Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] webconfigurator login via FreeRadius3 and google auth failing

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 1 Posters 292 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sand7000
      last edited by sand7000

      My firewall is at 2.4.4-Release and I have setup freeradius3 and I am able to login with a user and password. If I change the user to use google auth I cannot login. I have the following settings:

      • System>User Manager>Authentication Servers is set to my FreeRadius3 server and is set to use PAP protocol.
      • I am entering the password as pin+code so if my pin is 1234 and the generated code is 567890 I enter 1234567890.
      • It shouldn't matter (I think) but the phone and the firewall are configured to the same timezone.
      • I tried enabling MOTP in the FreeRadius Settings but I think that is unrelated anyway.

      I see this in the system logs when I try to test authentication:

      Nov 16 10:30:28 	googleauth.py 		freeRADIUS: Google Authenticator - Authentication failed. User: ed, Reason: wrong tokencode
      Nov 16 10:30:28 	radiusd 	87366 	(1) Login incorrect (Failed retrieving values required to evaluate condition): [ed] (from client firewall port 0)
      

      This is the users config file from FreeRadius:

      /usr/local/etc/raddb/users
      
      "ed" Auth-Type = googleauth
      
      	MOTP-Init-Secret = QYGWNWJE4ZIX4IUG,
      	MOTP-PIN = 1234,
      	MOTP-Offset = 0
      

      This is a test VM so I am happy to upload any config files that would help diagnose the issue.

      The freeradius server works since password authentication succeeds so the issue is with the google auth configuration. Can anyone see what am I missing?

      1 Reply Last reply Reply Quote 0
      • S
        sand7000
        last edited by

        I realized that the time on the VM was off by about 2 minutes, I forced an ntp update and that took care of it.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.