Captive portal , specific group Active directory auth

[maxip]

Hi, I already have an active portal working with AD auth, i am wondering if is possible to authenticate users only in specific group in the AD, P ex. Wireless users group, i mean that captive portal auth works only for users in that group.

thanks in advance, best regards!

great product!

[imported_fulvio]

You can’t use group authorization if your captive portal is configured to authenticate against Kerberos 5. The workaround is to enable IAS (the RADIUS service of Microsoft Active Directory) and configure the captive portal to use RADIUS. In this case, you can set IAS authentication only to the users belonging to a specified group.

Regards
Fulvio

[maxip]

I will try this,
In the radius auth, the password are send in clear text to the ias?

best regards.

[imported_fulvio]

Configuring the RADIUS authentication domain you can select the authentication request type among one of the following:

– PAP (the password is not encrypted)

– PEAP with MS-ChapV2 (an encrypted TLS tunnel is used before to user Ms-Chapv2)

-EAP-TTLS with PAP (an encrypted TLS tunnel is used before to user PAP)

Regards
Fulvio

[maxip]

Hi,

I successfully configure IAS (radius) and zeroshell to use this with PAP auth, but i can’t configure IAS to use EAP msCHAPv2 ( EAP TTLS not suported by IAS)

can you help me with some tips to achive this.

thanks

best regards.

[imported_fulvio]

You should read the Microsoft documentation about IAS.

Regards
Fulvio

[Author]

Posts