• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Issue with login (event 13) using radius server from NPS

Scheduled Pinned Locked Moved Captive Portal
2 Posts 1 Posters 2.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • O
    omrom
    last edited by May 12, 2015, 10:25 AM

    Hi !

    I'm trying to setup a captive portal (pfsense 2.2) for the wifi in a network that is managed with pfsense firewall.

    The pfsense wifi interface is 10.1.0.254/16 and lan is 10.0.0.254/16.
    DC server is on lan @ 10.0.0.5.

    I'm using a vm to test portal authentication and the error i'm getting on with the windows server is an event 13 : https://technet.microsoft.com/en-us/library/cc735406%28v=ws.10%29.aspx
    "A RADIUS message was received from the invalid RADIUS client IP address 10.0.0.254."

    The method i'm following is this one: https://www.youtube.com/watch?v=aCgsEAfn36c
    I've managed successfully to make it work in another 2 setups so i know it can work that way.

    From a tcpdump on the pfsense, all i see when a login attempt happens is this log on the lan intf (nothing seems to happen on the wifi intf):

    the ip 10.1.1.1 is the one of the vm that is logged in the domain, the NPS accepts all domain users.

       10.0.0.254.59882 > 10.0.0.5.1812: [udp sum ok] RADIUS, length: 188
        Access Request (1), id: 0xae, Authenticator: *****
          NAS IP Address Attribute (4), length: 6, Value: 10.1.0.254
          NAS ID Attribute (32), length: 21, Value: pfSense.localdomain
          Username Attribute (1), length: 4, Value: user
          Vendor Specific Attribute (26), length: 58, Value: Vendor: Microsoft (311)
            Vendor Attribute: 25, Length: 50, Value: *******
          Vendor Specific Attribute (26), length: 24, Value: Vendor: Microsoft (311)
            Vendor Attribute: 11, Length: 16, Value: ...........F.7I1
          Service Type Attribute (6), length: 6, Value: Login
          NAS Port Type Attribute (61), length: 6, Value: Ethernet
          NAS Port Attribute (5), length: 6, Value: 2002
          Framed IP Address Attribute (8), length: 6, Value: 10.1.1.1
          Called Station Attribute (30), length: 12, Value: 10.1.0.254

    The thing is i got no issue with ip or dns pinging, so i can't figure out what is going wrong…

    Ideas are much welcome !

    Thanks for reading

    1 Reply Last reply Reply Quote 0
    • O
      omrom
      last edited by May 12, 2015, 2:54 PM

      Ok, well problem solved.

      Issue was i didn't put the proper interface on pfsense cp & and nps radius client…

      Had to be all LAN, even though CP is to be used on the wifi... :P Login from AD works now.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received