Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    1. Home
    2. Tags
    3. radius
    Log in to post
    • All categories
    • se_marc

      Issue with multi wan & high availability setup - authenticating with radius
      Routing and Multi WAN • radius outbound nat multi wan multiwan high-avail • • se_marc

      4
      0
      Votes
      4
      Posts
      538
      Views

      se_marc

      please see this post for way more information.

    • T

      Source interface for RADIUS auth traffic
      General pfSense Questions • radius carp • • TO2020

      7
      0
      Votes
      7
      Posts
      164
      Views

      T

      @stephenw10 Thanks a lot for your reply, and for yours and @viktor_g assistance. Much appreciated.

    • C

      802.1x / Freeradius - Zugriffskontrolle LAN
      Allgemeine Themen • 802.1x radius freeradius ethernet • • cptnftr

      4
      0
      Votes
      4
      Posts
      281
      Views

      C

      Vielen Dank @JeGr @mike69 . Wieder einiges dazu gelernt.. :)

    • S

      Duvidada do Captive portal com Radius
      Portuguese • captiveportal radius • • secesar

      1
      0
      Votes
      1
      Posts
      62
      Views

      No one has replied

    • mohkhalifa

      Windows RADIUS Server
      Captive Portal • windows server windows radius captive portal radius • • mohkhalifa

      18
      0
      Votes
      18
      Posts
      887
      Views

      A

      @anwarmoinudeen Hi Sir did your issue got resolved already? i also have the same issue in pfsense

    • mohkhalifa

      Integration of freeRADIUS with MS Active Directory
      pfSense Packages • captive portal freeradius radius bandwidth • • mohkhalifa

      1
      0
      Votes
      1
      Posts
      148
      Views

      No one has replied

    • D

      FreeRadius / EAP-TLS: Client certificate cannot be found
      General pfSense Questions • radius eap-tls certificate • • DaveU

      26
      0
      Votes
      26
      Posts
      2296
      Views

      D

      After playing around for a little while I made an interesting discovery that I have not been able to find an explanation to...

      FreeRadius EAP Settings has a check box "Check Client Certificate CN" ("When enabled, the Common Name of the client certificate must match the username set in 'FreeRADIUS > Users'").

      When using a certificate to authenticate, it seems to me that the certificate CN would NOT be checked against the Users database. Regardless of the users I have added, I always get error messages like below when I have that check box checked:

      Nov 30 17:33:15 radiusd 1388 tls: Certificate CN (K14) does not match specified value (host/K14)! Nov 30 17:33:15 radiusd 1388 tls: TLS_accept: Error in error Nov 30 17:33:15 radiusd 1388 (4) Login incorrect (Failed retrieving values required to evaluate condition): [host/K14/<via Auth-Type = eap>] (from client SW21 port 2 cli xx-xx-xx-xx-xx-xx) host/K14 -

      So far I have not been able to figure how to effectively enable the client cert. CN check.

      I wonder if this is also some stupid beginner's mistake, or is this something else?

      And where does this "host/" prefix come from? At least it seems to be independent of the 802.1X authentication mode in the client (User vs. computer authentication)...

      When the check box is not checked, authentication with the certificate succeeds without any problems.

      FWIW, Radius debug log reveals:

      (2) files: users: Matched entry host/K14 at line 2 (2) [files] = ok

      ...so it seems that it indeed performs the check against user database where I have an entry "host/K14".

    • K

      pfSense 2.4.4-p3 Unable to retrieve package information
      Installation and Upgrades • package manager installation squidguard radius • • kenj05

      1
      0
      Votes
      1
      Posts
      156
      Views

      No one has replied

    • ?

      FreeRADIUS3: Starting up too late for IPSEC?
      pfSense Packages • radius freeradius ipsec • • A Former User

      1
      0
      Votes
      1
      Posts
      190
      Views

      No one has replied

    • E

      pfsense / openvpn / radius / sbs 2011 - integration
      OpenVPN • pfsense firewal openvpn problem radius authentication • • eidolontubes

      4
      0
      Votes
      4
      Posts
      489
      Views

      E

      In case this will help any one else, I've figured this out....

      Here is a link on how to find the logs for NPS...

      https://social.technet.microsoft.com/Forums/windows/en-US/45aa3000-c32b-483b-8d6e-565b56b163fc/how-to-check-the-nps-logs-in-the-event-viewer?forum=winserverNAP

      Basically there are text file logs in c:\Windows\System32\LogFiles\In* , or you can check in Event Viewer under Diagnostics -> Event Viewer -> Custom Views -> Server Roles -> Network Policy.

      In my case, the problem users were set to "Deny Access" under the "Dial In" tab of the user properties in AD Users & Computers. Setting to Allow Access fixed it up.

      If you don't see the "Dial In" tab, this may be of help :

      https://support.microsoft.com/en-ca/help/975448/the-dial-in-tab-is-not-available-in-the-active-directory-users-and-com

      For me, I had to be on the server to get that tab, not accessing Active Directory Users and Computers on another PC.

      Hope this will help someone else.

      Thanks, Derelict for pointing me in the right direction!