Pfsense + External RADIUS (Caveats?)



  • Hi,

    I was hoping to have Radius authentication using RCDevs WebADM. I can't seem to get the authentication to succeed using PAP or CHAP, though when I try with MS-CHAP the logs in WebADM state "LDAP password not provided". I assume this is due to the fact that it cannot read the Microsoft CHAP encryption. This still suggests they are talking though, but with PAP and CHAP I get zero logs at all for WebADM. WebADM is configured correctly as I can authenticate from elsewhere.

    Looking at the packet capture I can see Access-Reject (3) followed by id: 0x91 and an Authenticator string.

    I was mainly wondering how Pfsense is best set up with an external RADIUS server, if there is anything to consider (LDAP user groups?), and common fixes. I also don't understand what the NAS-IP-ATTRIBUTE is, and how it relates to WAN or LAN. Any help would be appreciated.



  • Strangely enough, it works fine with the testing client in opt/radiusd/conf/clients.conf but not when trying to actually use the real configuration.

    Does anyone know how to implement in that configuration?


  • Netgate Administrator

    What are you trying to authenticate against it exactly? Users logging into pfSense? VPN usesrs?

    I'm unfamiliar with RCDevs WebADM but after quickly searching I can't see anything Radius related only LDAP. You have a link to any documentation?

    EDIT: This?
    https://www.rcdevs.com/docs/howtos/pfsense/pfsense/

    Steve


Log in to reply