(Solved?) Freeradius - can't connect to WiFi after 25.7.8 update

[whatever]

Hello,

After the 25.7.8 update, I can no longer connect to WiFi. I'm using freeradius and all my devices now state "Unable to connect to [WiFi Network]" when I attempt to connect. Was connected just before the update. Logs don't show any errors. All I get is: Auth: (11) Login OK: [USERNAME/<via Auth-Type = Accept>] (from client WLAN port 0 cli MAC ADDRESS) over and over again, but my client never connects or gets an IP address.

Anyone else encounter this?

Cheers

[whatever]

So, it turns out the culprit is in the file: /usr/local/etc/raddb/users. At the bottom of the file, there is:

DEFAULT Auth-Type := Accept
       Framed-Protocol = PPP

From what I gather this appears to break EAP authentication. Commenting the lines out fixes everything.

Now, I'd be inclined to think it's a bug but I have another machine running OPNsense with FreeRadius and on that box, everything works without commenting out those lines... Only difference is that one box (the one that had the issue) is using EAP-TLS, whereas the other box is using EAP-TTLS.

Anyone have any idea what might be happening?

[franco]

My guess is this is about this change in 25.7.8 in the "users" file:

https://github.com/opnsense/plugins/commit/0bcf02cab52781d236e401823b16dbc8c2de747a

If I'm reading this correctly the change enables the

DEFAULT Auth-Type := Accept

block now more than it used to.  I'll let Michael know.


Cheers,
Franco

[whatever]

Thanks, Franco.

Hopefully it gets fixed because the file gets regenerated whenever you make changes. Not sure it'll survive a reboot either - haven't tried yet.

Cheers

 

[mimugmail]

opnsense-revert -r 25.7.7 os-freeradius will just revert the plugin. I'll try to fix it today.

[whatever]

Awesome, thanks!

[andymac1]

Just to say I had same issue.  But the default accept let any device connect to the WiFi.  I got some new Christmas lights and they didn't need to be added to freradius.  I reverted to pre-upgrade snapshot and then found this thread.

Andy

[franco]

https://github.com/opnsense/plugins/issues/5050#issuecomment-3591354876

[mimugmail]

Thx Franco :)

[caplam]

I have updated to 25.7.8
Freeradius version is 1.9.28
My wifi clients connect just fine on the right vlan.
wifi : unifi with radius mac authentication
If it can help.

[TechnologyGeek]

I had the same issue after upgrading to 25.7.8, and for some reason unbound DNS wasn't working correctly. If I rebooted my network would come up, my Firestick would get to the homepage, sound would play automatically, and then it would all start dropping off again. Hulu and other apps wouldn't load, then the 'Home is not available, check your network settings' message on the Firestick. Same issue on my hardwired LAN PC. I started migrating to DNSMasq based on reading what some users were saying, and I was having issues getting it working correctly. I'm using TLS via Quad9 with unbound, and I setup the query forward to DNSMasq, configured everything, but was still having issues getting leases assigned with DNSMasq. I could NSlookup, Signal and some apps were working fine on my wired PC, but I couldn't ping out. I didn't want to mess with it anymore as my wife was home from work and wanted to watch Stranger things, so I restored my backup config from July of this year and the issue was completely resolved. Still using unbound with ISC DHCP and am on the 25.7.8 update. The funny thing is that the reason I restored that config was to start over working on the DNSMasq migration thinking I screwed a step up. I wasn't expecting the config restore to resolve the problem that started when I updated. Definitely something getting messed up from the upgrade, putting my old config files back resolved.