PFSense - Radius Authentication using FreeRadius

PFSense - Radius Authentication using FreeRadius

Jun 17, 2022 - 08:58
 0  751
PFSense - Radius Authentication using FreeRadius
PFSense - Radius Authentication using FreeRadius

PFSense - Radius Authentication using FreeRadius

Would you like to learn how to configure the PFsense firewall to use Freeradius as the authentication server?In this tutorial, we are going to show you how to authenticate PFSense users using a Freeradius server isntalled on a computer running Ubuntu Linux.

• Pfsense 2.4.4-p3
• Ubuntu 18
• Ubuntu 19

Tutorial FreeRadius - Installation on Ubuntu Linux

• IP - 192.168.15.10.
• Operacional System - Ubuntu 19
• Hostname - UBUNTU

On the Linux console, use the following commands to install the FreeRadius service.Copy to Clipboard1

apt-get update
apt-get install freeradius

Now, we need to add FreeRadius clients to the clients.conf;.

Locate and edit the clients.conf. Copy to Clipboard1

locate clients.conf
vi /etc/freeradius/3.0/clients.conf

Add the following lines at the end of the clients.conf file.

client PFSENSE {
ipaddr = 192.168.15.11
secret = kamisama123
}

In our example, we are adding 2 client devices:

The first device was named PFSENSE and has the IP address 192.168.15.11.

Now, we need to add FreeRadius users to the USERS configuration file.

Locate and edit the Freeradius users configuration file.

locate freeradius | grep users
vi /etc/freeradius/3.0/users

The first device was named PFSENSE and has the IP address 192.168.15.11.

admin Cleartext-Password := "123qwe.."
Class = "pfsense-admin"

Restart the Freeradius server.Copy to Clipboard1

service freeradius restart

Test your radius server configuration file.Copy to Clipboard1

freeradius -CX

You have finished the Freeradius installation on Ubuntu Linux.

PFSense - Radius Authentication on FreeRadius

Open a browser software, enter the IP address of your Pfsense firewall and access web interface.

In our example, the following URL was entered in the Browser:

• https://192.168.15.11

The Pfsense web interface should be presented.Pfsense login

On the prompt screen, enter the Pfsense Default Password login information.

• Username: admin
• Password: pfsense

After a successful login, you will be sent to the Pfsense Dashboard.Pfsense dashboard

Access the Pfsense System menu and select the User manager option.pfsense user manager menu

On the User manager screen, access the Authentications servers tab and click on the Add button.pfsense authentication servers

On the Server settings area, perform the following configuration:

• Description name: RADIUS
• Type: RADIUSpfsense freeradius

On the RADIUS Server settings area, perform the following configuration:

• Protocol  - PAP
• Hostname or IP address - 192.168.15.10
• Shared Secret - The Radius Client shared secret (kamisama123)
• Services Offered - Authentication and Accounting
• Authentication Port - 1812
• Acconting Port -  1813
• Authentication Timeout - 5

You need to change IP address of the Radius server.

You need to change the Shared secret to reflect your Radius client shared secret.pfsense radius server settings

Click on the Save button to finish the configuration.

In our example, we configured the Radius server authentication on the PFSense firewall.

PFSense - Testing FreeRadius Authentication

Access the Pfsense Diagnostics menu and select the Authentication option.pfsense diagnostics authentication

Select the RADIUS authentication server.

Enter the Admin username, its password and click on the Test button.Pfsense Freeradius authentication test

If your test succeeds, you should see the following message.pfsense active directory login test

Congratulations! Your PFsense Radius server authentication on FreeRaadius was sucessfully configured.

PFSense - FreeRadius Group Permission

Access the Pfsense System menu and select the User manager option.pfsense user manager menu

On the User manager screen, access the Groups tab and click on the Add button.pfsense group manager

On the Group creation screen, perform the following configuration:

• Group name - pfsense-admin
• Scope - Remote
• Description - FreeRadius group

Click on the Save button, you will be sent back to the Group configuration screen.pfsense freeradius group

Now, you need to edit the permissions of the pfsense-admin group.

On the pfsense-admin group properties, locate the Assigned Privileges area and click on the Add button.

On the Group privilege area, perform the following configuration:

• Assigned privileges - WebCfg - All pagespfsense active directory group permission

Click on the Save button to finish the configuration.

PFSense - Enable the Radius Authentication

Access the Pfsense System menu and select the User manager option.pfsense user manager menu

On the User manager screen, access the Settings tab.pfsense authentication settings menu

On the Settings screen, select the Radius authentication server.

Click on the Save and test button.pfsense enable radius authentication freeradius

After finishing your configuration, you should log off the Pfsense web interface.

Try to login using the admin user and the password from the Freeradius database.

On the login screen, use the admin user and the password from the FreeRadius database.

• Username: admin
• Password: Enter the FreeRadius password.Pfsense login

Congratulations! You have configured the PFSense authentication to use the FreeRadius database.

like

dislike

love

funny

angry

sad

wow