Pfsense + External RADIUS (Caveats?)

Armstrong

Hi,

I was hoping to have Radius authentication using RCDevs WebADM. I can't seem to get the authentication to succeed using PAP or CHAP, though when I try with MS-CHAP the logs in WebADM state "LDAP password not provided". I assume this is due to the fact that it cannot read the Microsoft CHAP encryption. This still suggests they are talking though, but with PAP and CHAP I get zero logs at all for WebADM. WebADM is configured correctly as I can authenticate from elsewhere.

Looking at the packet capture I can see Access-Reject (3) followed by id: 0x91 and an Authenticator string.

I was mainly wondering how Pfsense is best set up with an external RADIUS server, if there is anything to consider (LDAP user groups?), and common fixes. I also don't understand what the NAS-IP-ATTRIBUTE is, and how it relates to WAN or LAN. Any help would be appreciated.

Armstrong

Strangely enough, it works fine with the testing client in opt/radiusd/conf/clients.conf but not when trying to actually use the real configuration.

Does anyone know how to implement in that configuration?

stephenw10

What are you trying to authenticate against it exactly? Users logging into pfSense? VPN usesrs?

I'm unfamiliar with RCDevs WebADM but after quickly searching I can't see anything Radius related only LDAP. You have a link to any documentation?

EDIT: This?
https://www.rcdevs.com/docs/howtos/pfsense/pfsense/

Steve