Hello,
After the 25.7.8 update, I can no longer connect to WiFi. I'm using freeradius and all my devices now state "Unable to connect to [WiFi Network]" when I attempt to connect. Was connected just before the update. Logs don't show any errors. All I get is: Auth: (11) Login OK: [USERNAME/<via Auth-Type = Accept>] (from client WLAN port 0 cli MAC ADDRESS) over and over again, but my client never connects or gets an IP address.
Anyone else encounter this?
Cheers
So, it turns out the culprit is in the file: /usr/local/etc/raddb/users. At the bottom of the file, there is:
DEFAULT Auth-Type := Accept
Framed-Protocol = PPP
From what I gather this appears to break EAP authentication. Commenting the lines out fixes everything.
Now, I'd be inclined to think it's a bug but I have another machine running OPNsense with FreeRadius and on that box, everything works without commenting out those lines... Only difference is that one box (the one that had the issue) is using EAP-TLS, whereas the other box is using EAP-TTLS.
Anyone have any idea what might be happening?
My guess is this is about this change in 25.7.8 in the "users" file:
https://github.com/opnsense/plugins/commit/0bcf02cab52781d236e401823b16dbc8c2de747a
If I'm reading this correctly the change enables the
DEFAULT Auth-Type := Accept
block now more than it used to. I'll let Michael know.
Cheers,
Franco
Thanks, Franco.
Hopefully it gets fixed because the file gets regenerated whenever you make changes. Not sure it'll survive a reboot either - haven't tried yet.
Cheers
opnsense-revert -r 25.7.7 os-freeradius will just revert the plugin. I'll try to fix it today.