FreeRadius Error - require_message_authenticator

Started by danderson, August 09, 2024, 05:02:08 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
October 18, 2024, 09:46:26 PM #15
It's merged already. Unfortunately I do not understand the code well enough to implement the client side with OPNsense as a RADIUS client. That's why I created that feature request instead.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
October 19, 2024, 05:54:49 PM #16
Our VPN IPSec service just broke today at 16:00 CEST due to Microsoft requiring the config change.
"RequireMsgAuth and/or limitProxyState configuration is in Disable mode. These settings should be configured in Enable mode for security purposes. See https://support.microsoft.com/help/5040268 to learn more."

So enabling the requirement to send RequireMsgAuth breaks the OPNsense Client - disabling it on the Windows Server NPS gives above error message.

I think a quick patch is required here!
October 19, 2024, 06:06:19 PM #17 Last Edit: October 21, 2024, 08:55:06 AM by Patrick M. Hausen
@rainerle

Please add your situation to this issue in github, then. It's not guaranteed Franco or any other Deciso developer will take notice of this thread.

https://github.com/opnsense/core/issues/7983

Thanks!
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 06, 2024, 08:51:40 AM #18
Looks I did not respond here...

Quote from: kevindd992002 on October 17, 2024, 08:14:34 AM
root@OPNsense:~ # opnsense-patch -a punktDeForks -c plugins a1f6543
fetch: https://github.com/punktDeForks/plugins/commit/a1f6543.patch: Not Found

How do I change the path to "opnsense-plugins" instead?

Since the repo is called "opnsense-plugins" just give it from the command line...

# opnsense-patch -a punktDeForks -c plugins -r opnsense-plugins a1f6543

However, there are a few bugs that I have to address for separate accounts and alternative repository names that don't match our defaults.


Cheers,
Franco
December 08, 2024, 04:06:46 PM #19
Quote from: franco on December 06, 2024, 08:51:40 AM
Looks I did not respond here...

Quote from: kevindd992002 on October 17, 2024, 08:14:34 AM
root@OPNsense:~ # opnsense-patch -a punktDeForks -c plugins a1f6543
fetch: https://github.com/punktDeForks/plugins/commit/a1f6543.patch: Not Found

How do I change the path to "opnsense-plugins" instead?

Since the repo is called "opnsense-plugins" just give it from the command line...

# opnsense-patch -a punktDeForks -c plugins -r opnsense-plugins a1f6543

However, there are a few bugs that I have to address for separate accounts and alternative repository names that don't match our defaults.


Cheers,
Franco
Got it. So don't use that method for now?

Sent from my SM-S916B using Tapatalk

December 12, 2024, 09:58:58 AM #20
> Got it. So don't use that method for now?

You can use it correctly with the proper command line switches. It's just the shortcuts that don't work very well. Remember, the scope for opnsense-patch is OPNsense@GitHub where everything works.


Cheers,
Franco
Print
Go Up Pages 1 2
User actions