file and ../raddb/modules/datacounter_acct USERNAME=`echo -n "\\$1" | sed 's/[^0-9a-zA-Z._:-]/X/g' ` TIMERANGE=`echo -n "\\$2" | sed 's/[^a-z]//g' ` ### This is to make sure there is a used-octets file after the cronjob resetted the counter if [ -e "/var/log/radacct/datacounter/\$TIMERANGE/max-octets-\$USERNAME" ] && [ ! -e "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME" ]; then echo 0 > "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME" fi ### The next two lines are just for getting values for logging output MAXOCTETSUSERNAMEMB=$((`cat "/var/log/radacct/datacounter/\$TIMERANGE/max-octets-\$USERNAME"`/1024/1024)) USEDOCTETSUSERNAMEMB=$((`cat "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME"`/1024/1024)) ### We check if MAX-OCTETS-USERNAME is greater than USED-OCTETS-USERNAME and accept or reject the user if [ `cat "/var/log/radacct/datacounter/\$TIMERANGE/max-octets-\$USERNAME"` -gt `cat "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME"` ]; then logger -f /var/log/system.log "FreeRADIUS: Used amount of \$TIMERANGE traffic by \$USERNAME is \$USEDOCTETSUSERNAMEMB MB of \$MAXOCTETSUSERNAMEMB MB! The user was accepted!!!" exit 0 else logger -f /var/log/system.log "FreeRADIUS: Credentials are probably correct but the user \$USERNAME has reached the \$TIMERANGE Amount of Upload and Download Traffic which is \$USEDOCTETSUSERNAMEMB MB of \$MAXOCTETSUSERNAMEMB MB! The user was rejected!!!" exit 99 fi EOD; $filename = FREERADIUS_ETC . '/raddb/scripts/datacounter_auth.sh'; conf_mount_rw(); file_put_contents($filename, $conf); chmod($filename, 0750); conf_mount_ro(); }</eod<br>
You can replace the /bin/bash script there with your own and then give the function an new name, edit the path where you want to save the script and if you want add the function below line 422 so that it will be executed every time you click "Save" on the Freeradius "Settings" menu in the GUI.
-
Hi.
Is it possible to use mOTP with MSCHAPv2?
I am getting a reject, while PAP with mOTP works. -
Good day to everybody,
As you maybe know, latest package Freeradius2 1.6.15 that contains a Freeradius 2.2.6 daemon, has a trouble on EAP-TLS authentication.
Above all with latest Android 6.0 Marshmallow.
Some tech details are available here:
https://code.google.com/p/android/issues/detail?id=188867#c29
Someone known if it exists a workaround, perhaps editing some configuration files on freeradius, or also on Android with some apps, in order to avoid this issue ?
Thanks a lot in advance for your time and for any suggestion. -
The issues you mention should be fixed in FreeRADIUS 2.2.9, which is now in FreeBSD ports.
FreeRADIUS 2.x is now end of life. Hopefully someone will come forward to develop a FreeRADIUS 3.x package, though I would suggest any development efforts target the forthcoming pfSense 2.3.
-
I'm on the latest version of pfSense (2.2.4 - 64 bit) with Captive Portal and the FreeRADIUS 2.x package setup for traffic capping. Everything is working properly to re-authenticate users every minute and I'm using the MAC address as the username. I'm currently capping users at 6000MB (total upload and download) per day. I added a test machine in and noticed that the traffic counter isn't working correctly. I was aware of this issue on older version of pfSense, but it seems that I am having a similar issue in the latest build. Any thoughts? See below an output from the system logs.
Oct 30 15:37:56 root: FreeRADIUS: Used amount of daily traffic by 247703xxxxxx is 35 MB of 6000 MB! The user was accepted!!!
Oct 30 15:38:58 root: FreeRADIUS: Used amount of daily traffic by 247703xxxxxx is 70 MB of 6000 MB! The user was accepted!!!I have a local counter on the test machine, counting all traffic in/out of the wireless NIC. Within that time period, it shows I've only transferred 800KB, but the logs are showing 30+ MB. Thanks in advance for any input.
