LDAP server or AD , has password stored as NTLM-Hash, and that's why I set PEAP-MSCHAPv2 as auth type (finally using ntlm_auth to authenticate), All this works fine when a wifi acces point is configured to do MSCHAPv2 or even with radtest it worked.
Chitrang Srivastava wrote:So... the LDAP server is probably active directory. Or, there are
> After that it started working i.e. auth by binding to the ldap server
security settings on it which means FreeRADIUS can't read the password
from LDAP.
Which one is it?
No. That's the whole reason people use FreeRADIUS. Because it
> But my question is auth by binding to ldap server is good enough to
> authenticate ?
authenticates people. LDAP is a database, not an authentication server.
No.
> because I expected authentication via mschapv2 or gtc
> (whatever i configured) , radtest and wifi authenticate like that . I
> guess its not in control of radius since captive portal is not sending
> EAP message. Does all other captive portal server works like that with
> radius ?
Alan DeKok.