Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense can’t authenticate with Windows Radius

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 8.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Aru23
      last edited by

      I am trying to switch from a SonicWALL firewall to a pfsense box
      I’m almost done configuring the pfsese like the SonicWALL
      But I can’t get the pfsense to authenticate with windows radius server for later use with OpenVPN

      I know this worked perfectly fine with the SonicWALL and this is the function I use the most

      And I have used these guides but no avail

      https://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory
      https://community.spiceworks.com/how_to/128944-pfsense-admin-logins-via-radius-using-active-directory-accounts

      earlier I got the NPS error code 13
      but now I don’t get anything but still can’t authenticate

      can you guys help

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        RADIUS is pretty much RADIUS.

        All you should have to do is create a client on the server with the proper shared secret and point the client at it on the right IP address and ports.

        What's in the logs on the RADIUS server?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • A
          Aru23
          last edited by

          I get the NPS error 13 which is –> “A RADIUS message was received from the invalid RADIUS client IP address”

          this normally appears when the radius client is not configured in the NPS.
          in this case it is configured

          I have tried with the generated authentication and manual authentication shared secret noting works

          i am running pfSense version 2.3.2 and windows server 2012

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            You need to make sure the RADIUS server is actually egressing on the IP address you think it is and that the shared secret is correct. Double check everything on both sides.

            As long as you are getting that message it is not going to work.

            The problem could just as easily lie on the RADIUS server as the client. Sure would be nice if Windows logged the offending IP address.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • A
              Aru23
              last edited by

              I used a NTRadPing and I could see there was something wrong with the user so I went back and I checked if the user was member of the vpn group on DC and it was not
              i forgot to add the user back in to the group after fiddling around in the DC

              this guide works

              https://community.spiceworks.com/how_to/128944-pfsense-admin-logins-via-radius-using-active-directory-accounts

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.