captive portal auth with freeradius
Chitrang Srivastava
chitrang.srivastava at gmail.com
Fri Apr 19 14:45:09 CEST 2013
LDAP server or AD , has password stored as NTLM-Hash, and that's why I set
PEAP-MSCHAPv2 as auth type (finally using ntlm_auth to authenticate), All
this works fine when a wifi acces point is configured to do MSCHAPv2 or
even with radtest it worked.
Only when access point is open and captive portal method is enabled ,
having issue.
tried what Matthew suggest , in authorize section and it worked. Whole
issue is captive portal is sending a non-EAP message with User-Password set
, in this case we have to set auth type as ldap.
if (!EAP-Message && User-Password) {
update control {
Auth-Type = ldap_secondary
}
}
Check
http://community.arubanetworks.com/t5/Authentication-and-Access/RADIUS-vs-LDAP/m-p/23766/highlight/true#M242
Though unrelated to freeradius , I guess this is what happening for my
issue.
On Fri, Apr 19, 2013 at 5:34 PM, Alan DeKok <aland at deployingradius.com>wrote:
> Chitrang Srivastava wrote:
> > After that it started working i.e. auth by binding to the ldap server
>
> So... the LDAP server is probably active directory. Or, there are
> security settings on it which means FreeRADIUS can't read the password
> from LDAP.
>
> Which one is it?
>
> > But my question is auth by binding to ldap server is good enough to
> > authenticate ?
>
> No. That's the whole reason people use FreeRADIUS. Because it
> authenticates people. LDAP is a database, not an authentication server.
>
> > because I expected authentication via mschapv2 or gtc
> > (whatever i configured) , radtest and wifi authenticate like that . I
> > guess its not in control of radius since captive portal is not sending
> > EAP message. Does all other captive portal server works like that with
> > radius ?
>
> No.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130419/8efe152f/attachment.html>
More information about the Freeradius-Users
mailing list