captive portal auth with freeradius

Chitrang Srivastava chitrang.srivastava at gmail.com
Fri Apr 19 08:53:51 CEST 2013


Thanks ,
setting *set_auth_type =yes*   still not setting Auth-Type-ldap_secondary ,
to solve this I followed the solution suggested in this thread
http://lists.freeradius.org/pipermail/freeradius-users/2008-May/027962.html

After that it started working  i.e. auth by binding to the ldap server
But my question is auth by binding to ldap server is good enough to
authenticate ? because I expected authentication via mschapv2 or gtc
(whatever i configured) , radtest and wifi authenticate like that . I guess
its not in control of radius since captive portal is not sending EAP
message. Does all other captive portal server works like that with radius ?




On Fri, Apr 19, 2013 at 4:34 AM, Matthew Newton <mcn4 at leicester.ac.uk>wrote:

> On Thu, Apr 18, 2013 at 09:37:06PM +0530, Chitrang Srivastava wrote:
> > radtest is working
> > wifi authentication is also working ( configured the access point to use
> > TTLS-MSCHAPv2)
>
> ok.
>
> > open wifi with captive portal (lightttpd) is *not * working
>
> right.
>
> > What I found is captive portal server is sending a non-EAP message and as
> > suggested in wiki I am not using setting auth type anywhere  (EAP message
> > will determine automatically)
>
> Captive portal is doing PAP. I guess you want to try and auth this
> by binding to the ldap server. I've not done this recently, but I
> think the following might work.
>
> For some reason, even though
>
> >  Module: Instantiating module "ldap_secondary" from file
> /etc/raddb/radiusd.conf
> >   ldap ldap_secondary {
> ...
> >         set_auth_type = yes
> ...
> >   }
>
> is set, it's not setting auth_type. That's clear from
>
> > ERROR: No authenticate method (Auth-Type) found for the request:
> Rejecting the user
>
> Try this at the bottom of the authorize {} section:
>
>
> authorize {
>
> ...
>
>   # not EAP, is PAP, and no other Auth-Type set, so assume ldap
>   if (!EAP-Message && User-Password) {
>     update control {
>       Auth-Type = ldap_secondary
>     }
>   }
> }
>
> and then in the authenticate section:
>
> authenticate {
>   Auth-Type ldap_secondary {
>     ldap_secondary
>   }
> }
>
> and see what you get. Again, post output of radiusd -X if there
> are still problems (new output, not the same as last time :) ).
>
> I don't know enough about the ldap module to know why it's not
> setting Auth-Type (and too ill at present to go digging to find
> out).
>
> Cheers,
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130419/daa2571f/attachment-0001.html>


More information about the Freeradius-Users mailing list