opnsense
net/freeradius: Fallback authentication does not work
Important notices Before you add a new report, we ask you kindly to acknowledge the following:
- [x] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
- [x] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
- [x] The title contains the plugin to which this issue belongs
Describe the bug My Access-Point is set to PSK+MAC-Authentication. A valid user works correctly, but an invalid user is rejected, but Fallback Authentication is activated. The log shows this:
via PAP: Mon Oct 6 18:09:20 2025 : Auth: (617) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [xxx/xxx] (from client ap4 port 1123 cli xxx)
via CHAP: Mon Oct 6 18:09:27 2025 : Auth: (618) Login incorrect (chap: &control:Cleartext-Password is required for authentication): [xxx/<via Auth-Type = CHAP>] (from client ap3 port 1123 cli xxx)
It does not matter if another valid user is configured. Trying around I can make it work when I remove the block
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
from /usr/local/etc/raddb/users and send SIGHUP to radiusd - however I am unsure if that is the best solution.
I think my temporary solution will be to just remove that block from plugins/net/freeradius/src/opnsense/service/templates/OPNsense/Freeradius/users
Expected behavior Fallback authentication should accept unkown userse.
Additional context I have used the FreeRADIUS-plugin a couple of years ago, and the config was retained by OPNsense after the plugin was removed for a long time. Maybe this could also be related to some stale setting?
Environment Software version used and hardware type if relevant. e.g.:
OPNsense 25.7.4-amd64 freeradius-plugin 1.9.27_1
