What I found from wiki that we don't require to set Auth-Type freeradius will determine from request automatically , so I removed DEFAULT Auth-Type = Reject from users file , is that OK ? With this at-least radtest starts working but still request from captive portal didnt worked , What I found from radius logs this looks to be the difference *radtest* [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' *captive portal * ++[mschap] returns noop What could be missing ? On Wed, Apr 17, 2013 at 8:37 PM, Chitrang Srivastava < chitrang.srivastava@gmail.com> wrote:
But its working fine with wifi authentication ( I am using ntlm auth for MSCHAPv2 with LDAP) only issue is with when request come from captive portal ..I needto see why PAP request comes
On Wed, Apr 17, 2013 at 7:28 PM, Olivier Beytrison <olivier@heliosnet.org>wrote:
On 17.04.2013 15:37, Chitrang Srivastava wrote:
Thanks , I am trying to MSCHAPv2 (TTLS or PEAP ) or GTC with LDAP
MSCHAPv2 with EAP-TTLS or PEAP will NOT work with LDAP. as explained almost everywhere, and especially here : http://deployingradius.com/documents/protocols/compatibility.html
You need a cleartext password or a NT_Hash to authenticate with MSCHAPv2.
Only EAP-GTC will work with LDAP if I'm not mistaken.
And by the way, your debug output show a request using PAP. PAP and EAP are two completly different things, which different requirements.
I see that rlm_ldap.c will set Auth-Type as ldap based on set_auth_type =yes and 3 other flags, tried but it didn't worked , I will try from scratch
This won't change that you can't authenticate with EAP-TTLS/PEAP and MSCHAPv2 against a LDAP directory. (Well, except if you're using Novell eDirectory with the Central Password management, but that's another story).
Olivier --
Olivier Beytrison Network & Security Engineer, HES-SO Fribourg Mail: olivier@heliosnet.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html