[SOLVED] Captive portal and RADIUS Authentication



  • Hi everybody.
    I'm new to the forum. I'm Italian so please sorry for my poor english.

    I just set up a new PFSense 2.1.4.
    I'm trying to use RADIUS Auth for the Captive portal.
    Captive Portal with Local Auth is working fine.

    I set up RADIUS Role on my Win2008R2 DC .
    It's working. If I add the server in "User management -> Servers" and then try with "Diagnostics -> Authentication" I can see the authentication attempt in my Windows Event Viewer, and PFSense says "User authenticated succesfully"

    But if I try to use RADIUS in Captive portal configuration:

    • with PAP auth I get a red message in the captive portal page after authentication "Error sending request. No RADIUS server specified" and on the top of the page something such a PHP error:
      "Warning: invalid argument supplied for foreach in /usr/local/captiveportal/radius_authentication.inc line 87

    • with MSCHAPv2 auth I get a blank page with the PHP error, plus information about memory allocation
      "Fatal error. Allowed memory size of 268435856 bytes exhausted (tried to allocate 4294967295 bytes) in /etc/inc/radius.inc line 446.

    Where is my mistake?
    Thanks!
    Nick



  • OK, now it's working with NDS Radius on Win2008R2 and radius settings
    directly in Captive Portal.

    I think the problem was simply a "too strong"/too long shared secret
    with non standard characters such as @, commas and others…
    maybe encoding problems??

    Now I deleted some of that characters from the shared secret and
    everything is working.
    (anyway I'm using : \ / and others...)

    My Win2008R2 RADIUS config for future reference if someone will need it:

    
    - Added network access policy role with con servizio Network policy
    server service.
    
    - New radius client: pfSense - <ip_of_your_pfsense>, shared secret
    
    - Connection request policy:
    New -> pfSense
    Conditions: IPv4 client address - 192.168.0.246
    
    - Network policy:
    New -> PFSense Captive Portal
    Condition 1: Users group - DOMAIN\ADGroup
    Condition 2: NAS Identifier - pfsense.localdomain (as you entered in
    pfsense initial wizard)
    Condition 3: NAS port type - Ethernet
    Protocol: MSCHAPv2
    
    In the "Network policy server" service properties, enter only RADIUS
    standard port 1812 (connection) and 1813 (accounting), and delete any
    other port.
    
    Stop and restart the service.</ip_of_your_pfsense>
    

    Captive portal side config:

    
    Services -> Captive portal -> New
    
    Enable Captive Portal
    Authentication: RADIUS Autentication - MSCHAPv2
    Primary RADIUS server: <your_win2008_ip>RADIUS NAS IP attribute: <your_pfsense_ip_on_the_lan_side>Shared Secret: same as on server</your_pfsense_ip_on_the_lan_side></your_win2008_ip> 
    

    Cheers,
    Nick



  • Hi,

    I am experiencing the same issue right now on my captive portal radius authentication setup.

    I am getting an error every time I try to re-login for the second time, first time produces an error. This is the error:

    Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 4294967295 bytes) in /etc/inc/radius.inc on line 446

    I've tried to follow you "too long" secret key suggestion but it did not work for me. Anyway, maybe you have some other idea about what might be causing that error.