pfSense config with daloRadius (freeRadius) to setup download quota limitation



  • I have pfsense and daloRadius(running freeRadius inside) up and running, I successfully configured radius parameters on pfSense and the NAS on daloRadius and they can talk to each other.

    I am able to create users from daloRadius and authenticate them from pfSense. But when I add some attributes for bandwidth limitation or download quota limitation, authentication fails from pfSense.

    Plus in spite of all the search i did, am' not able to understand clearly how radius attributes function: - Difference between check and reply and when to use either - also the operators being used.

    Since i didn't understand clearly i tried all combinations that made sense to me but it never worked, I always get access-reject.

    I added to daloRadius the pfSense radius attribute dictionary which i got from here:

    VENDOR      pfSense             13644
    
    BEGIN-VENDOR    pfSense
    
    ATTRIBUTE   pfSense-Bandwidth-Max-Up        1   integer
    ATTRIBUTE   pfSense-Bandwidth-Max-Down      2   integer
    ATTRIBUTE   pfSense-Max-Total-Octets        3   integer
    
    END-VENDOR pfSense
    

    but whenever I create a user and try using one of these attributes in either reply or check attribute, the user is not authorised when logging in, just getting access-reject with no explanations.

    What am I doing wrong ?


  • Rebel Alliance

    I might say obvious things, but did you have a look to the documentation ? It has been updated recently

    https://docs.netgate.com/pfsense/en/latest/captiveportal/captive-portal-configuration.html


Log in to reply