captive portal auth with freeradius

Chitrang Srivastava chitrang.srivastava at
Fri Apr 19 17:29:57 CEST 2013

I am using Microsoft 2003 Active Directory Server , the way wifi (MSCHAPv2)
works is with ntlm_auth , which does the authentication.
 - your LDAP module isn't setting Auth-Type for some reason
  This is happening because of
   and if I do the way its suggested , Auth Type get set to ldap_secondary.
   If this works, how this is going to solved because what I saw that it
still doesn't do mschapv2.

The way it works with wifi or radtest is , Auth-Type is set to EAP (it
refers to eap.conf ) , it goes to mschap modules(set up TLS channel and
then under that) , from there its told to use external program ntlm_auth ,
which does the authentication and tells radius if its OK or not.

What i was trying , is to get similar way working with captive portal as

On Fri, Apr 19, 2013 at 7:29 PM, Matthew Newton <mcn4 at>wrote:

> On Fri, Apr 19, 2013 at 06:15:09PM +0530, Chitrang Srivastava wrote:
> > tried what Matthew suggest  , in authorize section and it worked. Whole
> > issue is captive portal is sending a non-EAP message with User-Password
> set
> > , in this case we have to set auth type as ldap.
> It's obvious from your debug output that
>  - your LDAP module isn't setting Auth-Type for some reason
>  - your LDAP server isn't returning any sort of password (plain or
>    crypted)
> and therefore you probably need to try and do that horrible hack
> of binding to the LDAP server to auth. Really, Alan is right -
> LDAP is not an authentication server, even though lots of people
> seem to think it is.
> Hence the suggestion to "fix" your problem by setting Auth-Type,
> iff it has not already been set, when not doing EAP and
> User-Password is supplied.
> The best solution is to fixup your LDAP server to return the
> crypted password back to FreeRADIUS. Like already pointed out, if
> it's AD, this isn't likely to happen.
> Matthew
> --
> Matthew Newton, Ph.D. <mcn4 at>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
> For IT help contact helpdesk extn. 2253, <ithelp at>
> -
> List info/subscribe/unsubscribe? See
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list