captive portal auth with freeradius
Matthew Newton
mcn4 at leicester.ac.uk
Fri Apr 19 18:26:28 CEST 2013
On Fri, Apr 19, 2013 at 08:59:57PM +0530, Chitrang Srivastava wrote:
> I am using Microsoft 2003 Active Directory Server , the way wifi (MSCHAPv2)
> works is with ntlm_auth , which does the authentication.
OK, finally the information that's needed.
> The way it works with wifi or radtest is , Auth-Type is set to EAP (it
> refers to eap.conf ) , it goes to mschap modules(set up TLS channel and
> then under that) , from there its told to use external program ntlm_auth ,
> which does the authentication and tells radius if its OK or not.
>
> What i was trying , is to get similar way working with captive portal as
> well.
There's an example in raddb/modules/ntlm_auth. Configure that
file, and then do something like this:
authorize {
...
if (!EAP-Message && User-Password) {
update control {
Auth-Type = PAP
}
}
}
authenticate {
Auth-Type PAP {
# pap <-- comment out
ntlm_auth
}
}
Then it should take your User-Name and User-Password, check them
using the ntlm_auth utility rather than the pap module (the
ntlm_auth "module" is just an instantiation of exec).
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list