Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal, freeradius2 and Active Directory Auth

    Scheduled Pinned Locked Moved
    Captive Portal
    5
    5
    4.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kallegr
      last edited by

      Hey,

      is it possible to authenticate captive-portal users via freeradius and active-directory out of the box?

      there are some "howtos" for doing this from MatSim, but they are at least 2 years old. and i don´t know how to build my own samba package on a "build system".

      https://docs.google.com/document/d/1i536CfITm478tAddzoxSLrjl9KcEqGGA-F_LG9Iwy6A/edit

      isn´t there a more easy way?

      thanks, kallegr

      1 Reply Last reply Reply Quote 0
      • J
        jhochwald
        last edited by

        @kallegr:

        is it possible to authenticate captive-portal users via freeradius and active-directory out of the box?

        Hi,

        it is! If you use the freeRadius Pack and LDAP to talk to an AD it works like a charm.
        Tested it with Windows 2012R2 based server a couple of weeks ago and it worked find.

        If you use an external Radius Server: There are good HowTos that you will find on the web.

        P.S.: Another way might be NPS. So your (external) Radius Server can act as an Radius Proxy and asks the Backend Radius (Based on an Windows System) for the real User info. This is a great way to protect the Windows Server. But I would use the LDAP Implementation of FreeRadius.

        Regards

        /JH

        1 Reply Last reply Reply Quote 0
        • P
          pun84
          last edited by

          @kallegr:

          is it possible to authenticate captive-portal users via freeradius and active-directory out of the box?

          Hi,

          it is! If you use the freeRadius Pack and LDAP to talk to an AD it works like a charm.
          Tested it with Windows 2012R2 based server a couple of weeks ago and it worked find.

          Do you know of any guides for this?

          For example, which authentication mode did you use ? chap, pap, mschapv2 ?  I think i've gotten mine as far as the authentication method

          1 Reply Last reply Reply Quote 0
          • O
            omrom
            last edited by

            Hi !

            Sorry for bumping an old thread, but it's more of a quick question….

            I also want to use ldap auth for my captive portal, and i got it to work so far following this example: https://www.youtube.com/watch?v=aCgsEAfn36c

            The downside is that my user is not being filtered at all via squid/squidguard and groups of the active directory.

            The ldap filtering works when i disable captive portal and use proxy auth.

            So is the freeradius package needed in that configuration ?

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              CP + proxy -> completely broken. Plus, completely off-topic in this thread.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post