captive portal auth with freeradius

Olivier Beytrison olivier at heliosnet.org
Wed Apr 17 15:58:18 CEST 2013


On 17.04.2013 15:37, Chitrang Srivastava wrote:
> Thanks , I am trying to MSCHAPv2 (TTLS or PEAP ) or GTC with LDAP

MSCHAPv2 with EAP-TTLS or PEAP will NOT work with LDAP. as explained
almost everywhere, and especially here :
http://deployingradius.com/documents/protocols/compatibility.html

You need a cleartext password or a NT_Hash to authenticate with MSCHAPv2.

Only EAP-GTC will work with LDAP if I'm not mistaken.

And by the way, your debug output show a request using PAP. PAP and EAP
are two completly different things, which different requirements.

> I see that rlm_ldap.c will set Auth-Type as ldap based on set_auth_type
> =yes and 3 other flags,
> tried but it didn't worked ,
> I will try from scratch

This won't change that you can't authenticate with EAP-TTLS/PEAP and
MSCHAPv2 against a LDAP directory. (Well, except if you're using Novell
eDirectory with the Central Password management, but that's another story).

Olivier
-- 

 Olivier Beytrison
 Network & Security Engineer, HES-SO Fribourg
 Mail: olivier at heliosnet.org


More information about the Freeradius-Users mailing list