RADIUS WITH WINDOWS NPS

Started by My_Network, November 16, 2024, 03:06:25 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 16, 2024, 03:06:25 AM
Hi,

I'm having an issue setting up RADIUS authentication using Windows Server NPS as the authentication server. I've followed all the relevant guides and documentation I could find on the topic, even those meant for pfSense. Despite that, something still seems to be wrong.

The networking side is working as expected—my firewall is communicating correctly with the server. When I use the tester, I get a response from the server that's somewhat positive. It contains gibberish but includes the correct Class tag reading "admin," which was created and assigned the gui\all page permissions. This was copied from the default "admins" group.

The reason I say it's only kind of working is that when I try logging in with the user, I get the error: "No page assigned to this user! Click here to log out." However, if I change the Class value in NPS to something other than "admin," the same issue occurs. It's as if the system isn't interpreting the Class value correctly.

Does anyone have ideas on what could help resolve this?

Thank you,

Nick
November 29, 2024, 09:43:06 PM #1
You got further than I did. Did you add any RADIUS attributes to your network policy? I can't get my authentication requests from OPNsense to match my policy, and I'm using the same two conditions that are working on a couple of Juniper and Arista policies (User Groups and Client Friendly Name).
November 29, 2024, 09:56:00 PM #2
hm, I removed the User Groups condition and re-added it and now the NPS log shows access granted, but my OPNsense tester still shows failed. I think it's not understanding the server's response. The System General log shows "Radius unexpected response:"
November 29, 2024, 11:16:09 PM #3
QuoteThe reason I say it's only kind of working is that when I try logging in with the user, I get the error: "No page assigned to this user! Click here to log out."

I finally got this working. Pro tip: don't copy an existing rule. Even if all the settings look correct, it doesn't work until the rule is created.

I finally got the same error as you. On the NPS policy Settings tab, instead of Class = admins, try Class = CN=admins. This worked for me.
Print
Go Up Pages1
User actions