Re: [pfSense] Captive portal and RADIUS authentication
On 07/10/2014 07:20 PM, Mathieu Simon (Lists) wrote: > I guess since if you have an NPS up and running that it's better to try > this route. Are you positive that you entered the hostname or IP, port > and shared secret in Service: Captive portal: ? > > I'm asking since youre initial error message with PAP told you so. > > You mention configuring RADIUS in User management -> Servers. In my > understanding this can be used for admin access, VPN etc, but captive > portal is independent. That's why there are the fields in the captive > portal to use RADIUS and then place to put the IP/port/shared secret. > Yes, that's correct. I first configured RADIUS settings in User management->Server, just for testing purposes, because this allows me to be tested with Diagnostics -> Authentication. Then, since I saw that was working, so I had the confirm that RADIUS was working correctly, I removed radius config from there and entered the same settings in Services -> Captive Portal. Doing so, I had the previoulsly described issues... Thanks, N ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Captive portal and RADIUS authentication
Hi Nicola Am 10.07.2014 12:31, schrieb Nicola Ferrari (#554252): > I tried to config the internal freeradius2 package with ldap to > interface with the win2008ad, but it doesn't seem to work. Because it cannot verify passwords in LDAP as AD doesn't store passwords in plaintext which is what FreeRADIUS would do against a LDAP server. If you have a standalone RADIUS server on BSD/Linux you have to use Samba and let FreeRADIUS check the passwords with 'ntlm_auth', which is part of Samba. I guess Brian is using FreeRADIUS locally with a local user database, that should work as is. Since FR with AD is one of the most-asked questions on, the FR developers have made pretty comprehensive howtos for that precise use-case. (freeradius.org wiki and Alan Dekok's deployingradius.com) I don't thinkg installing a full-blown Samba on pfSense is what you want (there is no binary Samba package for pfSense either) > could you please explain me your config? I guess since if you have an NPS up and running that it's better to try this route. Are you positive that you entered the hostname or IP, port and shared secret in Service: Captive portal: ? I'm asking since youre initial error message with PAP told you so. You mention configuring RADIUS in User management -> Servers. In my understanding this can be used for admin access, VPN etc, but captive portal is independent. That's why there are the fields in the captive portal to use RADIUS and then place to put the IP/port/shared secret. In fact I configured a pfSense box to authenticate admins against an existing AD so they don't get used to login as root. (and if someone breaks things we know who it was, not just admin/root) - and that was simply by using LDAP authentication, not extra RADIUS required in this case. Hope that helps a little -- Mathieu --- Diese E-Mail ist frei von Viren und Malware, denn der avast! Antivirus Schutz ist aktiv. http://www.avast.com ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Captive portal and RADIUS authentication
I tried to config the internal freeradius2 package with ldap to interface with the win2008ad, but it doesn't seem to work. could you please explain me your config? N Il 09/07/2014 19:20, Brian Caouette ha scritto: I use the internal radius server with captive portal and it works great. Have you tried that or do you need external? I'm not familiar with the errors you mention so I can't comment much there. I'm also not on the new 2.1.4 yet. -- +-+ | Linux User #554252 | +-+ ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Captive portal and RADIUS authentication
I use the internal radius server with captive portal and it works great. Have you tried that or do you need external? I'm not familiar with the errors you mention so I can't comment much there. I'm also not on the new 2.1.4 yet. I just attempted that update remotely and the box never came back online so I'll have to see what happen when I get home tonight. That's the one thing I find annoying with updates. They take forever and don't always come up and when they do there's always package issues. I've seen this on two different hardware setups now. Other then that pfSense once setup is amazing! On 7/9/2014 12:47 PM, Nicola Ferrari (#554252) wrote: Just send this also on PFSense.org forum, but I'm new to PFSense and also it's community, so don't know if users are usually the same ;) Anyway Hi everybody. I'm Italian so please sorry for my poor english. I just set up a new PFSense 2.1.4. I'm trying to use RADIUS Auth for the Captive portal. Captive Portal with Local Auth is working fine. I set up RADIUS Role on my Win2008R2 DC . It's working. If I add the server in "User management -> Servers" and then try with "Diagnostics -> Authentication" I can see the authentication attempt in my Windows Event Viewer, and PFSense says "User authenticated succesfully" But if I try to use RADIUS in Captive portal configuration: - with PAP auth I get a red message in the captive portal page after authentication "Error sending request. No RADIUS server specified" and on the top of the page something such a PHP error: "Warning: invalid argument supplied for foreach in /usr/local/captiveportal/radius_authentication.inc line 87 - with MSCHAPv2 auth I get a blank page with the PHP error, plus information about memory allocation "Fatal error. Allowed memory size of 268435856 bytes exhausted (tried to allocate 4294967295 bytes) in /etc/inc/radius.inc line 446. Where is my mistake? Thanks! Nick ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Captive portal and RADIUS authentication
Just send this also on PFSense.org forum, but I'm new to PFSense and also it's community, so don't know if users are usually the same ;) Anyway Hi everybody. I'm Italian so please sorry for my poor english. I just set up a new PFSense 2.1.4. I'm trying to use RADIUS Auth for the Captive portal. Captive Portal with Local Auth is working fine. I set up RADIUS Role on my Win2008R2 DC . It's working. If I add the server in "User management -> Servers" and then try with "Diagnostics -> Authentication" I can see the authentication attempt in my Windows Event Viewer, and PFSense says "User authenticated succesfully" But if I try to use RADIUS in Captive portal configuration: - with PAP auth I get a red message in the captive portal page after authentication "Error sending request. No RADIUS server specified" and on the top of the page something such a PHP error: "Warning: invalid argument supplied for foreach in /usr/local/captiveportal/radius_authentication.inc line 87 - with MSCHAPv2 auth I get a blank page with the PHP error, plus information about memory allocation "Fatal error. Allowed memory size of 268435856 bytes exhausted (tried to allocate 4294967295 bytes) in /etc/inc/radius.inc line 446. Where is my mistake? Thanks! Nick ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
