I have pfsense and daloRadius(running freeRadius inside) up and running, I successfully configured radius parameters on pfSense and the NAS on daloRadius and they can talk to each other.
I am able to create users from daloRadius and authenticate them from pfSense. But when I add some attributes for bandwidth limitation or download quota limitation, authentication fails from pfSense.
Plus in spite of all the search i did, am' not able to understand clearly how radius attributes function:
- Difference between check and reply and when to use either
- also the operators being used.
Since i didn't understand clearly i tried all combinations that made sense to me but it never worked, I always get access-reject.
I added to daloRadius the pfSense radius attribute dictionary which i got from here:
VENDOR pfSense 13644
BEGIN-VENDOR pfSense
ATTRIBUTE pfSense-Bandwidth-Max-Up 1 integer
ATTRIBUTE pfSense-Bandwidth-Max-Down 2 integer
ATTRIBUTE pfSense-Max-Total-Octets 3 integer
END-VENDOR pfSense
but whenever I create a user and try using one of these attributes in either reply or check attribute, the user is not authorised when logging in, just getting access-reject with no explanations.
What am I doing wrong ?
0 Answers