pfSense - FreeRADIUS and 802.1x (WLAN/LAN)

Andy80 · April 3, 2021, 7:23pm

Hi Community,
i’ve my first pfSense in production right now and was looking the whole day for a solution to use FreeRADIUS on pfSense for 802.1x Authentication (UniFi AP / Controller). But i never get connected trough WiFi and in the pre-configured vLAN

i saw Tom’s RADIUS with OpenVPN youtube video… but i want to use 802.1x with DHCP and have noting found to place my requirement in pfSense… do you have something in the drawer that can be shared ?

Test Authentication (RADIUS) in pfSense is working. I see the traffic from AP to pfSense, but authentication fails
thx
Andy

neogrid · April 3, 2021, 9:09pm

I’ve got 802.1x running on my tplink access point with pfsense.

Hard to say what your problem is but you might want to double check the authentication you are using on the wifi client. For the record I use PEAP and inner authentication is MSCHAPv2.

Andy80 · April 5, 2021, 3:58pm

Hi Neogrid,
have you the topics’s what you configured to get FreeRADIUS with TPLink runnig ?
A Test SSID on my UniFi is configured as described in several documentations.
I am not sure if the binding of the AP with the Radius server is working properly and therefore no authentication is taking place. I only see the access/auth traffic from the AP to the pfSense… but I don’t get any usable response for analyse the issue.

thx and regards
Andy

neogrid · April 5, 2021, 5:30pm

Yeah with FreeRADIUS it’s abit all over the place.

At least with my setup my aim was to have a username and password to access the wifi.

Setup FreeRADIUS package on pfSense.

Now in TPLink I created a RADIUS profile with the shared secret when setting up pfSense, this allows my device to be connect with Freeradius only.

In pfSense I created my wifi users, back in TPLink when I setup my SSIDs I selected 802.1x.

That was about it.

The EAP settings affect clients connecting to the wifi say on a laptop, it can only use what the access point supports.

Perhaps you have a config error on your client would be my guess or you haven’t setup the connection between your AP and pfSense correctly.

neogrid · April 6, 2021, 4:07pm

Oh just something that came to mind, FreeRADIUS is picky on the password, try just alpha-numeric characters fewer than 31, see if that gives any progress.