On Fri, Apr 19, 2013 at 10:42:04PM +0530, Chitrang Srivastava wrote:
> Ok I will try that out, ntlm_auth module is already configured and works
> for radtest and wifi.
In the mschap/eap modules using mschap keys.
> So ntlm_auth with captive portal , is that the way to go , as told by you
> ? All
Ok I will try that out, ntlm_auth module is already configured and works
for radtest and wifi.
So ntlm_auth with captive portal , is that the way to go , as told by you
? All other captive portal portal server we have to do like that ?
On Fri, Apr 19, 2013 at 9:56 PM, Matthew Newton wrote:
> O
On Fri, Apr 19, 2013 at 08:59:57PM +0530, Chitrang Srivastava wrote:
> I am using Microsoft 2003 Active Directory Server , the way wifi (MSCHAPv2)
> works is with ntlm_auth , which does the authentication.
OK, finally the information that's needed.
> The way it works with wifi or radtest is , Aut
I am using Microsoft 2003 Active Directory Server , the way wifi (MSCHAPv2)
works is with ntlm_auth , which does the authentication.
- your LDAP module isn't setting Auth-Type for some reason
This is happening because of
http://lists.freeradius.org/pipermail/freeradius-users/2008-May/027962.html
On Fri, Apr 19, 2013 at 06:15:09PM +0530, Chitrang Srivastava wrote:
> tried what Matthew suggest , in authorize section and it worked. Whole
> issue is captive portal is sending a non-EAP message with User-Password set
> , in this case we have to set auth type as ldap.
It's obvious from your deb
LDAP server or AD , has password stored as NTLM-Hash, and that's why I set
PEAP-MSCHAPv2 as auth type (finally using ntlm_auth to authenticate), All
this works fine when a wifi acces point is configured to do MSCHAPv2 or
even with radtest it worked.
Only when access point is open and captive portal
Chitrang Srivastava wrote:
> After that it started working i.e. auth by binding to the ldap server
So... the LDAP server is probably active directory. Or, there are
security settings on it which means FreeRADIUS can't read the password
from LDAP.
Which one is it?
> But my question is auth
Thanks ,
setting *set_auth_type =yes* still not setting Auth-Type-ldap_secondary ,
to solve this I followed the solution suggested in this thread
http://lists.freeradius.org/pipermail/freeradius-users/2008-May/027962.html
After that it started working i.e. auth by binding to the ldap server
But
On Thu, Apr 18, 2013 at 09:37:06PM +0530, Chitrang Srivastava wrote:
> radtest is working
> wifi authentication is also working ( configured the access point to use
> TTLS-MSCHAPv2)
ok.
> open wifi with captive portal (lightttpd) is *not * working
right.
> What I found is captive portal server
Attaching
Auth Type is MSCHAPv2 (TTLS)
Data source is on LDAP
radtest is working
wifi authentication is also working ( configured the access point to use
TTLS-MSCHAPv2)
open wifi with captive portal (lightttpd) is *not * working
What I found is captive portal server is sending a non-EAP message an
Chitrang Srivastava wrote:
> debug log are attched in earlier reply, Please see
No, they're not.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
debug log are attched in earlier reply, Please see
On Thu, Apr 18, 2013 at 6:49 PM, Alan DeKok wrote:
> Chitrang Srivastava wrote:
> > What I found from wiki that we don't require to set Auth-Type
> > freeradius will determine from request automatically , so I removed
> > DEFAULT Auth-Type = Rej
Chitrang Srivastava wrote:
> What I found from wiki that we don't require to set Auth-Type
> freeradius will determine from request automatically , so I removed
> DEFAULT Auth-Type = Reject from users file , is that OK ?
>
> With this at-least radtest starts working
> but still request from cap
What I found from wiki that we don't require to set Auth-Type freeradius
will determine from request automatically , so I removed
DEFAULT Auth-Type = Reject from users file , is that OK ?
With this at-least radtest starts working
but still request from captive portal didnt worked , What I found f
But its working fine with wifi authentication ( I am using ntlm auth for
MSCHAPv2 with LDAP) only issue is with when request come from captive
portal ..I needto see why PAP request comes
On Wed, Apr 17, 2013 at 7:28 PM, Olivier Beytrison wrote:
> On 17.04.2013 15:37, Chitrang Srivastava wrote:
>
On 17.04.2013 15:37, Chitrang Srivastava wrote:
> Thanks , I am trying to MSCHAPv2 (TTLS or PEAP ) or GTC with LDAP
MSCHAPv2 with EAP-TTLS or PEAP will NOT work with LDAP. as explained
almost everywhere, and especially here :
http://deployingradius.com/documents/protocols/compatibility.html
You n
Thanks , I am trying to MSCHAPv2 (TTLS or PEAP ) or GTC with LDAP
I see that rlm_ldap.c will set Auth-Type as ldap based on set_auth_type
=yes and 3 other flags,
tried but it didn't worked ,
I will try from scratch
On Wed, Apr 17, 2013 at 6:24 PM, Olivier Beytrison wrote:
> On 17.04.2013 14:32, C
hi,
from the output:
[ldap_secondary] rlm_ldap: performing user authorization for symbol
[ldap_secondary]expand: (sAMAccountName=%{Stripped-User-Name}) ->
(sAMAccountName=symbol)
[ldap_secondary]expand: cn=Users,DC=MotorolaSymbol,dc=local ->
cn=Users,DC=MotorolaSymbol,dc=local
Hi,
>I am facing a issue that captive portial server is sending a auth request
>which is not a EAP message and hence freeradius server is rejecting , it
>goes to users file and found the last line Auth-Type: Reject
send output of 'radiusd -X' - things will be quite clear in that so w
On 17.04.2013 14:32, Chitrang Srivastava wrote:
> I am using LDAP server as datasource
> Attaching logs
>
You're doing PAP against LDAP.
This is the ONLY situation where Auth-Type should be set to ldap
looking at modules/ldap, we have
#
# By default, if the packet contains a U
I am using LDAP server as datasource
Attaching logs
On Wed, Apr 17, 2013 at 5:58 PM, Russell Mike wrote:
> Hi,
>
> Can you please revise your question and put it in better way, i am not
> clear, do some more typing. if captive portal (NAS) is CoovaChilli, this
> works for me.
>
> HS_RAD_PROTO
Hi,
Can you please revise your question and put it in better way, i am not
clear, do some more typing. if captive portal (NAS) is CoovaChilli, this
works for me.
HS_RAD_PROTO=pap
Thanks / Regards
On Wed, Apr 17, 2013 at 11:51 AM, Chitrang Srivastava <
chitrang.srivast...@gmail.com> wrote:
>
On Wed, Apr 17, 2013 at 05:21:32PM +0530, Chitrang Srivastava wrote:
> I am facing a issue that captive portial server is sending a auth request
> which is not a EAP message and hence freeradius server is rejecting , it
> goes to users file and found the last line Auth-Type: Reject
>
> Anyone can
I am facing a issue that captive portial server is sending a auth request
which is not a EAP message and hence freeradius server is rejecting , it
goes to users file and found the last line Auth-Type: Reject
Anyone can point how to fix this ? I guess if captive portal send a eap
message , it will
24 matches
Mail list logo
