LDAP server or AD , has password stored as NTLM-Hash, and that's why I set PEAP-MSCHAPv2 as auth type (finally using ntlm_auth to authenticate), All this works fine when a wifi acces point is configured to do MSCHAPv2 or even with radtest it worked. Only when access point is open and captive portal method is enabled , having issue. tried what Matthew suggest , in authorize section and it worked. Whole issue is captive portal is sending a non-EAP message with User-Password set , in this case we have to set auth type as ldap. if (!EAP-Message && User-Password) { update control { Auth-Type = ldap_secondary } } Check http://community.arubanetworks.com/t5/Authentication-and-Access/RADIUS-vs-LD... Though unrelated to freeradius , I guess this is what happening for my issue. On Fri, Apr 19, 2013 at 5:34 PM, Alan DeKok <aland@deployingradius.com>wrote:
Chitrang Srivastava wrote:
After that it started working i.e. auth by binding to the ldap server
So... the LDAP server is probably active directory. Or, there are security settings on it which means FreeRADIUS can't read the password from LDAP.
Which one is it?
But my question is auth by binding to ldap server is good enough to authenticate ?
No. That's the whole reason people use FreeRADIUS. Because it authenticates people. LDAP is a database, not an authentication server.
because I expected authentication via mschapv2 or gtc (whatever i configured) , radtest and wifi authenticate like that . I guess its not in control of radius since captive portal is not sending EAP message. Does all other captive portal server works like that with radius ?
No.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html