After updating to version 2.4.4 "RADIUS MAC Authentication Failed."
-
@free4 That's correct but you can use RADIUS with user/password ("use an authentication backend") either MAC authentification.
Until version 2.4.3 it was possible to have both parallel. First pfense sent MAC+secret to RADIUS. If MAC authentication failed then pfense opened the cp page and sent user/password. If both failed then user got an error message.
We uses both methods parallel because "normal" users authenficate with u/p while special users are registered in RADIUS with MAC id.
Is it possible to reintegrate option RADIUS MAC auth again?
-
I have the same problem. We need RADIUS MAC auth and user/password parallel.
-
@Erik_CH i made a pull request about this : https://github.com/pfsense/pfsense/pull/4000
-
The fall back seems not to respect the setting
Use custom captive portal pageas it always shows the default login page (default template).Tested on
2.4.5.a.20181025.0115. -
this feature is really how we operate the captive portal...
loosing it without mentioning it in the main release notes is really totally disappointing our expectation.. also we have no rollback option, as netgate isno longer hosting the old version :/ either no packages were available for older versions!!generally after upgrading to 2.4.4 we got a lot of troubles, and makes the firewall unusable for more than 24hour with no luck to recover all what is working as it was..
really disappointing, we are gonna think not to rely on pfsense anymore !!
I have applied the patch to 2.4.4, but the login page is broken/corrupted showing random latin characters.
also the 2.4.5 released 09-11-2018 have the same behavior :(ANY WORKAROUND HERE to get this to work again !?
-
@michaeleino go to your captive portal settings, and check "Login page fallback" option.
if the setting doesn't exist reinstall 2.4.4 from a fresh, new image (the ISO has been updated on pfsense website, it now contain the feature you are asking for)
-
@free4 thanks a lot for your response, do you mean "2.4.4" or the daily snapshot ?
I can see the 2.4.4 image date is 20-septemper.. is that correct ?
meanwhile, I was downgraded to 2.3.4 via a snapshot / and tried to day to perform a normal upgrade via the GUI.. everything goes fine, but there is no option for login fall back.
Do I still need to perform a fresh install?
-
@free4
I have tried the latest 2.4.4 image to a fresh install, and it doesn't have this feature, do I miss anything ?
-
@michaeleino said in After updating to version 2.4.4 "RADIUS MAC Authentication Failed.":
I have applied the patch to 2.4.4, but the login page is broken/corrupted showing random latin characters.
The default, build in login page ?
-
@michaeleino oops....you are right
the feature has been added in 2.4.4 on 9 October ( https://github.com/pfsense/pfsense/commit/bb90e3c57bec5ad24df5f9fdd51d9eadbf3792df ) but the latest ISO is from 20th September
I thought that Netgate was re-generating 2.4.4 ISO every time a commit is performed on the associated github branch ? is Netgate having issue with their build system?
Well, sorry for my bad advice then.
then what you could do is install "patch" package, and manually install this patch :
url/commit ID : https://github.com/pfsense/pfsense/commit/bb90e3c57bec5ad24df5f9fdd51d9eadbf3792df.diff
path strip count : 2
base directory : /
ignore whitespace : checked or not checked are both ok -
@Gertjan, yes it was the default -- may be I have applied the patch incorrectly.
@free4 they shouldn't push a new image without changing the version release.. I think it is on purpose :)
I have applied the patch using the system patch and it looks working on a fresh install, will apply this in a night action.. and will get back if there are issues.
not sure, the logo image is missing due to not logged-in yet or it is missing.. not a big issue.Thanks a lot for the help.
-
I am with the same problem, could it be solved is there any other way to do what we need? Mac and user in parallel? apart from that I had to add the mac users directly to the captive portal otherwise it gave me problems, the users were disconnected quite unstable the radius was put on. tanks a lot.
-
@maritoja please check my previous reply.
and btw, I can confirm that the captive portal is working well using RADIUS server, as long as you don't re-configure it all the time (there is currently an issue when re-configuring a captivportal while users are currently connected. see https://redmine.pfsense.org/issues/8616 )
-
Ok, I can confirm this works, if we set our login.php (
Portal page contents) to the error.php (Auth error page contents)`.But how to show a custom error page (
Auth error page contents) then in case the user enters a faulty password on the fallback login page?RADIUS -> Custom login.php -> Password wrong?
-
@jane-doe2 said in After updating to version 2.4.4 "RADIUS MAC Authentication Failed.":
RADIUS -> Custom login.php -> Password wrong ?
Try it out for yourself.
If auth error, the error page will be shown. It's basically the same page as the login page, with one "error text place holder" added. -
@gertjan said in After updating to version 2.4.4 "RADIUS MAC Authentication Failed.":
It's basically the same page as the login page, with one "error text place holder" added.
Ok, thank you for the response, this sounds good :)
Therefore the
Portal page contentscan be left empty for this scenario? -
@jane-doe2 said in After updating to version 2.4.4 "RADIUS MAC Authentication Failed.":
Therefore the Portal page contents can be left empty for this scenario?
Left to "default"that is - the default error page is not empty - it's a login page with an extra line that reflects the error that occurred during a previous login attempt.
