[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Authenticate via AD and via local "users" file
From: Alan DeKok <aland () deployingradius ! com>
Date: 2018-02-28 18:02:22
Message-ID: 0E70AA4F-8CB4-40E0-98E8-91BDF4A9EBAF () deployingradius ! com
[Download RAW message or body]
On Feb 28, 2018, at 12:53 PM, DUPALUT, Benjamin <benjamin.dupalut@esiee.fr> wrote:
> I'm using a pfsense server as captive portal to authenticate users on my
> WiFi network. The captive portal is set to interrogate my freeradius server.
>
> My freeradius server can already authenticate users via my AD using
> winbind. I also need local account (via "users" file) to create some
> temporary "WiFi" account for guests.
How do you decide which one to use?
> My problem is that it seems that when freeradius receive an mschap request,
> it only interrogate the AD and do not check the local "users" file :
Because you configured it to do that...
> *Radtest output :*
Don't post that. Read this: http://wiki.freeradius.org/list-help
> *freeradius -X output :*
With lots and lots of blank space, and debug output which is massively reformatted \
and unreadable.
The short answer is that if you set a "known good" password for the user, and tell \
it to *not* use NTLM-Auth:
bob Cleartext-Password := "password", MS-CHAP-Use-NTLM-Auth := no
Then the MS-CHAP module will do that.
This is documented in the comments in raddb/mods-available/mschap. Please read \
that for further information.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic