Thanks ,<div>setting <b>set_auth_type =yes</b> still not setting Auth-Type-ldap_secondary , to solve this I followed the solution suggested in this thread </div><div><a href="http://lists.freeradius.org/pipermail/freeradius-users/2008-May/027962.html">http://lists.freeradius.org/pipermail/freeradius-users/2008-May/027962.html</a></div>
<div><br></div><div>After that it started working i.e. auth by binding to the ldap server</div><div>But my question is auth by binding to ldap server is good enough to authenticate ? because I expected authentication via mschapv2 or gtc (whatever i configured) , radtest and wifi authenticate like that . I guess its not in control of radius since captive portal is not sending EAP message. Does all other captive portal server works like that with radius ?</div>
<div><br></div><div><br></div><div><br><br><div class="gmail_quote">On Fri, Apr 19, 2013 at 4:34 AM, Matthew Newton <span dir="ltr"><<a href="mailto:mcn4@leicester.ac.uk" target="_blank">mcn4@leicester.ac.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On Thu, Apr 18, 2013 at 09:37:06PM +0530, Chitrang Srivastava wrote:<br>
> radtest is working<br>
> wifi authentication is also working ( configured the access point to use<br>
> TTLS-MSCHAPv2)<br>
<br>
</div>ok.<br>
<br>
> open wifi with captive portal (lightttpd) is *not * working<br>
<br>
right.<br>
<div class="im"><br>
> What I found is captive portal server is sending a non-EAP message and as<br>
> suggested in wiki I am not using setting auth type anywhere (EAP message<br>
> will determine automatically)<br>
<br>
</div>Captive portal is doing PAP. I guess you want to try and auth this<br>
by binding to the ldap server. I've not done this recently, but I<br>
think the following might work.<br>
<br>
For some reason, even though<br>
<br>
> Module: Instantiating module "ldap_secondary" from file /etc/raddb/radiusd.conf<br>
> ldap ldap_secondary {<br>
...<br>
> set_auth_type = yes<br>
...<br>
> }<br>
<br>
is set, it's not setting auth_type. That's clear from<br>
<br>
> ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user<br>
<br>
Try this at the bottom of the authorize {} section:<br>
<br>
<br>
authorize {<br>
<br>
...<br>
<br>
# not EAP, is PAP, and no other Auth-Type set, so assume ldap<br>
if (!EAP-Message && User-Password) {<br>
update control {<br>
Auth-Type = ldap_secondary<br>
}<br>
}<br>
}<br>
<br>
and then in the authenticate section:<br>
<br>
authenticate {<br>
Auth-Type ldap_secondary {<br>
ldap_secondary<br>
}<br>
}<br>
<br>
and see what you get. Again, post output of radiusd -X if there<br>
are still problems (new output, not the same as last time :) ).<br>
<br>
I don't know enough about the ldap module to know why it's not<br>
setting Auth-Type (and too ill at present to go digging to find<br>
out).<br>
<br>
Cheers,<br>
<div class="im HOEnZb"><br>
Matthew<br>
<br>
<br>
--<br>
Matthew Newton, Ph.D. <<a href="mailto:mcn4@le.ac.uk">mcn4@le.ac.uk</a>><br>
<br>
Systems Specialist, Infrastructure Services,<br>
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom<br>
<br>
For IT help contact helpdesk extn. 2253, <<a href="mailto:ithelp@le.ac.uk">ithelp@le.ac.uk</a>><br>
</div><div class="HOEnZb"><div class="h5">-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br></div>