Pfsense + External RADIUS (Caveats?)
-
Hi,
I was hoping to have Radius authentication using RCDevs WebADM. I can't seem to get the authentication to succeed using PAP or CHAP, though when I try with MS-CHAP the logs in WebADM state "LDAP password not provided". I assume this is due to the fact that it cannot read the Microsoft CHAP encryption. This still suggests they are talking though, but with PAP and CHAP I get zero logs at all for WebADM. WebADM is configured correctly as I can authenticate from elsewhere.
Looking at the packet capture I can see
Access-Reject (3)
followed byid: 0x91
and an Authenticator string.I was mainly wondering how Pfsense is best set up with an external RADIUS server, if there is anything to consider (LDAP user groups?), and common fixes. I also don't understand what the NAS-IP-ATTRIBUTE is, and how it relates to WAN or LAN. Any help would be appreciated.
-
Strangely enough, it works fine with the testing client in
opt/radiusd/conf/clients.conf
but not when trying to actually use the real configuration.Does anyone know how to implement in that configuration?
-
What are you trying to authenticate against it exactly? Users logging into pfSense? VPN usesrs?
I'm unfamiliar with RCDevs WebADM but after quickly searching I can't see anything Radius related only LDAP. You have a link to any documentation?
EDIT: This?
https://www.rcdevs.com/docs/howtos/pfsense/pfsense/Steve