Freeradius with Unifi wifi setupd guide?
-
Hi!
Does anybody have a setup guide for Pfsense and Freeradius with Unifi?
From Unifi controller i understand, that i have to set up a radius profile.
But how much and what should i change in Pfsense after Freeradius install?Can i set up Wifi authentication with only username or password or should it be with SSL certificate imported to the device?
-
I have eap-tls setup with freerad and unifi if you want some screenshots.. Yeah you have to import the certs into your devices.. I thought I had posted some info before about it.. let me look and see if can find the old threads - pictures might be gone though it was while back, and many of the images were lost when they changed over the forum software.
-
@johnpoz - every kind of information is very welcome :)
-
I would start here
https://docs.netgate.com/pfsense/en/latest/packages/using-eap-and-peap-with-freeradius.html# -
First a weird issue: i can do a successful authentication from my PC with NTRadPing utility, but not from Pfsense itself, while using Diagnostics Authentication option?
In the system logs is displayed: /diag_authentication.php: Error during RADIUS authentication : No valid RADIUS responses receivedThe user is set up in Freeradius. Do i need to specify Pfsense itself as NAS/Clients? It does not seem to make any changes, Pfsense authentication test still fails.
-
Yes you will need to add pfsense if you want to test from pfsense.
radsniff -x is a quite handy for doing diagnostics.
I personally hate how ubiquity have implemented wpa enterprise, you have to add each ap as a nas rather than the cloud key.
-
@NogBadTheBad said in Freeradius with Unifi wifi setupd guide?:
you have to add each ap as a nas rather than the cloud key
If the controller did the auth, then the controller would have to be on all the time... Their setup allows for those that don't want to run the controller all the time don't have to..
So yeah you have to setup each AP you have
-
The option would be nice to have the controller send the auth requests, wouldn’t a major installation have a controller running all the time?
-
Yeah would be nice to have an option.. My controller runs all the time, and wouldn't call it major ;)
You should be able to pick, or even have option of say if controller is offline the AP sends..