On Fri, Apr 19, 2013 at 08:59:57PM +0530, Chitrang Srivastava wrote:
I am using Microsoft 2003 Active Directory Server , the way wifi (MSCHAPv2) works is with ntlm_auth , which does the authentication.
OK, finally the information that's needed.
The way it works with wifi or radtest is , Auth-Type is set to EAP (it refers to eap.conf ) , it goes to mschap modules(set up TLS channel and then under that) , from there its told to use external program ntlm_auth , which does the authentication and tells radius if its OK or not.
What i was trying , is to get similar way working with captive portal as well.
There's an example in raddb/modules/ntlm_auth. Configure that file, and then do something like this: authorize { ... if (!EAP-Message && User-Password) { update control { Auth-Type = PAP } } } authenticate { Auth-Type PAP { # pap <-- comment out ntlm_auth } } Then it should take your User-Name and User-Password, check them using the ntlm_auth utility rather than the pap module (the ntlm_auth "module" is just an instantiation of exec). Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>