Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issue with login (event 13) using radius server from NPS

    Scheduled Pinned Locked Moved Captive Portal
    2 Posts 1 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      omrom
      last edited by

      Hi !

      I'm trying to setup a captive portal (pfsense 2.2) for the wifi in a network that is managed with pfsense firewall.

      The pfsense wifi interface is 10.1.0.254/16 and lan is 10.0.0.254/16.
      DC server is on lan @ 10.0.0.5.

      I'm using a vm to test portal authentication and the error i'm getting on with the windows server is an event 13 : https://technet.microsoft.com/en-us/library/cc735406%28v=ws.10%29.aspx
      "A RADIUS message was received from the invalid RADIUS client IP address 10.0.0.254."

      The method i'm following is this one: https://www.youtube.com/watch?v=aCgsEAfn36c
      I've managed successfully to make it work in another 2 setups so i know it can work that way.

      From a tcpdump on the pfsense, all i see when a login attempt happens is this log on the lan intf (nothing seems to happen on the wifi intf):

      the ip 10.1.1.1 is the one of the vm that is logged in the domain, the NPS accepts all domain users.

         10.0.0.254.59882 > 10.0.0.5.1812: [udp sum ok] RADIUS, length: 188
        Access Request (1), id: 0xae, Authenticator: *****
          NAS IP Address Attribute (4), length: 6, Value: 10.1.0.254
          NAS ID Attribute (32), length: 21, Value: pfSense.localdomain
          Username Attribute (1), length: 4, Value: user
          Vendor Specific Attribute (26), length: 58, Value: Vendor: Microsoft (311)
            Vendor Attribute: 25, Length: 50, Value: *******
          Vendor Specific Attribute (26), length: 24, Value: Vendor: Microsoft (311)
            Vendor Attribute: 11, Length: 16, Value: ...........F.7I1
          Service Type Attribute (6), length: 6, Value: Login
          NAS Port Type Attribute (61), length: 6, Value: Ethernet
          NAS Port Attribute (5), length: 6, Value: 2002
          Framed IP Address Attribute (8), length: 6, Value: 10.1.1.1
          Called Station Attribute (30), length: 12, Value: 10.1.0.254

      The thing is i got no issue with ip or dns pinging, so i can't figure out what is going wrong…

      Ideas are much welcome !

      Thanks for reading

      1 Reply Last reply Reply Quote 0
      • O
        omrom
        last edited by

        Ok, well problem solved.

        Issue was i didn't put the proper interface on pfsense cp & and nps radius client…

        Had to be all LAN, even though CP is to be used on the wifi... :P Login from AD works now.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.