captive portal auth with freeradius
Matthew Newton
mcn4 at leicester.ac.uk
Fri Apr 19 01:04:23 CEST 2013
On Thu, Apr 18, 2013 at 09:37:06PM +0530, Chitrang Srivastava wrote:
> radtest is working
> wifi authentication is also working ( configured the access point to use
> TTLS-MSCHAPv2)
ok.
> open wifi with captive portal (lightttpd) is *not * working
right.
> What I found is captive portal server is sending a non-EAP message and as
> suggested in wiki I am not using setting auth type anywhere (EAP message
> will determine automatically)
Captive portal is doing PAP. I guess you want to try and auth this
by binding to the ldap server. I've not done this recently, but I
think the following might work.
For some reason, even though
> Module: Instantiating module "ldap_secondary" from file /etc/raddb/radiusd.conf
> ldap ldap_secondary {
...
> set_auth_type = yes
...
> }
is set, it's not setting auth_type. That's clear from
> ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Try this at the bottom of the authorize {} section:
authorize {
...
# not EAP, is PAP, and no other Auth-Type set, so assume ldap
if (!EAP-Message && User-Password) {
update control {
Auth-Type = ldap_secondary
}
}
}
and then in the authenticate section:
authenticate {
Auth-Type ldap_secondary {
ldap_secondary
}
}
and see what you get. Again, post output of radiusd -X if there
are still problems (new output, not the same as last time :) ).
I don't know enough about the ldap module to know why it's not
setting Auth-Type (and too ill at present to go digging to find
out).
Cheers,
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list