PfSense can’t authenticate with Windows Radius
-
I am trying to switch from a SonicWALL firewall to a pfsense box
I’m almost done configuring the pfsese like the SonicWALL
But I can’t get the pfsense to authenticate with windows radius server for later use with OpenVPNI know this worked perfectly fine with the SonicWALL and this is the function I use the most
And I have used these guides but no avail
https://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory
https://community.spiceworks.com/how_to/128944-pfsense-admin-logins-via-radius-using-active-directory-accountsearlier I got the NPS error code 13
but now I don’t get anything but still can’t authenticatecan you guys help
-
RADIUS is pretty much RADIUS.
All you should have to do is create a client on the server with the proper shared secret and point the client at it on the right IP address and ports.
What's in the logs on the RADIUS server?
-
I get the NPS error 13 which is –> “A RADIUS message was received from the invalid RADIUS client IP address”
this normally appears when the radius client is not configured in the NPS.
in this case it is configuredI have tried with the generated authentication and manual authentication shared secret noting works
i am running pfSense version 2.3.2 and windows server 2012
-
You need to make sure the RADIUS server is actually egressing on the IP address you think it is and that the shared secret is correct. Double check everything on both sides.
As long as you are getting that message it is not going to work.
The problem could just as easily lie on the RADIUS server as the client. Sure would be nice if Windows logged the offending IP address.
-
I used a NTRadPing and I could see there was something wrong with the user so I went back and I checked if the user was member of the vpn group on DC and it was not
i forgot to add the user back in to the group after fiddling around in the DCthis guide works
https://community.spiceworks.com/how_to/128944-pfsense-admin-logins-via-radius-using-active-directory-accounts