captive portal auth with freeradius

Chitrang Srivastava chitrang.srivastava at gmail.com
Thu Apr 18 12:07:30 CEST 2013


What I found from wiki that we don't require to set Auth-Type  freeradius
will determine from request automatically , so I removed
DEFAULT Auth-Type = Reject from users file , is that OK ?

With this at-least radtest starts working
but still request from captive portal didnt worked , What I found from
radius  logs this looks to be the difference

*radtest*
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
*captive portal *
++[mschap] returns noop

What could be missing ?

On Wed, Apr 17, 2013 at 8:37 PM, Chitrang Srivastava <
chitrang.srivastava at gmail.com> wrote:

> But its working fine with wifi authentication ( I am using ntlm auth for
> MSCHAPv2 with LDAP) only issue is with when request come from captive
> portal ..I needto see why PAP request comes
>
>
> On Wed, Apr 17, 2013 at 7:28 PM, Olivier Beytrison <olivier at heliosnet.org>wrote:
>
>> On 17.04.2013 15:37, Chitrang Srivastava wrote:
>> > Thanks , I am trying to MSCHAPv2 (TTLS or PEAP ) or GTC with LDAP
>>
>> MSCHAPv2 with EAP-TTLS or PEAP will NOT work with LDAP. as explained
>> almost everywhere, and especially here :
>> http://deployingradius.com/documents/protocols/compatibility.html
>>
>> You need a cleartext password or a NT_Hash to authenticate with MSCHAPv2.
>>
>> Only EAP-GTC will work with LDAP if I'm not mistaken.
>>
>> And by the way, your debug output show a request using PAP. PAP and EAP
>> are two completly different things, which different requirements.
>>
>> > I see that rlm_ldap.c will set Auth-Type as ldap based on set_auth_type
>> > =yes and 3 other flags,
>> > tried but it didn't worked ,
>> > I will try from scratch
>>
>> This won't change that you can't authenticate with EAP-TTLS/PEAP and
>> MSCHAPv2 against a LDAP directory. (Well, except if you're using Novell
>> eDirectory with the Central Password management, but that's another
>> story).
>>
>> Olivier
>> --
>>
>>  Olivier Beytrison
>>  Network & Security Engineer, HES-SO Fribourg
>>  Mail: olivier at heliosnet.org
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130418/b9cfc6b6/attachment.html>


More information about the Freeradius-Users mailing list