I found this post which is supposed to disable chap:
Change the ‘allow-unencrypted-passwords’ argument to ‘yes’ in the ‘ip hotspot’ menu and then also modify the Hotspot login page HTML (login.html) - remove this string from that page: ‘%main%’
I have done this and it still sends chap passwords. I am doing auth-mac-password=yes auth-mac-universal=yes. %main% does not exist in my login.html What else should I be doing?
Carl
I was able to solve this issue of users not logging in. Mikrotik is passing all caps MAC address to the radius server. Even though I have radiusd.conf set to lowercase both username and pass, apparently when using CHAP it doesn’t matter.
Now my quesiton is if there is any way to change the MAC that is passed to radius so that it is all lowercase?
I am having this problem also. I have removed the %main% from the login page and enabled ‘allow-unencrypted-passwords’, but now I get an error on the login page and users still cannot authenticate.
Do you have auth-mac-password set to yes? My users don’t actually enter any information, it is completely mac based.