Migrating to pfSense freeradius from external freeradius



  • Hello guys and gals.

    Ok, I'm fairly certain this must be fairly simple, but darned if I can pick up the scent.  I have been using pfSense as a captive portal with an external radius server on which resides my sql database.  The pfSense has been performing well, but I wanted to try and reduce latency by installing the freeradius package on the pfSense machine and then afterwards, mirror the sql database to the pfSense machine, and yada yada.

    After installing and configuring the freeradius and successfully doing radtest to the external database from the pfSense commandline, I changed the captive portal setting to point at itself as the primary radius server.

    However when I tried a login through the captive portal page, pfSense returned a screen that read "No valid radius responses received".  I doublechecked my radtest and it worked fine.

    Something with the captive portal I feel certain, but darned if I can sniff out what it is.  Any suggestions as to where to look?

    Many thanks in advance,

    Bill
    Island-wifi.com



  • Did you allow pfSense in radius?
    Normally pfSense comes from the ip you specify on the local config.
    In freeradius pkg, iirc, you specify the source of the client to allow for connectivity.



  • Hi,

    if your CP is running on interface LAN (eg. 192.168.10.1) then you must add this IP as "client" in freeradius package.

    In freeradius2 package go to settings an enable logging and then you will find info on syslog if freeradius gets packets or not or if the shared secret between freeradius and CP is wrong. If there is no freeradius respond on syslog then the client (CP) has not the correct freeradius IP.

    Further you must setup a listening interface on freeradius with a port.
    http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package



  • ok, don't really know what happened, but even though I put the shared secret into the CP interface correctly, the capitalization of one of the characters was wrong in the clients.conf file.  That seems to have fixed it.  Thanks for the input folks.


Log in to reply