On Dec 1, 2021, at 8:05 AM, Diego Forcella <diego.forcella@c2group.it> wrote:
With your suggestion I tried radtest and works correctly, I then modified using (Realm == domain1) elseif (Realm ==domain2) and it works also in this way, thank you very much for your help
That's fine.
I've another problem now, I need to use this with a captive portal that support only chap or ms-chapv2 and when a user try to login to captive portal configured with chap in freeradius log I have the error
chap: ERROR: &control:Cleartext-Password is required for authentication
or, if I set ms-chapv2 in captive portal, the error is
(1) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password (1) mschap: Creating challenge hash with username: xxx@xxx.com (1) mschap: Client is using MS-CHAPv2 (1) mschap: ERROR: FAILED: No NT/LM-Password. Cannot perform authentication (1) mschap: ERROR: MS-CHAP2-Response is incorrect
It's possible to have chap (or ms-chapv2) and ldap working in freeradius?
It's not about LDAP. It's how you store the password in LDAP. http://deployingradius.com/documents/protocols/compatibility.html Alan DeKok.