Thanks ,
setting *set_auth_type =yes* still not setting Auth-Type-ldap_secondary ,
to solve this I followed the solution suggested in this thread
http://lists.freeradius.org/pipermail/freeradius-users/2008-May/027962.html
After that it started working i.e. auth by binding to the ldap server
Chitrang Srivastava wrote:
After that it started working i.e. auth by binding to the ldap server
So... the LDAP server is probably active directory. Or, there are
security settings on it which means FreeRADIUS can't read the password
from LDAP.
Which one is it?
But my question is auth
LDAP server or AD , has password stored as NTLM-Hash, and that's why I set
PEAP-MSCHAPv2 as auth type (finally using ntlm_auth to authenticate), All
this works fine when a wifi acces point is configured to do MSCHAPv2 or
even with radtest it worked.
Only when access point is open and captive
On Fri, Apr 19, 2013 at 06:15:09PM +0530, Chitrang Srivastava wrote:
tried what Matthew suggest , in authorize section and it worked. Whole
issue is captive portal is sending a non-EAP message with User-Password set
, in this case we have to set auth type as ldap.
It's obvious from your debug
I am using Microsoft 2003 Active Directory Server , the way wifi (MSCHAPv2)
works is with ntlm_auth , which does the authentication.
- your LDAP module isn't setting Auth-Type for some reason
This is happening because of
On Fri, Apr 19, 2013 at 08:59:57PM +0530, Chitrang Srivastava wrote:
I am using Microsoft 2003 Active Directory Server , the way wifi (MSCHAPv2)
works is with ntlm_auth , which does the authentication.
OK, finally the information that's needed.
The way it works with wifi or radtest is ,
Ok I will try that out, ntlm_auth module is already configured and works
for radtest and wifi.
So ntlm_auth with captive portal , is that the way to go , as told by you
? All other captive portal portal server we have to do like that ?
On Fri, Apr 19, 2013 at 9:56 PM, Matthew Newton
On Fri, Apr 19, 2013 at 10:42:04PM +0530, Chitrang Srivastava wrote:
Ok I will try that out, ntlm_auth module is already configured and works
for radtest and wifi.
In the mschap/eap modules using mschap keys.
So ntlm_auth with captive portal , is that the way to go , as told by you
? All
What I found from wiki that we don't require to set Auth-Type freeradius
will determine from request automatically , so I removed
DEFAULT Auth-Type = Reject from users file , is that OK ?
With this at-least radtest starts working
but still request from captive portal didnt worked , What I found
Chitrang Srivastava wrote:
What I found from wiki that we don't require to set Auth-Type
freeradius will determine from request automatically , so I removed
DEFAULT Auth-Type = Reject from users file , is that OK ?
With this at-least radtest starts working
but still request from captive
debug log are attched in earlier reply, Please see
On Thu, Apr 18, 2013 at 6:49 PM, Alan DeKok al...@deployingradius.comwrote:
Chitrang Srivastava wrote:
What I found from wiki that we don't require to set Auth-Type
freeradius will determine from request automatically , so I removed
Chitrang Srivastava wrote:
debug log are attched in earlier reply, Please see
No, they're not.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Attaching
Auth Type is MSCHAPv2 (TTLS)
Data source is on LDAP
radtest is working
wifi authentication is also working ( configured the access point to use
TTLS-MSCHAPv2)
open wifi with captive portal (lightttpd) is *not * working
What I found is captive portal server is sending a non-EAP message
On Thu, Apr 18, 2013 at 09:37:06PM +0530, Chitrang Srivastava wrote:
radtest is working
wifi authentication is also working ( configured the access point to use
TTLS-MSCHAPv2)
ok.
open wifi with captive portal (lightttpd) is *not * working
right.
What I found is captive portal server is
I am facing a issue that captive portial server is sending a auth request
which is not a EAP message and hence freeradius server is rejecting , it
goes to users file and found the last line Auth-Type: Reject
Anyone can point how to fix this ? I guess if captive portal send a eap
message , it
On Wed, Apr 17, 2013 at 05:21:32PM +0530, Chitrang Srivastava wrote:
I am facing a issue that captive portial server is sending a auth request
which is not a EAP message and hence freeradius server is rejecting , it
goes to users file and found the last line Auth-Type: Reject
Anyone can
Hi,
Can you please revise your question and put it in better way, i am not
clear, do some more typing. if captive portal (NAS) is CoovaChilli, this
works for me.
HS_RAD_PROTO=pap
Thanks / Regards
On Wed, Apr 17, 2013 at 11:51 AM, Chitrang Srivastava
chitrang.srivast...@gmail.com wrote:
I
I am using LDAP server as datasource
Attaching logs
On Wed, Apr 17, 2013 at 5:58 PM, Russell Mike radius@gmail.com wrote:
Hi,
Can you please revise your question and put it in better way, i am not
clear, do some more typing. if captive portal (NAS) is CoovaChilli, this
works for me.
On 17.04.2013 14:32, Chitrang Srivastava wrote:
I am using LDAP server as datasource
Attaching logs
You're doing PAP against LDAP.
This is the ONLY situation where Auth-Type should be set to ldap
looking at modules/ldap, we have
#
# By default, if the packet contains a
Hi,
I am facing a issue that captive portial server is sending a auth request
which is not a EAP message and hence freeradius server is rejecting , it
goes to users file and found the last line Auth-Type: Reject
send output of 'radiusd -X' - things will be quite clear in that so we
hi,
from the output:
[ldap_secondary] rlm_ldap: performing user authorization for symbol
[ldap_secondary]expand: (sAMAccountName=%{Stripped-User-Name}) -
(sAMAccountName=symbol)
[ldap_secondary]expand: cn=Users,DC=MotorolaSymbol,dc=local -
cn=Users,DC=MotorolaSymbol,dc=local
Thanks , I am trying to MSCHAPv2 (TTLS or PEAP ) or GTC with LDAP
I see that rlm_ldap.c will set Auth-Type as ldap based on set_auth_type
=yes and 3 other flags,
tried but it didn't worked ,
I will try from scratch
On Wed, Apr 17, 2013 at 6:24 PM, Olivier Beytrison oliv...@heliosnet.orgwrote:
On 17.04.2013 15:37, Chitrang Srivastava wrote:
Thanks , I am trying to MSCHAPv2 (TTLS or PEAP ) or GTC with LDAP
MSCHAPv2 with EAP-TTLS or PEAP will NOT work with LDAP. as explained
almost everywhere, and especially here :
http://deployingradius.com/documents/protocols/compatibility.html
You
But its working fine with wifi authentication ( I am using ntlm auth for
MSCHAPv2 with LDAP) only issue is with when request come from captive
portal ..I needto see why PAP request comes
On Wed, Apr 17, 2013 at 7:28 PM, Olivier Beytrison oliv...@heliosnet.orgwrote:
On 17.04.2013 15:37,
24 matches
Mail list logo