How to configure Radius on pfsense 2.3.1
- create a User on a server example username: noc password: abc
- create same user on the FreeRadius of pfsense.
- Create client on which the Radius client is installed
- Configure interface where you add the interface that is accessible to the server (ip:x.x.x.x port:1812 inte type: auth )
- Download pam_radius and follow the configuration from this site: https://docs.secureauth.com/display/81docs/PAM+RADIUS+Installation+and+Configuration+Guide
- Be careful about the configuration in pam/sshd folder follow this configuration :
auth sufficient pam_radius_auth.so debug
auth include system-auth
account sufficient pam_radius_auth.so debug
account required pam_nologin.so
account include system-auth
password include system-auth
session sufficient pam_radius_auth.so debug conf=/etc/raddb/server
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
- Do your test
It is better to test if your FreeRadius is working doing this configuration :
a) Add an interface with the IP address of 127.0.0.1.
b) Set the interface type to 'Auth' , use the default port (1812).
c) Add a client/NAS with the IP of 127.0.0.1 and the shared secret 'test'.
d) Create a test user account on the users tab.
e) Log into pfSense via SSH or use the command prompt feature in the diagnostics menu.
f) Run the command below, replacing <username>, and <password>with the credentials you assigned (run this in the Diagnostics>command prompt section).</password></username>
Thank You very much.