OK, now it's working with NDS Radius on Win2008R2 and radius settings directly in Captive Portal.
I think the problem was simply a "too strong"/too long shared secret with non standard characters such as @, commas and others... maybe encoding problems?? Now I deleted some of that characters from the shared secret and everything is working. (anyway I'm using : \ / and others...) My Win2008R2 RADIUS config for future reference if someone will need it: ------------------------------ - Added network access policy role with con servizio Network policy server service. - New radius client: pfSense - <ip_of_your_pfsense>, shared secret - Connection request policy: New -> pfSense Conditions: IPv4 client address - 192.168.0.246 - Network policy: New -> PFSense Captive Portal Condition 1: Users group - DOMAIN\ADGroup Condition 2: NAS Identifier - pfsense.localdomain (as you entered in pfsense initial wizard) Condition 3: NAS port type - Ethernet Protocol: MSCHAPv2 In the "Network policy server" service properties, enter only RADIUS standard port 1812 (connection) and 1813 (accounting), and delete any other port. Stop and restart the service. ---------------------------------- Captive portal side config: Services -> Captive portal -> New Zone: WIFIMOBI Description: WIFIMOBI Enable Captive Portal Interfaces: WIFIMOBI Authentication: RADIUS Autentication - MSCHAPv2 Primary RADIUS server: <your_win2008_ip> RADIUS NAS IP attribute: <your_pfsense_ip_on_the_lan_side> Shared Secret: same as on server :) Cheers, Nick -- +---------------------+ | Linux User #554252 | +---------------------+ _______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