-
I'm on the latest version of pfSense (2.2.4 - 64 bit) with Captive Portal and the FreeRADIUS 2.x package setup for traffic capping. Everything is working properly to re-authenticate users every minute and I'm using the MAC address as the username. I'm currently capping users at 6000MB (total upload and download) per day. I added a test machine in and noticed that the traffic counter isn't working correctly. I was aware of this issue on older version of pfSense, but it seems that I am having a similar issue in the latest build. Any thoughts? See below an output from the system logs.
Oct 30 15:37:56 root: FreeRADIUS: Used amount of daily traffic by 247703xxxxxx is 35 MB of 6000 MB! The user was accepted!!!
Oct 30 15:38:58 root: FreeRADIUS: Used amount of daily traffic by 247703xxxxxx is 70 MB of 6000 MB! The user was accepted!!!I have a local counter on the test machine, counting all traffic in/out of the wireless NIC. Within that time period, it shows I've only transferred 800KB, but the logs are showing 30+ MB. Thanks in advance for any input.
Yes the the problem still exists int 2.2.4 i tried every thing and every tutorial on the internet but it's confirmed that this is a bug.
-
That is unfortunate, I could really use this feature. Is the bug actively being worked on / any idea on when it will be fixed? Thanks.
-
Good day to everybody,
As you maybe know, latest package Freeradius2 1.6.15 that contains a Freeradius 2.2.6 daemon, has a trouble on EAP-TLS authentication.
Above all with latest Android 6.0 Marshmallow.
Some tech details are available here:
https://code.google.com/p/android/issues/detail?id=188867#c29
Someone known if it exists a workaround, perhaps editing some configuration files on freeradius, or also on Android with some apps, in order to avoid this issue ?
Thanks a lot in advance for your time and for any suggestion.Just got Marshmallow OTA update myself and smacked into this same problem. EAP-TLS configuration that has been working fine for quite a while, now no longer works on upgraded Nexus 7.
Symptoms are that the device appears to negotiate authentication, FreeRADIUS logs indicate the device was authenticated, but the device never finishes joining the network, and just keeps repeating.
From the Google thread, the issue is tied to the use of TLSv1.2 and downgrading to TLSv1.1 or 1.0, the final keying is correct. But downgrading to broken encryption standards is not what I'd consider a workaround.
From other forum reading, it sounds like this is going to be a quickly growing problem as Marshmallow is currently being rolled out OTA to all Nexus devices and expected to hit OEM devices soon.
So really the only question then is how soon an updated release that contains a fix for this issue can be made available.
-
@TechyTech:
Just got Marshmallow OTA update myself and smacked into this same problem. EAP-TLS configuration that has been working fine for quite a while, now no longer works on upgraded Nexus 7.
As I said earlier in the thread, the package needs to be respun with FreeRADIUS 2.2.9 to solve this problem. If the package has a maintainer, hopefully he/she can deal with this, otherwise it would be helpful if someone built and tested an upgraded package, then submitted a pull request.
The longer term issue is that FreeRADIUS 2.x is now End of Life. A new package is needed, based on FreeRADIUS 3.x, though, depending on the timeline for pfSense 2.3, there may well be little point building a FreeRADIUS 3.x package for pfSense 2.2. It might be best to build a FreeRADIUS 3.x package for pfSense 2.3 rather than upgrading the FreeRADIUS 2.x package for the Bootstrap based pfSense 2.3 GUI.
-
…package needs to be respun with FreeRADIUS 2.2.9 to solve this problem....The longer term issue is that FreeRADIUS 2.x is now End of Life. A new package is needed, based on FreeRADIUS 3.x...
I Agree with you, but for users like me, developing a new pfsense package with latest freeradius 3 version, requires a skill and time (to read pfsense package build documentation) that not everybody has …
At moment, only as temporary workaround, I installed a Zeroshel distribution, only for wifi authentication, because it has a newer freeradius (maybe 2.2.12 or .19) than pfsense, and it is able to work with latest Android and iOS releases. -
At moment, only as temporary workaround, I installed a Zeroshel distribution, only for wifi authentication, because it has a newer freeradius (maybe 2.2.12 or .19) than pfsense, and it is able to work with latest Android and iOS releases.
