Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Radius Test in Captive Portal $150

    Bounties
    5
    9
    2850
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kapara last edited by

      to be able to perform a simple radius authentication test from the captive portal configuration page.

      To have an option where you can test using a username and password and validate that radius setup is valid and working.  If yes a popup or message saying success.  If not see the error message in the log.

      I have about 20 firewalls which use Captive Portal for radius.  Sometimes we are not able to go onsite and to test the radius connectivity from that IP or we make changes in the evening after hours and want to validate it is working before the wireless users come in.  Being able to quickly validate would be great!

      Skype ID:  Marinhd

      1 Reply Last reply Reply Quote 0
      • marcelloc
        marcelloc last edited by

        Can it be an external url to do not touch captive portal page?

        If so, I can do that.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • K
          kapara last edited by

          define external url.  It would have to be within the local network since the RADIUS NAS IP attribute is the ip of the gateway which is used with the radius.  by different URL you mean a different url on the pfsense?

          Skype ID:  Marinhd

          1 Reply Last reply Reply Quote 0
          • marcelloc
            marcelloc last edited by

            @kapara:

            define external url.  It would have to be within the local network since the RADIUS NAS IP attribute is the ip of the gateway which is used with the radius.  by different URL you mean a different url on the pfsense?

            I mean a url on pfsense server but not integrated with captive config gui that does the radius/auth check.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • K
              kapara last edited by

              so something like https://10.10.10.1/radtest.htm or php

              Field for username
              Field for password

              Have it use the existing radius information for test and provide visual results?

              Ex.

              Radius Server 1

              Sending authentication request to server 111.111.111.111:1812
              Tansmitting packet, code=1 id=0 length=48
              received resp[onse from server in 50 milliseconds
              reply packet code=2 id=0 length=20
              response: access-accept

              Radius Server 2

              Sending authentication request to server 222.222.222.222:2683
              Tansmitting packet, code=1 id=0 length=48
              received resp[onse from server in 50 milliseconds
              reply packet code=2 id=0 length=20
              response: access-accept

              Skype ID:  Marinhd

              1 Reply Last reply Reply Quote 0
              • E
                eri-- last edited by

                This will come by default when things will be moved to centralized authentication even for CP.
                Probably with next version of pfSense.
                All the code is there for this as diagnostic authentication just it was never added to CP for lack of interest on this.

                I think you better donate this to pfSense for merging the CP settings with the centralized management rather than this!

                1 Reply Last reply Reply Quote 0
                • K
                  kapara last edited by

                  Is the centralized management going to be part of the pfsense firewall (Built in) or is it going to be a cloud paid service?  I have not heard much on the centralized management.

                  Skype ID:  Marinhd

                  1 Reply Last reply Reply Quote 0
                  • JeGr
                    JeGr LAYER 8 Moderator last edited by

                    @ermal: centralized authentication like "all services on one pfSense installation using the same auth method" or like "one device (or an external gui installation)" that controls multiple pfsense installations?

                    Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                    If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                    1 Reply Last reply Reply Quote 0
                    • S
                      Sabrewarrior last edited by

                      Hello, I have been working on it a bit and have been able to put together something like this so far.

                      List Radius server status for selected zone. For each zone it will get the Authentication Protocol, all the Radius IPs (upto 4 per zone), and Auth Port if entered (1812 default) and Secret Key for each IP. I have not yet added an ability to change the username and password (just using test//testing123). It should be possible though. It also logs the data to /tmp/radiusstatus.log

                      Screen shot for Services -> Captive Portal

                      and the resulting Status -> Captive Portal page

                      (my radius server was down during the test haha) If you would like I can probably add a tab in Status for Radius Servers if you would like to keep the status of Captive Portals and the Radius Servers separate. Also from what I tried, you need to add the freeradius package. (I only added the FreeBSD one, might be better to add the pfSense one for more control.)

                      Let me know if you are interested and if so how you would prefer it. Also if I do end up finishing it for the bounty I would like to be able to provide the changes to everyone.

                      Blog of my random experiments

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post