Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PfSense can’t authenticate with Windows Radius

    OpenVPN
    2
    5
    4783
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Aru23 last edited by

      I am trying to switch from a SonicWALL firewall to a pfsense box
      I’m almost done configuring the pfsese like the SonicWALL
      But I can’t get the pfsense to authenticate with windows radius server for later use with OpenVPN

      I know this worked perfectly fine with the SonicWALL and this is the function I use the most

      And I have used these guides but no avail

      https://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory
      https://community.spiceworks.com/how_to/128944-pfsense-admin-logins-via-radius-using-active-directory-accounts

      earlier I got the NPS error code 13
      but now I don’t get anything but still can’t authenticate

      can you guys help

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        RADIUS is pretty much RADIUS.

        All you should have to do is create a client on the server with the proper shared secret and point the client at it on the right IP address and ports.

        What's in the logs on the RADIUS server?

        1 Reply Last reply Reply Quote 0
        • A
          Aru23 last edited by

          I get the NPS error 13 which is –> “A RADIUS message was received from the invalid RADIUS client IP address”

          this normally appears when the radius client is not configured in the NPS.
          in this case it is configured

          I have tried with the generated authentication and manual authentication shared secret noting works

          i am running pfSense version 2.3.2 and windows server 2012

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            You need to make sure the RADIUS server is actually egressing on the IP address you think it is and that the shared secret is correct. Double check everything on both sides.

            As long as you are getting that message it is not going to work.

            The problem could just as easily lie on the RADIUS server as the client. Sure would be nice if Windows logged the offending IP address.

            1 Reply Last reply Reply Quote 0
            • A
              Aru23 last edited by

              I used a NTRadPing and I could see there was something wrong with the user so I went back and I checked if the user was member of the vpn group on DC and it was not
              i forgot to add the user back in to the group after fiddling around in the DC

              this guide works

              https://community.spiceworks.com/how_to/128944-pfsense-admin-logins-via-radius-using-active-directory-accounts

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense Plus
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy