NEW Package: freeRADIUS 2.x
-
That's not the problem why you do not get freeradius in packagemanager GUI.
If you want to use pkg_add -r then just use the complete path to pfsense server.
x86:
pkg_add -r http://files.pfsense.org/packages/8/All/freeradius-2.1.12_1.tbzx64:
pkg_add -r http://files.pfsense.org/packages/amd64/8/All/freeradius-2.1.12_1.tbz -
That's not the problem why you do not get freeradius in packagemanager GUI.
If you want to use pkg_add -r then just use the complete path to pfsense server.
x86:
pkg_add -r http://files.pfsense.org/packages/8/All/freeradius-2.1.12_1.tbzx64:
pkg_add -r http://files.pfsense.org/packages/amd64/8/All/freeradius-2.1.12_1.tbzthanks! it's working now…
i tried this post to install the gui: http://forum.pfsense.org/index.php?topic=50572.0
Fatal error: Call to undefined function freeradius_install_command() in /usr/local/www/exec.php(244) : eval()'d code on line 9any solutions?
-
hi all! culd any one help me to config xmlrpc sync? i print gui ip adress, password, but sync does't done
-
Hello,
Just tried this package for the first time today and it's great! There's just one minor problem that I would need to solve before I could use this in production. Unfortunately, I'm not a programmer, so wouldn't know where to begin…
What I would like is to have a check box that lets me enter the plaintext password for the user, but encrypts it in the /usr/local/etc/raddb/users file because otherwise any admin can view the plaintext password. To get around this on my existing Linux FreeRADIUS server, I have a small perl script as follows:
#! /usr/bin/perl -w use strict; use Digest::MD5; use MIME::Base64; unless($ARGV[0]){ print "Please supply a password to create a MD5 hash from.\n"; exit; } my $ctx = Digest::MD5->new; $ctx->add($ARGV[0]); print encode_base64($ctx->digest,'')."\n";
So, at the command line, to generate the MD5 password hash:
radius:~ # /root/md5pass.pl <chosen password=""> X03MO1qnZdYdgyfeuILPmQ==</chosen>
Then to use this in my users file I would use the following:
"stuart" MD5-Password := "X03MO1qnZdYdgyfeuILPmQ=="
Anyone have any thoughts on this?
Thanks,
Stuart -
i found out the solution…
ok to everyone that has no freeradius2 on their package list here's the simple fix...
execute this > ./package.sh off -
hi all! culd any one help me to config xmlrpc sync? i print gui ip adress, password, but sync does't done
Could you please explain more in detail whats your problem ?
You have freeradius-server-A and freeradius-server-B
You want to sync from A to B
On A Enable "Automatically sync freeRADIUS configuration changes?"
On A enter the protocol, the IP, the port of B
Enable the "Enable" checkbox in front of this line.
SaveThat's it.
-
Hello,
Just tried this package for the first time today and it's great! There's just one minor problem that I would need to solve before I could use this in production. Unfortunately, I'm not a programmer, so wouldn't know where to begin…
What I would like is to have a check box that lets me enter the plaintext password for the user, but encrypts it in the /usr/local/etc/raddb/users file because otherwise any admin can view the plaintext password. To get around this on my existing Linux FreeRADIUS server, I have a small perl script as follows:
#! /usr/bin/perl -w use strict; use Digest::MD5; use MIME::Base64; unless($ARGV[0]){ print "Please supply a password to create a MD5 hash from.\n"; exit; } my $ctx = Digest::MD5->new; $ctx->add($ARGV[0]); print encode_base64($ctx->digest,'')."\n";
So, at the command line, to generate the MD5 password hash:
radius:~ # /root/md5pass.pl <chosen password=""> X03MO1qnZdYdgyfeuILPmQ==</chosen>
Then to use this in my users file I would use the following:
"stuart" MD5-Password := "X03MO1qnZdYdgyfeuILPmQ=="
Anyone have any thoughts on this?
Thanks,
StuartI attached you two files. Replace them with the existing ones in /usr/local/pkg
I used example one on this page. Try if it is ok or if there is something to be changed:
http://php.net/manual/en/function.md5.phpIf you want to check the code edit freeradius.inc and watch lines 394-402
–- edit ---
it seems that we do not just need a md5 encoding but after that a base64 encoding of the md5 hash. Could you please try your cript with a password and post your password here and the according hash for that ? So we could do some more tests.
or someone could explain what is done in this perl script ;o) -
i found out the solution…
ok to everyone that has no freeradius2 on their package list here's the simple fix...
execute this > ./package.sh offThank you for your feedback. It would be interesting why this is needed on some .iso images and not on others.
But it is nice to hear that it is working for you now :) -
Could you please explain more in detail whats your problem ?
You have freeradius-server-A and freeradius-server-B
You want to sync from A to B
On A Enable "Automatically sync freeRADIUS configuration changes?"
