Freeradius setup guide for pfsense 2.3???

mafiosa

Anyone who can provide a guide to setup freeradius on pfsense 2.3 in ENGLISH only please help!!!

johnpoz

Set it up to do what? How is use of freeradius any different than in 2.2?

ashima

These are basic steps how I have setup freeradius in Pfsense 2.3

1)  Install freeradius.

2. To configure ->  Service tab –-> Freeradius

3. Interface --> +

Interface ip address  :  <lan-ip>port                          :  1812
            Interface type            : Authentication
            Ip version                : IPv4
            Description              : authentication

Similarly  add interface for Accounting(Port 1813) and Status(Port 1816)

4. NAS Clients --->  +

Client Ip address        : 
            Secret:

5. Users --->  +

6. Settings Tick disable Acct-Unique

There is a bug in freeradius ---- Doesn't start at reboot

Fix --->

make a copy of /usr/local/etc/rc.d/radiusd.sh and edit it.

At rc.stop () add these lines

rc_stop() {
        # Don't stop if service start is in progress
        # pfSctl -c 'service reload packages' call start and stop multiple times

if [ ! -f "$LOCKFILE" -a -f "$PIDFILE" ]; then

/usr/pbi/freeradius-amd64/local/etc/rc.d/radiusd onestop

fi
}

In addition to these if you want captive portal few points have to be taken care (Refer Pfsense documents)

Also enable cron if accounting is enabled.

I hope this would provide you with some basic help

Ashima</lan-ip>

johnpoz

"There is a bug in freeradius –-- Doesn't start at reboot"

I don't concur.. I have rebooted pfsense multiple times, and freerad starts.  But maybe its it my service watchdog package starting it??  But I don't think so.  Next time I have need to reboot my pfsense I will disable the service watchdog package from doing anything with freerad before the reboot and see if it starts.

edit:
Ok just rebooted pfsense, I pulled freerad out of my service watchdog..  Did a reboot and see lit start up without issue

Jul 23 10:38:07 	radiusd 	54539 	Ready to process requests.
Jul 23 10:38:07 	radiusd 	48618 	Loaded virtual server <default></default> 

mafiosa

What to add in nas/cliet ip? lan address?

ashima

For Client/NAS ip

If you are using captive portal along with freeradius use lan interface ip.

If you are using any access point or switch which are using pfsense box as a radius server, you need to add their ips as Client.

The secret phrase which is set here has to be provided in captive portal page or in access point or switch.

mafiosa

But i use dhcp to assign ips to people's smartphone .Radius will be used to authenticate with captive portal.