Change Authentication Server from CLI

onetwo · Apr 17, 2024, 1:53 PM

Hello,

I'm looking for the solution to change Authentication Server for WUI to Local Database (actually configured FreeRadius) from CLI.

I tried to find related conf in/conf/config.xml, but i don't know where to change.

I would like to avoid to restore conf.
Thank you.

Gertjan · Apr 17, 2024, 2:31 PM

@onetwo

Edit the config ?! remember, this is pfSense : everything is stored in one file.

Go SSH or console, option 8 and then :

viconfig

Before you use this command, and depending on when you were born, take note : your dealing with 'vi' here. For those who remember wordstar or edlin : it's worse.

With the / command you should search for : authserver
Then, when on the first line (see below), the command dd will delete a line.
Ditch the entire :

section.
Don't mess with the 'xml' formatting.
Quit vi with ESC : w q

The advantage of using this command is that the config will get reloaded after quitting vi (I think).

Did I mention that you should make a copy of the config before you make things worse ? ^^

onetwo · Apr 17, 2024, 3:06 PM

Thank you @Gertjan, but i have the same entry on 2 different Pfsense so i don't think that change may be done in this section..

Pfsense A: (Authentication Server: Local Database)

	<authserver>
		<refid>6124f7114286c</refid>
		<type>radius</type>
		<name>Local FreeRADIUS</name>
		<radius_protocol>PAP</radius_protocol>
		<host>127.0.0.1</host>
		<radius_nasip_attribute>wan</radius_nasip_attribute>
		<radius_secret>XXXXXXXXXXXXXXX</radius_secret>
		<radius_timeout>5</radius_timeout>
		<radius_auth_port>1812</radius_auth_port>
		<radius_acct_port>1813</radius_acct_port>
	</authserver>

Pfsense B: (Authentication Server: FreeRadius)

	<authserver>
		<refid>6124f7114286c</refid>
		<type>radius</type>
		<name>Local FreeRADIUS</name>
		<radius_protocol>PAP</radius_protocol>
		<host>127.0.0.1</host>
		<radius_nasip_attribute>wan</radius_nasip_attribute>
		<radius_secret>XXXXXXXXXXXXXXX</radius_secret>
		<radius_timeout>5</radius_timeout>
		<radius_auth_port>1812</radius_auth_port>
		<radius_acct_port>1813</radius_acct_port>
	</authserver>

stephenw10 · Apr 17, 2024, 4:30 PM

Authentication for what? That's just where the external servers are configured. For the GUI that's set by the authmode tag:

			<authmode>Local Radius</authmode>
			<authmode>Local Database</authmode>

onetwo · Apr 17, 2024, 6:31 PM

@stephenw10 said in Change Authentication Server from CLI:

authmode

I mens authentification to WUI.. Perfect, i was exactly looking fot that...
Thank you!