Issue with login (event 13) using radius server from NPS

  • Hi !

    I'm trying to setup a captive portal (pfsense 2.2) for the wifi in a network that is managed with pfsense firewall.

    The pfsense wifi interface is and lan is
    DC server is on lan @

    I'm using a vm to test portal authentication and the error i'm getting on with the windows server is an event 13 :
    "A RADIUS message was received from the invalid RADIUS client IP address"

    The method i'm following is this one:
    I've managed successfully to make it work in another 2 setups so i know it can work that way.

    From a tcpdump on the pfsense, all i see when a login attempt happens is this log on the lan intf (nothing seems to happen on the wifi intf):

    the ip is the one of the vm that is logged in the domain, the NPS accepts all domain users. > [udp sum ok] RADIUS, length: 188
            Access Request (1), id: 0xae, Authenticator: *****
              NAS IP Address Attribute (4), length: 6, Value:
              NAS ID Attribute (32), length: 21, Value: pfSense.localdomain
              Username Attribute (1), length: 4, Value: user
              Vendor Specific Attribute (26), length: 58, Value: Vendor: Microsoft (311)
                Vendor Attribute: 25, Length: 50, Value: *******
              Vendor Specific Attribute (26), length: 24, Value: Vendor: Microsoft (311)
                Vendor Attribute: 11, Length: 16, Value: ...........F.7I1
              Service Type Attribute (6), length: 6, Value: Login
              NAS Port Type Attribute (61), length: 6, Value: Ethernet
              NAS Port Attribute (5), length: 6, Value: 2002
              Framed IP Address Attribute (8), length: 6, Value:
              Called Station Attribute (30), length: 12, Value:

    The thing is i got no issue with ip or dns pinging, so i can't figure out what is going wrong…

    Ideas are much welcome !

    Thanks for reading

  • Ok, well problem solved.

    Issue was i didn't put the proper interface on pfsense cp & and nps radius client…

    Had to be all LAN, even though CP is to be used on the wifi... :P Login from AD works now.

Log in to reply