AP -> FreeRADIUS on pfSense -> Gsuite
-
We are trying to have our access points authenticate user access with either GSuite or AzureAD. In order to do that we will need to have a FreeRADIUS server installed somewhere. I know there is a package for pfSense and I've looked at a couple of videos but these are mostly using it as a service that other packages use to authenticate against. I'd like to use the database from Gsuite or AzureAD for clients to authenticate against. Does anyone know a tutorial or site that explains how all the pieces come together?
-
@Stewart I wanted to bump this thread to see if anything has changed. We, too, are considering using FreeRADIUS on the pfsense to authenticate against Azure ADDS. Did you have any success making it work?
-
@Troutpocket So based on what I have recently done i think you will need a radius proxy.
To add some color, I recently set up Cisco DUO 2FA. Logging into my pfsense using LDAP or OpenVPN using LDAP auth, admins and end-users will get a DUO Push notification. Works brilliantly.
In order to get this accomplished I needed to have a working LDAP server that everyone initially can reach and auth to. Once that is working I set up a DUO Proxy server that also listens for LDAP requests. Now you point all your LDAP configuration to the DUO Ldap you set up and when any LDAP request get sent to this proxy server, the proxy talks to the LDAP server confirms that auth is good then talks to the DUO service to have a push notification sent to the end-users phone.
I bring all that up to say i think you require a proxy as well. You need to have something talking radius and all radius requets get sent to it and the proxy will turn around and send it to Azure.I found this while searching.
https://wiki.freeradius.org/config/Proxy