captive portal auth with freeradius
Olivier Beytrison
olivier at heliosnet.org
Wed Apr 17 15:58:18 CEST 2013
On 17.04.2013 15:37, Chitrang Srivastava wrote:
> Thanks , I am trying to MSCHAPv2 (TTLS or PEAP ) or GTC with LDAP
MSCHAPv2 with EAP-TTLS or PEAP will NOT work with LDAP. as explained
almost everywhere, and especially here :
http://deployingradius.com/documents/protocols/compatibility.html
You need a cleartext password or a NT_Hash to authenticate with MSCHAPv2.
Only EAP-GTC will work with LDAP if I'm not mistaken.
And by the way, your debug output show a request using PAP. PAP and EAP
are two completly different things, which different requirements.
> I see that rlm_ldap.c will set Auth-Type as ldap based on set_auth_type
> =yes and 3 other flags,
> tried but it didn't worked ,
> I will try from scratch
This won't change that you can't authenticate with EAP-TTLS/PEAP and
MSCHAPv2 against a LDAP directory. (Well, except if you're using Novell
eDirectory with the Central Password management, but that's another story).
Olivier
--
Olivier Beytrison
Network & Security Engineer, HES-SO Fribourg
Mail: olivier at heliosnet.org
More information about the Freeradius-Users
mailing list