09-21-2021 10:49 AM
We are trying to setup MFA on our pfsense firewalls for the webGUI for management. We would like to use a radius setup with ISE to gain access using MFA. I am able to see my authentications pass in ISE but on pFsense I don't have a user group to associate with. It states I need a local account with group privilege's but I don't have without creating a local user.
Does anyone have experience with this?
Solved! Go to Solution.
09-23-2021 06:29 AM
Hi @ejerviss
If I remember correctly you don't need a local user but you need to reference the local group in the RADIUS response on ISE with the class attribute. E.g. if you want to give the user admin rights and your local group is called admins then return RADIUS:Class equals admins
Best regards
09-23-2021 06:29 AM
Hi @ejerviss
If I remember correctly you don't need a local user but you need to reference the local group in the RADIUS response on ISE with the class attribute. E.g. if you want to give the user admin rights and your local group is called admins then return RADIUS:Class equals admins
Best regards
09-27-2021 06:12 AM
Hi @martin.fischer,
Thank you for your post, yes this option worked for me! I am now able to log in with no issues.
I also have webGUI login working with DUO MFA. I can only do PAP as my authentication type. Is that the only option? I tried MS-CHAPv2 but that didn't work. Wondering if there is another setting I need to find.
Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide