Radius doesn't work



  • I know that this is a know issue, but Radius doesn't work at all now. Before I would hit my radius server but because Pfsense didn't know what group the user belonged to I couldn't browse any pages. Now when I tested it I can't hit the radius server at all, when checking the logs of my radius server I see no attempts to log in. LDAP through Active Directory works fine and that is what I'm using since my Radius (IAS server checked against Active Directory anyway). I guess what I'm asking is if radius is not going to be supported as a form of login why not just remove that feature? My apologies if I'm missing something here.


  • Rebel Alliance Developer Netgate

    There is a lot of vague wording going on there and no specifics. There aren't any known issues with RADIUS that I'm aware of, and there are many of our customers using it.

    Is RADIUS being used in the User Manager? For GUI auth? For OpenVPN? For Captive Portal? For PPTP? For something else?
    Any errors in the logs? When did it last work? When did it stop?

    We need all of that and more, as much detail as you can dig up.



  • In my case, I delete a file named db.daily in /var/log/radacct/timecounter/ to have a correct freeradius running.

    Corrupt by the upgrade to the rc0?
    File format change?

    I don't know, but it works actually.
    I know that I probabily loss some data for 1 day, but in my case it is acceptable.



  • Sorry about that, I was trying to use radius (Microsoft IAS in Server 2003) to authenticate users to the GUI. I know in previous versions 2.02 and 2.01 when I set this up, my IAS server would pass authentication but then I would not have access to any web pages because the user didn't exist in the local database of Pfsense. I was using the work around of adding the user to the local database as well that way I could get access to all the pages I needed but this seemed like double work.

    I wanted to see if this issue was resolved in 2.1RC0 but when I set it up it didn't work. I don't even see a authorization request attempt on my Windows 2003 server looking at the logs. I have configured authorization through Active Directory using LDAP but my preference would be radius if possible that way I could do some accounting.


Locked