On A enter the protocol, the IP, the port of B
Enable the "Enable" checkbox in front of this line.
SaveThat's it.
yes, i do all this step and allow all trafic in firewall rule, but server don't sync, in log type:
nov 13 09:42:11 php: /pkg.php: FreeRADIUS: Starting XMLRPC process (freeradius_do_xmlrpc_sync) with timeout seconds.
nov 13 09:42:11 php: /pkg.php: FreeRADIUS: XMLRPC Sync with x.x.x.x has incomplete credentials. No XMLRPC Sync done!
nov 13 09:42:11 php: /pkg.php: FreeRADIUS: Finished XMLRPC process (freeradius_do_xmlrpc_sync). -
XMLRPC Sync with x.x.x.x has incomplete credentials
Perhaps you are using some special characters in your password which are not allowed.
Can you try a simple password like "password123" and then try again ?It MUST be the password for the "admin" account of pfsense. no other account will work.
-
Hi,
Thanks for your very speedy reply. I'll try the attached files later today.
I attached you two files. Replace them with the existing ones in /usr/local/pkg
I used example one on this page. Try if it is ok or if there is something to be changed:
http://php.net/manual/en/function.md5.phpIf you want to check the code edit freeradius.inc and watch lines 394-402
–- edit ---
it seems that we do not just need a md5 encoding but after that a base64 encoding of the md5 hash. Could you please try your cript with a password and post your password here and the according hash for that ? So we could do some more tests.
or someone could explain what is done in this perl script ;o)For info, I implemented strong passwords on my Linux FreeRADIUS server based on info I found here:
http://www.packtpub.com/article/freeradius-authentication-storing-passwords
To be honest, it doesn't need to be an MD5 password but that's just the first thing I tried that worked. I was in a hurry yesterday when I posted - what I meant by "check box" was in the user creation tab, have a check box marked "encrypt password" and if selected, hash using MD5 or some other workable way.
If MD5 is the preferred option, then here are some sample hashes for you:
radius:~ # ./md5pass.pl hello XUFAKrxLKna5cZ2REBfFkg== radius:~ # ./md5pass.pl pfsense OktMTd5JTSzsPg6mjkN+Fw== radius:~ # ./md5pass.pl qwertyuiop buqbfvGReaBpVO3Q9sBc6w==
Thanks,
Stuart -
XMLRPC Sync with x.x.x.x has incomplete credentials
Perhaps you are using some special characters in your password which are not allowed.
Can you try a simple password like "password123" and then try again ?It MUST be the password for the "admin" account of pfsense. no other account will work.
i using this config and i set admin password "123456", but server don't sync, I can't mistake, I set firewall that he logging packets between server, but I do not see any packet
-
XMLRPC Sync with x.x.x.x has incomplete credentials
Perhaps you are using some special characters in your password which are not allowed.
Can you try a simple password like "password123" and then try again ?It MUST be the password for the "admin" account of pfsense. no other account will work.
i using this config and i set admin password "123456", but server don't sync, I can't mistake, I set firewall that he logging packets between server, but I do not see any packet
Strange. Are both systems using the same protocol and the same port ?
Can you try to set both to http and port 80.But in general it works for me with different ports and protocols and some other users are using this, too.
-
Hi,
Thanks for your very speedy reply. I'll try the attached files later today.
I attached you two files. Replace them with the existing ones in /usr/local/pkg
I used example one on this page. Try if it is ok or if there is something to be changed:
http://php.net/manual/en/function.md5.phpIf you want to check the code edit freeradius.inc and watch lines 394-402
–- edit ---
it seems that we do not just need a md5 encoding but after that a base64 encoding of the md5 hash. Could you please try your cript with a password and post your password here and the according hash for that ? So we could do some more tests.
or someone could explain what is done in this perl script ;o)For info, I implemented strong passwords on my Linux FreeRADIUS server based on info I found here:
http://www.packtpub.com/article/freeradius-authentication-storing-passwords
To be honest, it doesn't need to be an MD5 password but that's just the first thing I tried that worked. I was in a hurry yesterday when I posted - what I meant by "check box" was in the user creation tab, have a check box marked "encrypt password" and if selected, hash using MD5 or some other workable way.
If MD5 is the preferred option, then here are some sample hashes for you:
radius:~ # ./md5pass.pl hello XUFAKrxLKna5cZ2REBfFkg== radius:~ # ./md5pass.pl pfsense OktMTd5JTSzsPg6mjkN+Fw== radius:~ # ./md5pass.pl qwertyuiop buqbfvGReaBpVO3Q9sBc6w==
Thanks,
StuartHi Stuart,
I think I got it. Then enconding in php is different than in perl but this hint gave me the reason:
If the optional raw_output is set to TRUE, then the md5 digest is instead returned in raw binary format with a length of 16\.
I attached the new freeradius.inc file. Try it again with that file, check if the passwords/hashes are correct and please try if it is really working/authentication.
