FreeRADIUS: Attributes Conflicting with GUI Login
-
Hello!
I currently use FreeRADIUS to authenticate for the pfSense Web-GUI and it has been working great for awhile. Today I tried to add another Attribute to my "REPLY-ITEM" and suddenly pfSense no longer processes the "Class" attribute. Adding "Attr-26" seems to be the issue. All my other devices using Radius for authentication continue working. It is just pfSense itself giving me trouble.
Configs are from my "/usr/local/etc/raddb/users" file.
Config 1:
"test" Cleartext-Password := "*******" Class = "pfsense-admin", TrippLite-User-Role = "Administrator"
Config 2:"test" Cleartext-Password := "*******" Class = "pfsense-admin", TrippLite-User-Role = "Administrator", Attr-26 = 0x483D342C20493D34
Any ideas?
-
@nedyah700 said in FreeRADIUS: Attributes Conflicting with GUI Login:
Any ideas?
This
Attr-26 = 0x483D342C20493D34make sense to you.
But does it make sense to FreeRadius ? You asked ?Stop FreeRadius in the GUI.
Open a console or SSH and type :radius -XNo errors ?
Wait for it to stabilize (the scrolling of messages stopped).
Do a login attempt.
Still no errors ?No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
This post is deleted! -
@gertjan Thanks for the suggestion! compared line by line and the only difference is the one added reply line with the Attr-26 data. Which I believe looks correct. Maybe this isn't a FreeRADIUS issue but how pfSense is parsing the reply?
Web-GUI Login Works
(1) Login OK: [test] (from client pfSense port 0) (1) Sent Access-Accept Id 96 from X.X.X.X:1812 to to X.X.X.X:61072 length 0 (1) Class = 0x706673656e73652d61646d696e (1) TrippLite-User-Role = "Administrator" (1) MS-CHAP2-Success = *removed* (1) MS-MPPE-Recv-Key = *removed* (1) MS-MPPE-Send-Key = *removed* (1) MS-MPPE-Encryption-Policy = Encryption-Allowed (1) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (1) Finished requestWeb-GUI Login Doesnt Work
(1) Login OK: [test] (from client pfSense port 0) (1) Sent Access-Accept Id 231 from X.X.X.X:1812 to X.X.X.X:61320 length 0 (1) Class = 0x706673656e73652d61646d696e (1) TrippLite-User-Role = "Administrator" (1) Attr-26 = 0x483d342c20493d34 (1) MS-CHAP2-Success = *removed* (1) MS-MPPE-Recv-Key = *removed* (1) MS-MPPE-Send-Key = *removed* (1) MS-MPPE-Encryption-Policy = Encryption-Allowed (1) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (1) Finished request -
@nedyah700 if you Google the string you’re trying you’ll see non pfSense people are having an issue, it’s an issue with freeradius.
I had a look earlier.
This is for a Supermicro device isn’t it.
-
Correct. Supermicro IPMI.
Most of my searches found people having issues getting authentication working with Supermicro.
My issue is that all other devices that use RADIUS for authentication are all working (UPS’s, Supermicro IPMI, TrippLite PDU). It’s just the pfSense itself.
