Freeradius setup guide for pfsense 2.3???

mafiosa · Jul 20, 2016, 3:19 PM

Anyone who can provide a guide to setup freeradius on pfsense 2.3 in ENGLISH only please help!!!

johnpoz · Jul 21, 2016, 10:57 AM

Set it up to do what? How is use of freeradius any different than in 2.2?

ashima · Jul 23, 2016, 7:09 AM

These are basic steps how I have setup freeradius in Pfsense 2.3

1) Install freeradius.

To configure -> Service tab –-> Freeradius
Interface --> +

Interface ip address : <lan-ip>port : 1812
Interface type : Authentication
Ip version : IPv4
Description : authentication

Similarly add interface for Accounting(Port 1813) and Status(Port 1816)

NAS Clients ---> +

Client Ip address :
Secret:

Users ---> +
Settings Tick disable Acct-Unique

There is a bug in freeradius ---- Doesn't start at reboot

Fix --->

make a copy of /usr/local/etc/rc.d/radiusd.sh and edit it.

At rc.stop () add these lines

rc_stop() {
# Don't stop if service start is in progress
# pfSctl -c 'service reload packages' call start and stop multiple times

if [ ! -f "$LOCKFILE" -a -f "$PIDFILE" ]; then

/usr/pbi/freeradius-amd64/local/etc/rc.d/radiusd onestop

fi
}

In addition to these if you want captive portal few points have to be taken care (Refer Pfsense documents)

Also enable cron if accounting is enabled.

I hope this would provide you with some basic help

Ashima</lan-ip>

johnpoz · Jul 23, 2016, 3:42 PM

"There is a bug in freeradius –-- Doesn't start at reboot"

I don't concur.. I have rebooted pfsense multiple times, and freerad starts. But maybe its it my service watchdog package starting it?? But I don't think so. Next time I have need to reboot my pfsense I will disable the service watchdog package from doing anything with freerad before the reboot and see if it starts.

edit:
Ok just rebooted pfsense, I pulled freerad out of my service watchdog.. Did a reboot and see lit start up without issue


Jul 23 10:38:07 	radiusd 	54539 	Ready to process requests.
Jul 23 10:38:07 	radiusd 	48618 	Loaded virtual server <default></default>

mafiosa · Jul 26, 2016, 5:32 PM

What to add in nas/cliet ip? lan address?

ashima · Jul 30, 2016, 7:14 AM

For Client/NAS ip

If you are using captive portal along with freeradius use lan interface ip.

If you are using any access point or switch which are using pfsense box as a radius server, you need to add their ips as Client.

The secret phrase which is set here has to be provided in captive portal page or in access point or switch.

mafiosa · Jan 7, 2017, 10:13 AM

But i use dhcp to assign ips to people's smartphone .Radius will be used to authenticate with captive portal.