LDAP server or AD , has password stored as NTLM-Hash, and that's why I set PEAP-MSCHAPv2 as auth type (finally using ntlm_auth to authenticate), All this works fine when a wifi acces point is configured to do MSCHAPv2 or even with radtest it worked.<div>
Only when access point is open and captive portal method is enabled , having issue.</div><div><br></div><div>tried what Matthew suggest , in authorize section and it worked. Whole issue is captive portal is sending a non-EAP message with User-Password set , in this case we have to set auth type as ldap. </div>
<div><br></div><div><br></div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"> if (!EAP-Message && User-Password) {</span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"> update control {</span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"> Auth-Type = ldap_secondary</span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"> }</span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"> }</span><br><br>Check <a href="http://community.arubanetworks.com/t5/Authentication-and-Access/RADIUS-vs-LDAP/m-p/23766/highlight/true#M242">http://community.arubanetworks.com/t5/Authentication-and-Access/RADIUS-vs-LDAP/m-p/23766/highlight/true#M242</a></div>
<div>Though unrelated to freeradius , I guess this is what happening for my issue.</div><div><br><div class="gmail_quote">On Fri, Apr 19, 2013 at 5:34 PM, Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com" target="_blank">aland@deployingradius.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">Chitrang Srivastava wrote:<br>
> After that it started working i.e. auth by binding to the ldap server<br>
<br>
</div> So... the LDAP server is probably active directory. Or, there are<br>
security settings on it which means FreeRADIUS can't read the password<br>
from LDAP.<br>
<br>
Which one is it?<br>
<div class="im"><br>
> But my question is auth by binding to ldap server is good enough to<br>
> authenticate ?<br>
<br>
</div> No. That's the whole reason people use FreeRADIUS. Because it<br>
authenticates people. LDAP is a database, not an authentication server.<br>
<div class="im"><br>
> because I expected authentication via mschapv2 or gtc<br>
> (whatever i configured) , radtest and wifi authenticate like that . I<br>
> guess its not in control of radius since captive portal is not sending<br>
> EAP message. Does all other captive portal server works like that with<br>
> radius ?<br>
<br>
</div> No.<br>
<span class="HOEnZb"><font color="#888888"><br>
Alan DeKok.<br>
</font></span><div class="HOEnZb"><div class="h5">-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br></div>