On Thu, Apr 18, 2013 at 09:37:06PM +0530, Chitrang Srivastava wrote:
radtest is working wifi authentication is also working ( configured the access point to use TTLS-MSCHAPv2)
ok.
open wifi with captive portal (lightttpd) is *not * working
right.
What I found is captive portal server is sending a non-EAP message and as suggested in wiki I am not using setting auth type anywhere (EAP message will determine automatically)
Captive portal is doing PAP. I guess you want to try and auth this by binding to the ldap server. I've not done this recently, but I think the following might work. For some reason, even though
Module: Instantiating module "ldap_secondary" from file /etc/raddb/radiusd.conf ldap ldap_secondary { ... set_auth_type = yes ... }
is set, it's not setting auth_type. That's clear from
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Try this at the bottom of the authorize {} section: authorize { ... # not EAP, is PAP, and no other Auth-Type set, so assume ldap if (!EAP-Message && User-Password) { update control { Auth-Type = ldap_secondary } } } and then in the authenticate section: authenticate { Auth-Type ldap_secondary { ldap_secondary } } and see what you get. Again, post output of radiusd -X if there are still problems (new output, not the same as last time :) ). I don't know enough about the ldap module to know why it's not setting Auth-Type (and too ill at present to go digging to find out). Cheers, Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>