Issue with login (event 13) using radius server from NPS



  • Hi !

    I'm trying to setup a captive portal (pfsense 2.2) for the wifi in a network that is managed with pfsense firewall.

    The pfsense wifi interface is 10.1.0.254/16 and lan is 10.0.0.254/16.
    DC server is on lan @ 10.0.0.5.

    I'm using a vm to test portal authentication and the error i'm getting on with the windows server is an event 13 : https://technet.microsoft.com/en-us/library/cc735406%28v=ws.10%29.aspx
    "A RADIUS message was received from the invalid RADIUS client IP address 10.0.0.254."

    The method i'm following is this one: https://www.youtube.com/watch?v=aCgsEAfn36c
    I've managed successfully to make it work in another 2 setups so i know it can work that way.

    From a tcpdump on the pfsense, all i see when a login attempt happens is this log on the lan intf (nothing seems to happen on the wifi intf):

    the ip 10.1.1.1 is the one of the vm that is logged in the domain, the NPS accepts all domain users.

       10.0.0.254.59882 > 10.0.0.5.1812: [udp sum ok] RADIUS, length: 188
            Access Request (1), id: 0xae, Authenticator: *****
              NAS IP Address Attribute (4), length: 6, Value: 10.1.0.254
              NAS ID Attribute (32), length: 21, Value: pfSense.localdomain
              Username Attribute (1), length: 4, Value: user
              Vendor Specific Attribute (26), length: 58, Value: Vendor: Microsoft (311)
                Vendor Attribute: 25, Length: 50, Value: *******
              Vendor Specific Attribute (26), length: 24, Value: Vendor: Microsoft (311)
                Vendor Attribute: 11, Length: 16, Value: ...........F.7I1
              Service Type Attribute (6), length: 6, Value: Login
              NAS Port Type Attribute (61), length: 6, Value: Ethernet
              NAS Port Attribute (5), length: 6, Value: 2002
              Framed IP Address Attribute (8), length: 6, Value: 10.1.1.1
              Called Station Attribute (30), length: 12, Value: 10.1.0.254
    

    The thing is i got no issue with ip or dns pinging, so i can't figure out what is going wrong…

    Ideas are much welcome !

    Thanks for reading



  • Ok, well problem solved.

    Issue was i didn't put the proper interface on pfsense cp & and nps radius client…

    Had to be all LAN, even though CP is to be used on the wifi... :P Login from AD works now.