-
hello everyone…
im new to pfsense and im interested in implementing this to our school.
ive been reading the whole thread of this topic.
one thing caught my eyes and mind is the topic of @zlyzwy and @Nachtfalke about the SQL feature of freeradius
ive tried the ones posted by @zlyzwy on how to have a database table schema for the user authentication of captive portal
i used an external database server with XAMPP server running...
i created the database on the xampp server with the table schema's posted by @zlyzwyi reconfigured the freeradius SQL, NAS/Clients, Interface and Captive Portal to redirect to the external database server...
but unfortunately, when i tried testing to connect to the external DB server radtest always gives me the no response from server message.
what could be the problem and why?the normal CP + freeradius2 configuration with the user entry on freeradius works fine for me but i want to add 2,500 user accts and have a separate webGUI to process,add,delete users on the users table.
if @zlyzwy can only post again on how to populate the table and what tables on the table schema's that he posted should be populated for the user accts and how to connect it to an external db server.
i hope i hear soon from @zlyzwy and @Nachtfalke or anyone who could help me on this inquiry, thank you very much for this topic.
-
Can you run freeradius in debug mode and try again.
Configure everything on GUI, save and the stop the radiusd service on the GUI.after that go to the pfsense console and type:
radiusd -X
Then try to authenticate a user and check the output of freeradius. It probably tells you what you have to do or what is not correct.
Or perhaps you are using a password which is using special characters which are not allowed. Try a simple password first.
Or the firewall rules on the xampp server do not allow traffic from pfsense - check this and disable all firewall rules. -
Thank you very much for a fast reply on my inquiry.
i tried stopping the radius service on GUI and on console,
but i get the FAILED to connect to any sql server message of radiusd -X syntax.attached are my configurations for
SQL in freeradius
Captive Portal
security setting on my xampp server
and the error message on the radiusd -X
maybe i miss something on the configuration but i just followed the instructions on this thread
Thank you very very much…
-
Hi,
your CP configuration looks wired. The authentication port for radius is 3306 - which is your sql port !? This looks strange.
To make clear the way how freeradius is working:
Freeradius has a listening port for authentication and if you need an accounting port
You must configure the ports on the "interfaces" tab of freeradius
The CP must connect to the listening ports of freeradius.CP does not connect directly to the mysql database - it connects to freeradius and freeradius decides if to send the request to mysql or somewhere else.
In general the authentication port for freeradius is 1812 and the accounting port is 1813
and these two ports are important for the CP. -
hello Nachtfalke,
and thank you very much for your patience…
i change my port on my captive portal config to 1812
but still same error appears on radiusd -X on console
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to radius@192.168.1.7:3306/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql_mysql: Couldn't connect socket to MySQL server radius@192.168.1.7:radius
rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on '192.168.1.7' (60)'
rlm_sql (sql): Failed to connect DB handle #0
rlm_sql (sql): starting 1
rlm_sql (sql): starting 2
rlm_sql (sql): starting 3
rlm_sql (sql): starting 4
rlm_sql (sql): Failed to connect to any SQL server.
rlm_sql (sql): Processing generate_sql_clients
rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas
rlm_sql (sql): Ignoring unconnected handle 4..
rlm_sql (sql): Ignoring unconnected handle 3..
rlm_sql (sql): Ignoring unconnected handle 2..
rlm_sql (sql): Ignoring unconnected handle 1..
rlm_sql (sql): Ignoring unconnected handle 0..
rlm_sql (sql): There are no DB handles to use! skipped 5, tried to connect 0
Failed to load clients from SQL.
rlm_sql (sql): Closing sqlsocket 4
rlm_sql (sql): Closing sqlsocket 3
rlm_sql (sql): Closing sqlsocket 2
rlm_sql (sql): Closing sqlsocket 1
rlm_sql (sql): Closing sqlsocket 0
/usr/local/etc/raddb/sql.conf[2]: Instantiation failed for module "sql"
/usr/local/etc/raddb/sites-enabled/default[185]: Failed to load module "sql".
/usr/local/etc/raddb/sites-enabled/default[185]: Failed to parse "sql" entry.
/usr/local/etc/raddb/sites-enabled/default[69]: Errors parsing authorize section.i attached my
nas/clients configuration here
and my interfaces configuration.
thank you very much for your patience Nachtfalke.
-red
-
Dear Fellas,
I've terribly noticed that, on my system, when accounting update mode from CP is selected as Start/Stop "Accounting", FreeRadius is counting triple times the actual value from time to time.
I mean I tested it with a 20 mi Forever account, and it killed the user at exactly 20 min later. But after that, the clients I've created, ended up so quickly, so I do a radtest check simultaniously with a client, and saw that, every 60 seconds, around 180 seconds are counted.
The only difference is the deadline date that I've given to the other accounts. They are also selected as Forever.
Any ideas?