I am using Microsoft 2003 Active Directory Server , the way wifi (MSCHAPv2) works is with ntlm_auth , which does the authentication.
On Fri, Apr 19, 2013 at 06:15:09PM +0530, Chitrang Srivastava wrote:It's obvious from your debug output that
> tried what Matthew suggest , in authorize section and it worked. Whole
> issue is captive portal is sending a non-EAP message with User-Password set
> , in this case we have to set auth type as ldap.
- your LDAP module isn't setting Auth-Type for some reason
- your LDAP server isn't returning any sort of password (plain or
crypted)
and therefore you probably need to try and do that horrible hack
of binding to the LDAP server to auth. Really, Alan is right -
LDAP is not an authentication server, even though lots of people
seem to think it is.
Hence the suggestion to "fix" your problem by setting Auth-Type,
iff it has not already been set, when not doing EAP and
User-Password is supplied.
The best solution is to fixup your LDAP server to return the
crypted password back to FreeRADIUS. Like already pointed out, if
it's AD, this isn't likely to happen.
Matthew
--
Matthew Newton, Ph.D. <mcn4@le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>