NEW Package: freeRADIUS 2.x
-
At moment, only as temporary workaround, I installed a Zeroshel distribution, only for wifi authentication, because it has a newer freeradius (maybe 2.2.12 or .19) than pfsense, and it is able to work with latest Android and iOS releases.
FreeRADIUS 2.2.9 is the latest - and quite possibly the last - release in the 2.2.x series. If you see version numbers higher than that, they're not using the version numbering from the FreeRADIUS developers.
Your work-round is probably the best for now. I don't have the time to do any work on fixing the package and I'm not sure anyone is maintaining it. The chances are that all that is needed is to upgrade the FreeRADIUS code to 2.2.9, though there might be other changes necessary for the package to work correction with 2.2.9.
A FreeRADIUS 3.x package is a much larger undertaking. Arguably the correct approach - as I have advocated elsewhere - is to produce a FreeRADIUS 3.x package for pfSense 2.3 rather than upgrading the current 2.x package for Bootstrap. Considering the limited life remaining of pfSense 2.2.x, it's hard to justify the effort involved in developing a FreeRADIUS 3.x package for non Bootstrap versions of pfSense.
-
The chances are that all that is needed is to upgrade the FreeRADIUS code to 2.2.9, though there might be other changes necessary for the package to work correction with 2.2.9.
I am 100% willing to do this and test it. I'm having trouble finding (in the package's source) where it finds the actual Freeradius software. If anyone can point me in the right direction, I'll definitely update the package.
See the other topic specifically about the TLS issue which I've outlined what I'm looking for a bit more: https://forum.pfsense.org/index.php?topic=104343.msg588608#msg588608
-
It's not something that can be fixed in the package code in our repositories. The PBI needs to be rebuilt, but due to other changes in the ports tree after the last version was made, rebuilding it is non-trivial. There is an open ticket for it here: https://redmine.pfsense.org/issues/5318
In the meantime, FreeRADIUS on pfSense 2.3 is using FreeRADIUS 2.2.9 and is in a good/usable state. If someone absolutely requires it, upgrading to pfSense 2.3 beta (or at least having a VM with it running for FreeRADIUS!) is not a bad suggestion at this point in time.
-
Just installed freeRADIUS on a relatively fresh (2.2.6) PFSense install. After minimal configuration clients were served with an expired (1/28/16) "Example Server Certificate". Is this intentional? I originally assumed that bootstrap was called after installing and starting freeRADIUS 2 the first time, but this isn't the case? After deleting the certificate and running bootstrap a new (temporally valid) certificate was generated. Perhaps this is expected? Thanks.
-
Will this freeradius work with mariadb?
-
@tux:
Will this freeradius work with mariadb?
To answer this question, yes as of the moment freeradius2 v1.6.19 under pfsense v2.2.6. My DB server is mysqld 5.5.47-MariaDB-1ubuntu0.14.04.1.
-
Ias anyone able to install freeradius2 from the package manager in pfsense 2.3-rc? After restoring my config, the radiusd service is running (and working), but the package manager says freeradius2 isn't installed. I've tried reinstalling (or uninstalling) the package, but nothing works.
-
What did resolve the problem described by reggie14 in my case was to download the configuration, edit the xml-file by deleting the sections dealing with freeradius and then uploading the result again.
-
What did resolve the problem described by reggie14 in my case was to download the configuration, edit the xml-file by deleting the sections dealing with freeradius and then uploading the result again.
I was able to resolve it by doing another clean install. The first thing I did (before restoring config) was to install freeradius2. Then I restored a backup config that had several packages disabled.
With your method, did you lose your radius config?
-
Dear Reggie14,
Doing it my way did keep most of the configuration except - for reasons I do not understand completely - the interfaces and the EAP settings. I was able to copy them (both manually and via HASync are possible as it seems) easily from another system. I found that simpler than unplugging cables, reassigning interfaces and link aggregation groups and similar consequences of installing from scratch. For my remaining systems, I plainly uninstalled freeradius before the upgrade to install it again afterwards. That has not been necessary with any 2.x upgrade before. This time, it was probably mandatory to upgrade without any losses.
Regards,
Michael Schefczyk
-
Does the amount of traffic counter bug still exist in the latest version of FreeRADIUS on pfSense 2.3 or am I most likely going to have to wait until FreeRADIUS 3 is released?
-
Does the amount of traffic counter bug still exist in the latest version of FreeRADIUS on pfSense 2.3 or am I most likely going to have to wait until FreeRADIUS 3 is released?
Which bug specifically? There have been fixes recently to both time and data counting.
-
Sorry for not being specific, see post 602 of mine in this thread :)
-
That looks like a traffic counting bug a fixed a while back in the package (In November), FreeRADIUS2 pkg version 1.6.17 or later should be OK.
-
Awesome!! This is excellent news - thank you!
-
After further testing the bug unfortunately still seems to be present (see attachment). In the system logs, I can still see the data counting up for a specific user even though that client has absolutely no traffic (or extremely minimal) passing through. Does anybody know if there's any workaround for this? :-\
-
Who and how much do I have to pay to get this fixed or a workaround for this? :D or does anybody else have another solution for weekly bandwidth capping by registered MAC address on a network?
-
Hi!
pfsense 2.2.5-i386I want to use wpa2-ent with latest freeradius2 + MS AD (Win 2008). But I can't configure :(
Can anybody show working screenshots of FreeRADIUS: Interfaces, FreeRADIUS: EAP , FreeRADIUS: LDAP ?
Thank you, guys.
 -
I think, I have found a bug...
freeradius3 0.15.5_2 dependenciesbash-4.4.12_3 freeradius3-3.0.15_4 python27-2.7.14_1
on pfsense 2.4.3-RELEASE-p1 (amd64):
Occurance: When adding an account for a new user, when changing a user's password
condition: if the user's password contains a double quote ('"'), freeradius will not start anymore.
Cause: The unescaped double quote is written directly to the config files, which invalidates freeradius config's syntax.
-
You should most likely create a new thread if you feel you have found a bug, and if can duplicate it then please open a redmine on it. Locking this thread since it is 7 years old.
And freerad 2.x is no longer a new package anyway.
