Captive Portal, freeradius2 and Active Directory Auth


  • Hey,

    is it possible to authenticate captive-portal users via freeradius and active-directory out of the box?

    there are some "howtos" for doing this from MatSim, but they are at least 2 years old. and i don´t know how to build my own samba package on a "build system".

    https://docs.google.com/document/d/1i536CfITm478tAddzoxSLrjl9KcEqGGA-F_LG9Iwy6A/edit
    

    isn´t there a more easy way?

    thanks, kallegr


  • @kallegr:

    is it possible to authenticate captive-portal users via freeradius and active-directory out of the box?

    Hi,

    it is! If you use the freeRadius Pack and LDAP to talk to an AD it works like a charm.
    Tested it with Windows 2012R2 based server a couple of weeks ago and it worked find.

    If you use an external Radius Server: There are good HowTos that you will find on the web.

    P.S.: Another way might be NPS. So your (external) Radius Server can act as an Radius Proxy and asks the Backend Radius (Based on an Windows System) for the real User info. This is a great way to protect the Windows Server. But I would use the LDAP Implementation of FreeRadius.


  • @kallegr:

    is it possible to authenticate captive-portal users via freeradius and active-directory out of the box?

    Hi,

    it is! If you use the freeRadius Pack and LDAP to talk to an AD it works like a charm.
    Tested it with Windows 2012R2 based server a couple of weeks ago and it worked find.

    Do you know of any guides for this?

    For example, which authentication mode did you use ? chap, pap, mschapv2 ?  I think i've gotten mine as far as the authentication method


  • Hi !

    Sorry for bumping an old thread, but it's more of a quick question….

    I also want to use ldap auth for my captive portal, and i got it to work so far following this example: https://www.youtube.com/watch?v=aCgsEAfn36c

    The downside is that my user is not being filtered at all via squid/squidguard and groups of the active directory.

    The ldap filtering works when i disable captive portal and use proxy auth.

    So is the freeradius package needed in that configuration ?

  • Banned

    CP + proxy -> completely broken. Plus, completely off-topic in this thread.