PfSense (NAS)



  • Hello,

    I'm using the pfSense with a NAS and authenticatting in an external RADIUS server (FreeRadius).
    My problem is in how to sent specific attributes (no default values) for a RADIUS server.

    I tried configuring the file /usr/local/captiveportal/radius_authentication.inc and radius_accounting.inc, but not success!

    I must sent a Vendor Specific (WISPr), and attributes.

    How can I do it?

    Any answer it is appreciated.



  • I need to know how can I set attribute for to sent in the Access-Request!

    Someone, please! Moderator… Admins... help me!



  • I think the file you need to look at is /etc/inc/captiveportal.inc
    This does most of the real work for the portal.



  • Yes, is true. But this file contain a "include path" pointing the referenced file above.

    Below, one example for this file:

    // Default attributes
        $rauth->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_LOGIN);
        $rauth->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET);
        $rauth->putAttribute(RADIUS_NAS_PORT, $nas_port);

    // Extra data to identify the client and nas
        $rauth->putAttribute(RADIUS_FRAMED_IP_ADDRESS, $clientip, addr);
        $rauth->putAttribute(RADIUS_CALLED_STATION_ID, $calledstationid);
        $rauth->putAttribute(RADIUS_CALLING_STATION_ID, $callingstationid);

    // Testing - This line is a test of Vendor-Specific Atribute (VSA)
            $rauth->putAttribute(RADIUS_VENDOR_SPECIFIC, $vendor, "14122");

    How you can see, this configuration don't causes any error message, but in RADIUS Accounting log this attribute is displayed in hexa format.



  • ok I think you need to use the putVendorAttribute($vendor, $attrib, $value, $type = null) function.

    the radius stuff is done in /etc/inc/radius.inc

    try```
    $rauth->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_LOGIN);
        $rauth->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET);
        $rauth->putAttribute(RADIUS_NAS_PORT, $nas_port);

    // Extra data to identify the client and nas
        $rauth->putAttribute(RADIUS_FRAMED_IP_ADDRESS, $clientip, addr);
        $rauth->putAttribute(RADIUS_CALLED_STATION_ID, $calledstationid);
        $rauth->putAttribute(RADIUS_CALLING_STATION_ID, $callingstationid);

    // Testing - This line is a test of Vendor-Specific Atribute (VSA)
            $rauth->putVendorAttribute($vendor, RADIUS_VENDOR_SPECIFIC, "14122");

    It looks like vendor atribs need the vendor first then the usual params


  • Hello, thanks for your post.

    With this parameter, is fast displayed an error message when I do the authentication, but in the log message is displayed another especification… like "WISPr-Attr-0 = 0x".

    I tried modificatting this attribute with this type:

    $racct->putVendorAttribute("14122", $location_id);
    

    Wharever I set after a vendor with "14122", ever displayed the same log message (WISPr-Attr-0 = 0x).

    My attempts did are:

    $location_id
    "location_id"
    'location_id'
    WISPr-Location-ID
    1, $location_id

    any types…



  • Uff!!!

    Finally I got.

    After many testing parameters, I obtained success results with this code:

     // Testing (VSA) WISPr
            $racct->putVendorAttribute(14122, 2, "Sao Paulo, SP", $type = string);
            $racct->putVendorAttribute(14122, 1, "isocc=BRA,cc=55,ac=11,network=LinktelHotSpot,ha=Office", $type = string);
    
    

    The result log message done:

     WISPr-Location-Name = "Sao Paulo, SP"
            WISPr-Location-ID = "isocc=BRA,cc=55,ac=11,network=LinktelHotSpot,ha=Office"
    
    

Log in to reply