Have done a clean install of the FreeRADIUS package on pfSense 24.11. What I noticed was that I needed to:
To enable FreeRADIUS, put the following line in /etc/rc.conf
radiusd_enable="YES"
So the question is, how precisely do I do this ? If I navigate to the shell and enter /etc/rc.conf I get permission denied for the root user.
All that setting does is tell the OS that the service can be started and stopped. If is not set then the service has to be started with onestart. I’m almost certain they are doing that during the installation. Are you having issues starting the service?
Exactly.
The service won’t start on reboot, when added to the Watchdog service or when manually through the GUI.
The complete message after the package installation was:
To enable FreeRADIUS, put the following line in /etc/rc.conf
radiusd_enable="YES"
The sample configuration can be found at
/usr/local/share/examples/freeradius/raddb
If you are upgrading FreeRADIUS, you are advised to use this as a reference
for updating your configuration.
FreeRADIUS will look for its configuration directory at
/usr/local/etc/raddb by default.
If you did not already have a configuration at this location, the sample
configuration has been copied to this location and has been bootstrapped.
If you wish to point FreeRADIUS to a configuration at a different
location, put the following line in /etc/rc.conf
radiusd_flags="-d /path/to/raddb"
To start the server in normal (daemon) mode, run:
/usr/local/etc/rc.d/radiusd start
and to stop the server, run:
/usr/local/etc/rc.d/radiusd stop
To start the server in debugging mode, run:
/usr/local/etc/rc.d/radiusd debug
You are advised to make cautious changes to the configuration, and to test
frequently, using debugging mode where necessary. Try to resist the
temptation to disable or delete things that you don't understand - you may
well break things!
Useful configuration advice can be found in the FreeRADIUS Wiki at
http://wiki.freeradius.org
=====
Message from pfSense-pkg-freeradius3-0.15.13:
The FreeRADIUS config looks like this:
/usr/local/etc/raddb/radiusd.conf
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
name = radiusd
confdir = ${raddbdir}
modconfdir = ${confdir}/mods-config
certdir = ${confdir}/certs
cadir = ${confdir}/certs
run_dir = ${localstatedir}/run
db_dir = ${raddbdir}
libdir = /usr/local/lib/freeradius-3.2.6
pidfile = ${run_dir}/${name}.pid
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
hostname_lookups = no
regular_expressions = yes
extended_expressions = yes
log {
destination = syslog
colourise = yes
file = ${logdir}/radius.log
syslog_facility = daemon
stripped_names = no
auth = yes
auth_badpass = no
auth_goodpass = no
msg_goodpass = ""
msg_badpass = ""
msg_denied = "You are already logged in - access denied"
}
checkrad = ${sbindir}/checkrad
security {
allow_core_dumps = no
max_attributes = 200
reject_delay = 1
status_server = no
# Disable this check since it may not be accurate due to how FreeBSD patches OpenSSL
allow_vulnerable_openssl = yes
}
$INCLUDE clients.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_queue_size = 65536
max_requests_per_server = 0
auto_limit_acct = no
}
modules {
$INCLUDE ${confdir}/mods-enabled/
}
instantiate {
exec
expr
expiration
logintime
### Dis-/Enable sql instatiate
#sql
daily
weekly
monthly
forever
}
policy {
$INCLUDE policy.d/
}
$INCLUDE sites-enabled/
I have a feeling this package might be broken, though others will have surely come across it too.
You should create a bug report with all this information.
If I don’t post it to the pfsense forum then I might look in to running RADIUS on the TP-Link Omada controller, I see it has an option now for it. I’m hoping thought it will be addressed in the next package update after 24.11.