Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Freeradius with Unifi wifi setupd guide?

    Scheduled Pinned Locked Moved pfSense Packages
    9 Posts 3 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      codera
      last edited by

      Hi!

      Does anybody have a setup guide for Pfsense and Freeradius with Unifi?
      From Unifi controller i understand, that i have to set up a radius profile.
      But how much and what should i change in Pfsense after Freeradius install?

      Can i set up Wifi authentication with only username or password or should it be with SSL certificate imported to the device?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        I have eap-tls setup with freerad and unifi if you want some screenshots.. Yeah you have to import the certs into your devices.. I thought I had posted some info before about it.. let me look and see if can find the old threads - pictures might be gone though it was while back, and many of the images were lost when they changed over the forum software.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        C 1 Reply Last reply Reply Quote 1
        • C
          codera @johnpoz
          last edited by codera

          @johnpoz - every kind of information is very welcome :)

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            I would start here
            https://docs.netgate.com/pfsense/en/latest/packages/using-eap-and-peap-with-freeradius.html#

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • C
              codera
              last edited by codera

              First a weird issue: i can do a successful authentication from my PC with NTRadPing utility, but not from Pfsense itself, while using Diagnostics Authentication option?
              In the system logs is displayed: /diag_authentication.php: Error during RADIUS authentication : No valid RADIUS responses received

              The user is set up in Freeradius. Do i need to specify Pfsense itself as NAS/Clients? It does not seem to make any changes, Pfsense authentication test still fails.

              1 Reply Last reply Reply Quote 0
              • NogBadTheBadN
                NogBadTheBad
                last edited by NogBadTheBad

                Yes you will need to add pfsense if you want to test from pfsense.

                radsniff -x is a quite handy for doing diagnostics.

                I personally hate how ubiquity have implemented wpa enterprise, you have to add each ap as a nas rather than the cloud key.

                Andy

                1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by johnpoz

                  @NogBadTheBad said in Freeradius with Unifi wifi setupd guide?:

                  you have to add each ap as a nas rather than the cloud key

                  If the controller did the auth, then the controller would have to be on all the time... Their setup allows for those that don't want to run the controller all the time don't have to..

                  So yeah you have to setup each AP you have
                  clients.jpg

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  NogBadTheBadN 1 Reply Last reply Reply Quote 0
                  • NogBadTheBadN
                    NogBadTheBad @johnpoz
                    last edited by

                    @johnpoz

                    The option would be nice to have the controller send the auth requests, wouldn’t a major installation have a controller running all the time?

                    Andy

                    1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      Yeah would be nice to have an option.. My controller runs all the time, and wouldn't call it major ;)

                      You should be able to pick, or even have option of say if controller is offline the AP sends..

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.