Roberto Nunnari wrote:
Chris Buechler wrote:
On Thu, Jun 9, 2011 at 5:49 AM, Roberto Nunnari
<[email protected]> wrote:
Hi all.
We now face a problem.. the captive portal, will need to authenticate
users
via a radius server. Unfortunately, that radius server doesn't
support PAP,
and pfSense seems to be using right that.. on the web interface I
didn't see
an option to change it..
Is it possible to set authentication protocol to something more advanced
than PAP.. say EAP, PEAP.. we could even accept CHAP..
Currently no. But you can always add that yourself, or get us to do it
for you if you have a budget for it. It uses Auth_RADIUS, which can
support CHAP with additional extensions. EAP and/or PEAP would require
quite a bit more work.
Hi Chris.
Humm.. I'm still in the evaluation stage..
Could you just tell me what files/libraries should I edit/use in order
to add peap or mschapv2? For sure I would give the patches back to the
pfSense project once done, but a little help would be much appreciated.
humm.. files seems to be in /etc/inc/ .. at least radius.inc and auth.inc ..
Robi
I'm a developer and have good experience with C/C++/Java, some
experience with php and I'm now starting with python. I also have a good
working knowledge of FreeBSD and I'm the system administrator of a few
FreeBSD boxes since version 4 to version 6.4. If it is a matter of no
more than a couple of days of work, I could try to add support for peap
and/or mschapv2.
Our radius guy told me that the only accepted protocols at present for
us are peap and mschapv2. So, I was wrong when I said that chap was an
acceptable option for us.
To be true, I'm surprised that pfSense, in the case of radius with
captive portal, puts credentials on the network in clear text (PAP)
without a chance to choose a more secure protocol.
But I also understand that pfSense is free software, and that you guys
already have done a great amount of work and released such a wonderful
software for free!
Thank you again!
Best regards.
Robi
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
