Roberto Nunnari wrote:
Roberto Nunnari wrote:
Roberto Nunnari wrote:
Chris Buechler wrote:
On Thu, Jun 9, 2011 at 5:49 AM, Roberto Nunnari
<[email protected]> wrote:
Hi all.
We now face a problem.. the captive portal, will need to
authenticate users
via a radius server. Unfortunately, that radius server doesn't
support PAP,
and pfSense seems to be using right that.. on the web interface I
didn't see
an option to change it..
Is it possible to set authentication protocol to something more
advanced
than PAP.. say EAP, PEAP.. we could even accept CHAP..
Currently no. But you can always add that yourself, or get us to do it
for you if you have a budget for it. It uses Auth_RADIUS, which can
support CHAP with additional extensions. EAP and/or PEAP would require
quite a bit more work.
Hi Chris.
Humm.. I'm still in the evaluation stage..
Could you just tell me what files/libraries should I edit/use in
order to add peap or mschapv2? For sure I would give the patches back
to the pfSense project once done, but a little help would be much
appreciated.
humm.. files seems to be in /etc/inc/ .. at least radius.inc and
auth.inc ..
!!! there's already a funtion Auth_RADIUS_MSCHAPv2 in radius.inc !!!
I'm going to try that out right away.
Robi
Robi
I'm a developer and have good experience with C/C++/Java, some
experience with php and I'm now starting with python. I also have a
good working knowledge of FreeBSD and I'm the system administrator of
a few FreeBSD boxes since version 4 to version 6.4. If it is a matter
of no more than a couple of days of work, I could try to add support
for peap and/or mschapv2.
Our radius guy told me that the only accepted protocols at present
for us are peap and mschapv2. So, I was wrong when I said that chap
was an acceptable option for us.
To be true, I'm surprised that pfSense, in the case of radius with
captive portal, puts credentials on the network in clear text (PAP)
without a chance to choose a more secure protocol.
But I also understand that pfSense is free software, and that you
guys already have done a great amount of work and released such a
wonderful software for free!
Thank you again!
Best regards.
Robi
I offer my help to add mschapv2, but I'm new to pfSense and so I don't
know anything about current implementation and the startup scripts.
In particular I'd like to know
1) what is covered in the current implementation regarding mschapv2
2) what is missing in the current implementation regarding mschapv2
3) is mschapv2 implementation in radius.inc complete?
4) should it be enough to change auth.inc to see it working as an
initial test?
5) where to put configuration parameters?
6) I believe it would be desirable to choose at least php/mschapv2 in
the captive portal configuration in the web interface.
7) is there a developer guide?
Best regards.
Robi
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
