Hi all, I am trying to get a captive portal working so my wireless users can enter their Windows domain credentials and get internet access.
I've been working with chilispot/hotspotlogin.cgi and/or Copspot (an implementation of chilispot for IPCOP) both of which try to do CHAP with freeradius. Chili can also just hand a clear text password through. Either approach works fine if I put users in the users file, however I can't get this to work with my AD backend. NTLM auth does work if I use WPA2, however I am trying to push users through a TOS splash page and validate their domain credentials. I hope someone can help me figure out this out. Thanks! John Here's the output of from my attempts to authenticate: Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/freeradius/freeradius.sock Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.114.0.39 port 32772, id=0, length=216 User-Name = "flyboy" CHAP-Challenge = 0xd4a3fb75001e61f38b8216844306287c CHAP-Password = 0x00fcd3e064aa8829713fc8263c5b7e8303 NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.8 Calling-Station-Id = "00-21-5C-15-6D-8B" Called-Station-Id = "00-50-DA-1A-EF-77" NAS-Identifier = "nas01" Acct-Session-Id = "4a6f716d00000000" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0x452e7d3ec37b78ce9dc2d08eb447f6c9 WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff" +- entering group authorize {...} ++[preprocess] returns ok [chap] Setting 'Auth-Type := CHAP' ++[chap] returns ok ++[mschap] returns noop [suffix] No '@' in User-Name = "flyboy", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = CHAP +- entering group CHAP {...} [chap] login attempt by "flyboy" with CHAP password [chap] Cleartext-Password is required for authentication ++[chap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> flyboy attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 0 to 10.114.0.39 port 32772 Waking up in 4.9 seconds - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html