Freeradius setup guide for pfsense 2.3???
Anyone who can provide a guide to setup freeradius on pfsense 2.3 in ENGLISH only please help!!!
Set it up to do what? How is use of freeradius any different than in 2.2?
ashima last edited by
These are basic steps how I have setup freeradius in Pfsense 2.3
1) Install freeradius.
To configure -> Service tab –-> Freeradius
Interface --> +
Interface ip address : <lan-ip>port : 1812
Interface type : Authentication
Ip version : IPv4
Description : authentication
Similarly add interface for Accounting(Port 1813) and Status(Port 1816)
- NAS Clients ---> +
Client Ip address :
Users ---> +
Settings Tick disable Acct-Unique
There is a bug in freeradius ---- Doesn't start at reboot
make a copy of /usr/local/etc/rc.d/radiusd.sh and edit it.
At rc.stop () add these lines
# Don't stop if service start is in progress
# pfSctl -c 'service reload packages' call start and stop multiple times
if [ ! -f "$LOCKFILE" -a -f "$PIDFILE" ]; then
In addition to these if you want captive portal few points have to be taken care (Refer Pfsense documents)
Also enable cron if accounting is enabled.
I hope this would provide you with some basic help
"There is a bug in freeradius –-- Doesn't start at reboot"
I don't concur.. I have rebooted pfsense multiple times, and freerad starts. But maybe its it my service watchdog package starting it?? But I don't think so. Next time I have need to reboot my pfsense I will disable the service watchdog package from doing anything with freerad before the reboot and see if it starts.
Ok just rebooted pfsense, I pulled freerad out of my service watchdog.. Did a reboot and see lit start up without issue
Jul 23 10:38:07 radiusd 54539 Ready to process requests. Jul 23 10:38:07 radiusd 48618 Loaded virtual server <default></default>
What to add in nas/cliet ip? lan address?
ashima last edited by
For Client/NAS ip
If you are using captive portal along with freeradius use lan interface ip.
If you are using any access point or switch which are using pfsense box as a radius server, you need to add their ips as Client.
The secret phrase which is set here has to be provided in captive portal page or in access point or switch.
But i use dhcp to assign ips to people's smartphone .Radius will be used to authenticate with captive portal.