No Group RADIUS Authentication with Active Directory



  • I've been working on resolving this issue for over a month now, but I just haven't found a working solution despite countless articles. I've followed step by step on the following article : https://community.spiceworks.com/how_to/128944-pfsense-admin-logins-via-radius-using-active-directory-accounts . And I also read this article: https://forum.pfsense.org/index.php?topic=133441.0. Every time I try authenticating using my RADIUS server, it authenticates, but doesn't provide a group membership. Here is my current configuration:

    PfSense - Auth. Servers:

    Main-SRV1
    192.168.1.2
    RADIUS
    PAP
    Auth. Port 1812
    Acct. Port 1813
    Auth. Timeout 5

    PfSense - Groups:
    "PfAdmin"
    Scope:Remote (Tried local too)
    Privileges: WebCfg - All

    Windows Server 2012 R2 (RADIUS Server) :

    Grant Access
    Unspecified network access server
    Conditions: MAIN\PfAdmin ; Client IP 10.0.3.2
    Auth. Methods: PAP/SPAP
    Class: PfAdmin (Tried "PfAdmin;" and "PfAdmin;PfAdmin")

    It seems somewhere I ran into an issue and I can't seem to understand why. Followed multiple articles on this with the same results. Any help definitely would be appreciated!


  • Rebel Alliance Developer Netgate

    Take a packet capture of the RADIUS auth exchange. Load it up in Wireshark and inspect the reply from the AD server, see if it has the Class attribute and how it looks.


Log in to reply