Freeradius attribute data?



  • newbies here..

    I just setup pfsense n freeradius.. Wanna use captive portal. I wanna know what to insert into freeradius table, especially radreply table… i can't find any information regarding this.



  • Hi,

    Well in theory you can add Session-Timeout values for radreply, but i tryit and
    i cannot getit work (RC2), so i use idle timeout and hard timeout values.
    But anyway here is example:

    +–--+--------------+-------------------+----+--------+
    | id | UserName | Attribute      | op | Value|
    +----+--------------+-------------------+----+--------+
    |  1 | user1  | Session-Timeout | :=| 120  |
    |  2 | user2  | Session-Timeout | :=| 120  |
    +----+----------+-----------------------+----+--------+

    Br,

    Ville



  • Thanks for the reply.. I will try that.

    I already try session time-out but got auth error.. Not sure why. Radius log show it accept the auth request.



  • There are some known issues with Radiussupport and CP atm. That's why we disabled some features like reauthentication every minute and accounting information for now (at least in the latest snapshots). These features most likely are not fixable for 1.0 (too late in the releasecycle and too much danger of breaking other things again). Expect to find a newer version of the CP in a release after 1.0 is out. It might also be interesting for you to know that Jonathan DeGraeve is working on a new and inmproved version of the CP for m0n0 that will have better performance and better radiusintegration. We'll sync HEAD against that code once it is done and available.



  • Thanks for the info.. I also read about CP problem and radius escpecially regarding Session-Timeout. Since they able to login, I just wanna try out to pass CP auth screen. Right now I only able to do it using Local manager. Just wanna play around with radius setting after..

    Anyway I try out monowall check whether it work or not.



  • Dear all,

    After a lot of testing, I found out that the reason I got bad login is because pfsense never get an answer from radius server.. I increase the timeout in radius_accounting.inc also no help.. The weird part is, when I go to shell and use tcpdump I can clearly see radius request and response almost immediately. Dunno why php cannot get the response.. Any idea?

    I testing using wmware with 2 machine, 1 as pfsense and 2nd one as radius server.



  • Hi,

    Have you checked what freeradius respons? Start freedius with -X attribute and see if there comes
    any errors or access rejects.

    Br,

    Ville



  • yup.. can see radius send the reply.. i can even see pfsense receive the reply thru tcpdump. the problem is php not getting it.. It will timeout and got bad username/password msg.

    BTW the radius is configure with LAN IP. is this a prob? I will try out tonight if I configure radius with WAN IP and connected thru WAN.



  • @aneip:

    yup.. can see radius send the reply.. i can even see pfsense receive the reply thru tcpdump. the problem is php not getting it.. It will timeout and got bad username/password msg.

    BTW the radius is configure with LAN IP. is this a prob? I will try out tonight if I configure radius with WAN IP and connected thru WAN.

    No radius in LAN IP address-space is not a problem, if you can access it thru fw.

    Br,

    Ville



  • I solved now.. I configure 2 nework card on radius server. One with static IP, one with DHCP. I thought to of using the same server to test for CP function.. It only work after I delete the 1st network card (DHCP). It seem that radius send the reply but going out to DHCP IP one so CP firewall block it (or something like that)..

    But now it working.. I can see, radius auth routine only check for Accept-Reply (1st byte only) and not other attribute. I will try to compare or do some hacking so session-timeout can be use.. Hopefully.


Locked