FreeRADIUS 2.2.9 is the latest - and quite possibly the last - release in the 2.2.x series. If you see version numbers higher than that, they're not using the version numbering from the FreeRADIUS developers.
Your work-round is probably the best for now. I don't have the time to do any work on fixing the package and I'm not sure anyone is maintaining it. The chances are that all that is needed is to upgrade the FreeRADIUS code to 2.2.9, though there might be other changes necessary for the package to work correction with 2.2.9.
A FreeRADIUS 3.x package is a much larger undertaking. Arguably the correct approach - as I have advocated elsewhere - is to produce a FreeRADIUS 3.x package for pfSense 2.3 rather than upgrading the current 2.x package for Bootstrap. Considering the limited life remaining of pfSense 2.2.x, it's hard to justify the effort involved in developing a FreeRADIUS 3.x package for non Bootstrap versions of pfSense.
-
The chances are that all that is needed is to upgrade the FreeRADIUS code to 2.2.9, though there might be other changes necessary for the package to work correction with 2.2.9.
I am 100% willing to do this and test it. I'm having trouble finding (in the package's source) where it finds the actual Freeradius software. If anyone can point me in the right direction, I'll definitely update the package.
See the other topic specifically about the TLS issue which I've outlined what I'm looking for a bit more: https://forum.pfsense.org/index.php?topic=104343.msg588608#msg588608
-
It's not something that can be fixed in the package code in our repositories. The PBI needs to be rebuilt, but due to other changes in the ports tree after the last version was made, rebuilding it is non-trivial. There is an open ticket for it here: https://redmine.pfsense.org/issues/5318
In the meantime, FreeRADIUS on pfSense 2.3 is using FreeRADIUS 2.2.9 and is in a good/usable state. If someone absolutely requires it, upgrading to pfSense 2.3 beta (or at least having a VM with it running for FreeRADIUS!) is not a bad suggestion at this point in time.
-
Just installed freeRADIUS on a relatively fresh (2.2.6) PFSense install. After minimal configuration clients were served with an expired (1/28/16) "Example Server Certificate". Is this intentional? I originally assumed that bootstrap was called after installing and starting freeRADIUS 2 the first time, but this isn't the case? After deleting the certificate and running bootstrap a new (temporally valid) certificate was generated. Perhaps this is expected? Thanks.
-
Will this freeradius work with mariadb?
-
@tux:
Will this freeradius work with mariadb?
To answer this question, yes as of the moment freeradius2 v1.6.19 under pfsense v2.2.6. My DB server is mysqld 5.5.47-MariaDB-1ubuntu0.14.04.1.
-
Ias anyone able to install freeradius2 from the package manager in pfsense 2.3-rc? After restoring my config, the radiusd service is running (and working), but the package manager says freeradius2 isn't installed. I've tried reinstalling (or uninstalling) the package, but nothing works.
-
What did resolve the problem described by reggie14 in my case was to download the configuration, edit the xml-file by deleting the sections dealing with freeradius and then uploading the result again.
-
What did resolve the problem described by reggie14 in my case was to download the configuration, edit the xml-file by deleting the sections dealing with freeradius and then uploading the result again.
I was able to resolve it by doing another clean install. The first thing I did (before restoring config) was to install freeradius2. Then I restored a backup config that had several packages disabled.
With your method, did you lose your radius config?
-
Dear Reggie14,
Doing it my way did keep most of the configuration except - for reasons I do not understand completely - the interfaces and the EAP settings. I was able to copy them (both manually and via HASync are possible as it seems) easily from another system. I found that simpler than unplugging cables, reassigning interfaces and link aggregation groups and similar consequences of installing from scratch. For my remaining systems, I plainly uninstalled freeradius before the upgrade to install it again afterwards. That has not been necessary with any 2.x upgrade before. This time, it was probably mandatory to upgrade without any losses.
Regards,
Michael Schefczyk
-
Does the amount of traffic counter bug still exist in the latest version of FreeRADIUS on pfSense 2.3 or am I most likely going to have to wait until FreeRADIUS 3 is released?
-
Does the amount of traffic counter bug still exist in the latest version of FreeRADIUS on pfSense 2.3 or am I most likely going to have to wait until FreeRADIUS 3 is released?
Which bug specifically? There have been fixes recently to both time and data counting.