Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense 2.4.4_1 Authentication failed

    Captive Portal
    3
    9
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      deniz.sahan
      last edited by

      Hello,

      I just upgrade my SG-3100 to 2.4.4_1.
      Every package is running.
      I am using the PAP protocol on my new Authentication Server.
      For each new connection, I am using an OTP system and sending the password to a user with SMS.
      But when the user tries to connect the internet it fails.
      0_1545659504698_sorun_1.png

      0_1545659552509_sorun_3.png

      BTW, I have more than 10 devices and each one have the problem.

      1 Reply Last reply Reply Quote 0
      • F
        free4 Rebel Alliance
        last edited by free4

        Radius Authentication didn't changed between 2.4.4 and 2.4.4_1

        Could you paste here the logs of your RADIUS server?

        D 1 Reply Last reply Reply Quote 1
        • D
          deniz.sahan @free4
          last edited by

          @free4 First of all thank you. Here my logs:

          Tue Dec 25 12:02:18 2018 : Info: Debugger not attached
          Tue Dec 25 12:02:18 2018 : Info: rlm_sql (sql1): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
          Tue Dec 25 12:02:18 2018 : Info: rlm_sql_mysql: libmysql version: 5.6.41
          Tue Dec 25 12:02:18 2018 : Info: rlm_sql (sql1): Attempting to connect to database "radiusdashboard"
          Tue Dec 25 12:02:18 2018 : Warning: WARNING: Ignoring "spare = 10", forcing to "spare = 2"
          Tue Dec 25 12:02:18 2018 : Info: rlm_sql (sql1): Opening additional connection (0), 1 of 5 pending slots used
          Tue Dec 25 12:02:18 2018 : Info: rlm_sql (sql1): Opening additional connection (1), 1 of 4 pending slots used
          Tue Dec 25 12:02:18 2018 : Info: rlm_sql (sql1): Opening additional connection (2), 1 of 3 pending slots used
          Tue Dec 25 12:02:18 2018 : Info: rlm_sql (sql1): Opening additional connection (3), 1 of 2 pending slots used
          Tue Dec 25 12:02:18 2018 : Info: rlm_sql (sql1): Opening additional connection (4), 1 of 1 pending slots used
          Tue Dec 25 12:02:18 2018 : Warning: [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
          Tue Dec 25 12:02:18 2018 : Warning: [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
          Tue Dec 25 12:02:18 2018 : Info: Loaded virtual server <default>
          Tue Dec 25 12:02:18 2018 : Info: Loaded virtual server default
          Tue Dec 25 12:02:18 2018 : Warning: Ignoring "sql" (see raddb/mods-available/README.rst)
          Tue Dec 25 12:02:18 2018 : Warning: Ignoring "ldap" (see raddb/mods-available/README.rst)
          Tue Dec 25 12:02:18 2018 : Info: # Skipping contents of 'if' as it is always 'false' -- /usr/local/etc/raddb/sites-enabled/inner-tunnel-ttls:63
          Tue Dec 25 12:02:18 2018 : Info: Loaded virtual server inner-tunnel-ttls
          Tue Dec 25 12:02:18 2018 : Info: # Skipping contents of 'if' as it is always 'false' -- /usr/local/etc/raddb/sites-enabled/inner-tunnel-peap:63
          Tue Dec 25 12:02:18 2018 : Info: Loaded virtual server inner-tunnel-peap
          Tue Dec 25 12:02:18 2018 : Info: Ready to process requests
          Tue Dec 25 12:03:15 2018 : Info: rlm_sql (sql1): Closing connection (1), from 3 unused connections
          Tue Dec 25 12:03:15 2018 : Auth: (0) Login incorrect (Failed retrieving values required to evaluate condition): [5342697929] (from client test_1 port 2020 cli 78:4b:87:55:ab:25)
          Tue Dec 25 12:04:04 2018 : Info: rlm_sql (sql1): Closing connection (3): Hit idle_timeout, was idle for 106 seconds
          Tue Dec 25 12:04:04 2018 : Info: rlm_sql (sql1): Closing connection (4): Hit idle_timeout, was idle for 106 seconds
          Tue Dec 25 12:04:04 2018 : Info: Need 1 more connections to reach min connections (3)
          Tue Dec 25 12:04:04 2018 : Info: rlm_sql (sql1): Opening additional connection (5), 1 of 3 pending slots used
          Tue Dec 25 12:04:04 2018 : Auth: (1) Login incorrect (Failed retrieving values required to evaluate condition): [5342697929] (from client test_1 port 2020 cli 78:4b:87:55:ab:25)

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            The interesting parts is this :
            Auth: (0) Login incorrect (Failed retrieving values required to evaluate condition): [5342697929] (from client test_1 port 2020 cli 78:4b:87:55:ab:25)

            The rest is the usual bla-bla.

            Your log mentions "client test_1".
            Your images mention "test_2"

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            F D 2 Replies Last reply Reply Quote 1
            • F
              free4 Rebel Alliance @Gertjan
              last edited by

              Auth: (0) Login incorrect (Failed retrieving values required to evaluate condition):

              This usually mean an incorrect RADIUS shared secret
              Could you verify it?

              Also, there was no changes in the way RADIUS authentication works between 2.4.4 and 2.4.4_1....but there were big changes on authentication between 2.4.3 and 2.4.4. Did you updated from 2.4.3 ? If yes, are you using Calling-Station-ID /Called-Station-ID anywhere in your RADIUS config?

              These attributes were containing IP addresses in 2.4.3. They now contain MAC addesses (in order to comply with rfc3580).

              D 1 Reply Last reply Reply Quote 0
              • D
                deniz.sahan @Gertjan
                last edited by

                @gertjan test_1 is the name of Captive Portal, test_2 is the name of Authentication Servers.

                1 Reply Last reply Reply Quote 0
                • D
                  deniz.sahan @free4
                  last edited by

                  @free4 said in PFSense 2.4.4_1 Authentication failed:

                  verify

                  I verified it they are totally same

                  F 1 Reply Last reply Reply Quote 0
                  • F
                    free4 Rebel Alliance @deniz.sahan
                    last edited by

                    @deniz-sahan did you update from 2.4.3?

                    D 1 Reply Last reply Reply Quote 0
                    • D
                      deniz.sahan @free4
                      last edited by

                      @free4 said in PFSense 2.4.4_1 Authentication failed:

                      did you update from 2.4.3?

                      I updated it from 2.4.4

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.