FreeRADIUS Primer



  • I am having no luck getting FreeRADIUS to work.  I am hoping that someone can point me in the right direction.

    Steps taken so far:

    System: Authentication Servers - Server created.

    • Type set to Radius
    • Hostname or IP Address set to LAN Interface IP 10.0.1.1
    • Shared secret set with only letters and numbers(not sure what characters it excepts)
    • Ports left at default values.

    FreeRADIUS: Settings

    • Listening Interfaces set to LAN
    • Port 1812
    • Logging Yes

    FreeRADIUS: Users - User created
    Username: test
    Password: test
    Number of Multiple Connections: 1
    All other options left blank

    Diagnostics: Authentication
    Authentication Server: Radius
    Username: test
    Password: test

    Get this message:
    The following input errors were detected:
    Authentication failed.

    Seeing this message in the log:
    Thu Dec  2 00:43:34 2010 : Info: Using deprecated naslist file.  Support for this will go away soon.
    Thu Dec  2 00:43:34 2010 : Error: There appears to be another RADIUS server running on the authentication port 1812

    Not sure how there could be another one running.  It feels like I must be missing something pretty basic here. I've run through these steps several times with the same result.   I've tried setting the IP of the RADIUS to 10.0.1.5 to see if it was an IP issue.  I really don't know where to go next.  Point me in the right direction or tell me what total noob thing I missed.



  • i think FREERADIUS not yet work in 2.0 you can change the port and start work i see this in 2.0 i try start i say the port is used so i change for 1892 and stat work but if you reboot your pfsense you need change again the port this time 1812 and same next time, for me works but not funcionally



  • Thanks.  That seems to have fixed the first issue.  I can now test authenticate users.  I have setup a wireless NIC as an AP in pfSense.  When I tell it to use RADIUS for authentication this shows up in the log:

    Thu Dec  2 14:03:48 2010 : Auth: Login incorrect: [test/<no user-password="" attribute="">] (from client pfSense port 0 cli 00-4A-92-B3-50-5F)

    I also tried it with a Linksys WRT54G2 running DD-WRT set as an AP and get the same message.  It sees the username but doesn't appear to get the password.  This account works if I try if from the Diagnostics: Authentication page:

    Thu Dec  2 14:12:33 2010 : Auth: Login OK: [test/test] (from client pfSense port 0)

    Any idea why the password doesn't get passed?</no>



  • Hi,

    this is a german tutorial how to set up an RADIUS server. It is in german, but perhaps it could give you some tips how to configure yourf config files.
    http://www.administrator.de/Netzwerk_Zugangskontrolle_mit_802.1x_und_FreeRadius_am_LAN_Switch.html

    Further you could use this tool to test, if the RADIUS server accepts your username and so on.
    http://www.novell.com/coolsolutions/tools/14377.html
    To see more options, go to the command line in pfsense and run radiusd -X This is the debug mode and it will help you to solve the problem.

    Third. The problem with There appears to be another RADIUS server running on the authentication port 1812
    After rebooting pfSense, i go to the command line and type killall radiusd and after this you could start it with radiusd -X in debug mode oder radiusd in normal mode.

    It worked for me and with the test tool above, I got authorized successfully.

    In the GUI I didn't enter something, I edited the clients.conf and so on manually.
    Attention! If you edit the config files manually and after that you go to the freeRADIUS GUI and click Save all changes you made will be resetted.

    I Think the main problem in this package ist, that it is started several times but should only be started one time ;)

    Bye.



  • So using the testing tool I get this:

    Thu Dec  2 15:34:36 2010 : Auth: Login OK: [test/test] (from client DesktopTest port 0)

    All appears to be working fine.  What in notice though is that the client it lists: DesktopTest.  With two different wireless access points and from the wireless card in the box it has never listed anything other than:

    Thu Dec  2 15:35:06 2010 : Auth: Login incorrect: [test/<no user-password="" attribute="">] (from client pfSense port 0 cli 00-4A-92-B3-50-5F)

    Each of the others is setup with its own client:

    10.0.1.1 pfSense pfSense

    10.0.1.5 Linksys DD-WRT Linksys Access Point

    10.0.2.1 TestRADIUS Internal Wifi RADIUS Test

    10.0.1.15 Linksys Linksys WRT54G

    10.0.1.49 DesktopTest DesktopTestClient

    Not sure why that is.</no>


Log in to reply