captive portal auth with freeradius

Matthew Newton mcn4 at
Fri Apr 19 01:04:23 CEST 2013

On Thu, Apr 18, 2013 at 09:37:06PM +0530, Chitrang Srivastava wrote:
> radtest is working
> wifi authentication is also working ( configured the access point to use


> open wifi with captive portal (lightttpd) is *not * working


> What I found is captive portal server is sending a non-EAP message and as
> suggested in wiki I am not using setting auth type anywhere  (EAP message
> will determine automatically)

Captive portal is doing PAP. I guess you want to try and auth this
by binding to the ldap server. I've not done this recently, but I
think the following might work.

For some reason, even though

>  Module: Instantiating module "ldap_secondary" from file /etc/raddb/radiusd.conf
>   ldap ldap_secondary {
>         set_auth_type = yes
>   }

is set, it's not setting auth_type. That's clear from

> ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user

Try this at the bottom of the authorize {} section:

authorize {


  # not EAP, is PAP, and no other Auth-Type set, so assume ldap
  if (!EAP-Message && User-Password) {
    update control {
      Auth-Type = ldap_secondary

and then in the authenticate section:

authenticate {
  Auth-Type ldap_secondary {

and see what you get. Again, post output of radiusd -X if there
are still problems (new output, not the same as last time :) ).

I don't know enough about the ldap module to know why it's not
setting Auth-Type (and too ill at present to go digging to find



Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list