Hi Alan, Thank you for your reply and your advices. It works now. Cordialement, *Benjamin Dupalut* Administrateur système et réseau Service des Moyens Informatiques Généraux (SMIG) ESIEE Paris 2 bd Blaise Pascal - 93162 Noisy-le-Grand Cedex T : +33 1 45 92 66 17 benjamin.dupalut@esiee.fr www.esiee.fr / www.cci-paris-idf.fr 2018-02-28 19:02 GMT+01:00 Alan DeKok <aland@deployingradius.com>:
On Feb 28, 2018, at 12:53 PM, DUPALUT, Benjamin <benjamin.dupalut@esiee.fr> wrote:
I'm using a pfsense server as captive portal to authenticate users on my WiFi network. The captive portal is set to interrogate my freeradius server.
My freeradius server can already authenticate users via my AD using winbind. I also need local account (via "users" file) to create some temporary "WiFi" account for guests.
How do you decide which one to use?
My problem is that it seems that when freeradius receive an mschap request, it only interrogate the AD and do not check the local "users" file :
Because you configured it to do that...
*Radtest output :*
Don't post that. Read this: http://wiki.freeradius.org/list-help
*freeradius -X output :*
With lots and lots of blank space, and debug output which is massively reformatted and unreadable.
The short answer is that if you set a "known good" password for the user, and tell it to *not* use NTLM-Auth:
bob Cleartext-Password := "password", MS-CHAP-Use-NTLM-Auth := no
Then the MS-CHAP module will do that.
This is documented in the comments in raddb/mods-available/mschap. Please read that for further information.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html