Pfsense 2FA failed on Freeradius
-
I have implemented 2FA authentication process on pfsense in order to grant access for VPN users. But recently authentication has failed due to the following reason.
(3) googleauth: ERROR: Program returned code (1) and output ''
(3) [googleauth] = reject
(3) } # Auth-Type GOOGLEAUTH = reject
(3) Failed to authenticate the user
(3) Using Post-Auth-Type Reject
(3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(3) Post-Auth-Type REJECT {
(3) attr_filter.access_reject: EXPAND %{User-Name}
(3) attr_filter.access_reject: --> sam
(3) attr_filter.access_reject: Matched entry DEFAULT at line 11
(3) [attr_filter.access_reject] = updated
(3) [eap] = noop
(3) policy remove_reply_message_if_eap {
(3) if (&reply:EAP-Message && &reply:Reply-Message) {
(3) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(3) else {
(3) [noop] = noop
(3) } # else = noop
(3) } # policy remove_reply_message_if_eap = noop
(3) } # Post-Auth-Type REJECT = updated
(3) EXPAND %{reply:Acct-Output-Octets}
(3) -->
(3) Login incorrect (Failed retrieving values required to evaluate condition): [sam] (from client RadServer port 0)
(3) Delaying response for 1.000000 secondsI have run the "radtest" and local user authentication is granted but when it comes to google auth it failed. Even I did uninstall and configure it again but gives the same error. Note: pfsense runs on hyperv server as a VM. I did try on the laptop its perfectly working fine. Then I installed the same pfsense box on the server then again it failed. Any possible reason behind it as I couldn't rectify yet.
-
@sameerakwc Did you ever find the fix here?
-
@zshambaugh I couldn't get Google Auth working, but I fixed it using DUO Proxy instead.
-
@sameerakwc I fixed my issue. I had radcheck setup but not radreply. Once I added the user to both tables, it worked.