Radius auth broken?
-
Hi,
i have installed clean 2.2 (After i had 2.1) and now radius (MS NAP 2008r2) is not working. I don't even see that authentication requests are coming to radius server. Nothing has changed on raidus, and pfsense has same IP.
Can anyone confirm?
-
I did some more testing, if i go to https://1.1.1.1/diag_authentication.php and test raidus there it works and i can see auth request on radius server.
If i select radius on Mobile clients under Xauth it's being ignored. So yes, it looks like a bug.
-
There is a bug here and i don't know how i fixed it. Maybe disable/enable ipsec did it but GUI is bugged. Can you change instead to selecting auth that we get dropdown list?
-
Radius has been a problem for me for a while I want to say since 2.1.x I was told to use LDAP instead, which seem to work well for me. If radius isn't going to be fixed it should probably be taken out of the GUI.
-
If you're using a hostname for the RADIUS server make sure it only resolves to an IPv4 host. The RADIUS code in libradius, used by PHP, is not IPv6 aware.
The only time I've seen RADIUS traffic fail to exit the firewall is when it was trying to use IPv6. So if you're using a hostname, try using the IPv4 address directly.
-
For radius settings you need to restart ipsec service after configuration.
