After updating to version 2.4.4 "RADIUS MAC Authentication Failed."



  • After updating to version 2.4.4
    Unable to authenticate to the captive portal, instead of the authentication page this error message appears "RADIUS MAC Authentication Failed."



  • Go to the settings of your captive portal, change authentication method to "use an authentication backend" if you don't want to use Radius MAC authentication.



  • freeradius is already set up and working properly before updating
    I do not know the origin of this error in MAC Radius authentication



  • @free4 That's correct but you can use RADIUS with user/password ("use an authentication backend") either MAC authentification.

    Until version 2.4.3 it was possible to have both parallel. First pfense sent MAC+secret to RADIUS. If MAC authentication failed then pfense opened the cp page and sent user/password. If both failed then user got an error message.

    We uses both methods parallel because "normal" users authenficate with u/p while special users are registered in RADIUS with MAC id.

    Is it possible to reintegrate option RADIUS MAC auth again?



  • I have the same problem. We need RADIUS MAC auth and user/password parallel.



  • @Erik_CH i made a pull request about this : https://github.com/pfsense/pfsense/pull/4000



  • The fall back seems not to respect the setting Use custom captive portal page as it always shows the default login page (default template).

    Tested on 2.4.5.a.20181025.0115.



  • this feature is really how we operate the captive portal...
    loosing it without mentioning it in the main release notes is really totally disappointing our expectation.. also we have no rollback option, as netgate isno longer hosting the old version :/ either no packages were available for older versions!!

    generally after upgrading to 2.4.4 we got a lot of troubles, and makes the firewall unusable for more than 24hour with no luck to recover all what is working as it was..

    really disappointing, we are gonna think not to rely on pfsense anymore !!

    I have applied the patch to 2.4.4, but the login page is broken/corrupted showing random latin characters.
    also the 2.4.5 released 09-11-2018 have the same behavior :(

    ANY WORKAROUND HERE to get this to work again !?



  • @michaeleino go to your captive portal settings, and check "Login page fallback" option.

    if the setting doesn't exist reinstall 2.4.4 from a fresh, new image (the ISO has been updated on pfsense website, it now contain the feature you are asking for)



  • @free4 thanks a lot for your response, do you mean "2.4.4" or the daily snapshot ?
    I can see the 2.4.4 image date is 20-septemper.. is that correct ?
    0_1542145191740_Screenshot from 2018-11-13 23-38-23.png

    meanwhile, I was downgraded to 2.3.4 via a snapshot / and tried to day to perform a normal upgrade via the GUI.. everything goes fine, but there is no option for login fall back.

    Do I still need to perform a fresh install?



  • @free4
    I have tried the latest 2.4.4 image to a fresh install, and it doesn't have this feature, do I miss anything ?
    0_1542187527146_Screenshot from 2018-11-14 11-23-55.png



  • @michaeleino said in After updating to version 2.4.4 "RADIUS MAC Authentication Failed.":

    I have applied the patch to 2.4.4, but the login page is broken/corrupted showing random latin characters.

    The default, build in login page ?



  • @michaeleino oops....you are right

    the feature has been added in 2.4.4 on 9 October ( https://github.com/pfsense/pfsense/commit/bb90e3c57bec5ad24df5f9fdd51d9eadbf3792df ) but the latest ISO is from 20th September

    I thought that Netgate was re-generating 2.4.4 ISO every time a commit is performed on the associated github branch ? is Netgate having issue with their build system?

    Well, sorry for my bad advice then.

    then what you could do is install "patch" package, and manually install this patch :

    url/commit ID : https://github.com/pfsense/pfsense/commit/bb90e3c57bec5ad24df5f9fdd51d9eadbf3792df.diff

    path strip count : 2
    base directory : /
    ignore whitespace : checked or not checked are both ok



  • @Gertjan, yes it was the default -- may be I have applied the patch incorrectly.

    @free4 they shouldn't push a new image without changing the version release.. I think it is on purpose :)

    I have applied the patch using the system patch and it looks working on a fresh install, will apply this in a night action.. and will get back if there are issues.
    0_1542193958251_Screenshot from 2018-11-14 13-07-46.png
    not sure, the logo image is missing due to not logged-in yet or it is missing.. not a big issue.

    Thanks a lot for the help.



  • I am with the same problem, could it be solved is there any other way to do what we need? Mac and user in parallel? apart from that I had to add the mac users directly to the captive portal otherwise it gave me problems, the users were disconnected quite unstable the radius was put on. tanks a lot.



  • @maritoja please check my previous reply.

    and btw, I can confirm that the captive portal is working well using RADIUS server, as long as you don't re-configure it all the time (there is currently an issue when re-configuring a captivportal while users are currently connected. see https://redmine.pfsense.org/issues/8616 )