Ok I will try that out, ntlm_auth module is already configured and works for radtest and wifi. So ntlm_auth with captive portal , is that the way to go , as told by you ? All other captive portal portal server we have to do like that ?
On Fri, Apr 19, 2013 at 9:56 PM, Matthew Newton <m...@leicester.ac.uk>wrote: > On Fri, Apr 19, 2013 at 08:59:57PM +0530, Chitrang Srivastava wrote: > > I am using Microsoft 2003 Active Directory Server , the way wifi > (MSCHAPv2) > > works is with ntlm_auth , which does the authentication. > > OK, finally the information that's needed. > > > The way it works with wifi or radtest is , Auth-Type is set to EAP (it > > refers to eap.conf ) , it goes to mschap modules(set up TLS channel and > > then under that) , from there its told to use external program ntlm_auth > , > > which does the authentication and tells radius if its OK or not. > > > > What i was trying , is to get similar way working with captive portal as > > well. > > There's an example in raddb/modules/ntlm_auth. Configure that > file, and then do something like this: > > authorize { > ... > if (!EAP-Message && User-Password) { > update control { > Auth-Type = PAP > } > } > } > > authenticate { > Auth-Type PAP { > # pap <-- comment out > ntlm_auth > } > } > > Then it should take your User-Name and User-Password, check them > using the ntlm_auth utility rather than the pap module (the > ntlm_auth "module" is just an instantiation of exec). > > Matthew > > > > -- > Matthew Newton, Ph.D. <m...@le.ac.uk> > > Systems Specialist, Infrastructure Services, > I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom > > For IT help contact helpdesk extn. 2253, <ith...@le.ac.uk> > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html