<div dir="ltr">Hi all,<br>Problem solved about CopSpot and Freeradius, it works against the user file (not OpenLDAP). Actually, I am wondering if I can do the authentication using eap-tls module. I enabled it and it gave me the following output:<br>
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: radiusd: #### Loading Virtual Servers ####</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: server inner-tunnel {</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: modules {</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: Module: Checking authenticate {...} for more modules to load</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: (Loaded rlm_pap, checking if it's valid)</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: Module: Linked to module rlm_pap</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: Module: Instantiating pap</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: pap {</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: encryption_scheme = "auto"</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: auto_header = no</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: }</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;"><span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: (Loaded rlm_chap, checking if it's valid)</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: Module: Linked to module rlm_chap</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: Module: Instantiating chap</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: (Loaded rlm_mschap, checking if it's valid)</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: Module: Linked to module rlm_mschap</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: Module: Instantiating mschap</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: mschap {</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: use_mppe = yes</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: require_encryption = no</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: require_strong = no</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: with_ntdomain_hack = no</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: }</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;"><span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: (Loaded rlm_unix, checking if it's valid)</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: Module: Linked to module rlm_unix</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: Module: Instantiating unix</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: unix {</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: radwtmp = "/var/log/freeradius/radwtmp"</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: }</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;"><span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: (Loaded rlm_eap, checking if it's valid)</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: Module: Linked to module rlm_eap</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: Module: Instantiating eap</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: eap {</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: default_eap_type = "tls"</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: timer_expire = 60</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: ignore_unknown_eap_types = no</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: cisco_accounting_username_bug = no</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: max_sessions = 4096</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: }</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;"><span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: Module: Linked to sub-module rlm_eap_md5</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: Module: Instantiating eap-md5</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: Module: Linked to sub-module rlm_eap_leap</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: Module: Instantiating eap-leap</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: Module: Linked to sub-module rlm_eap_gtc</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: Module: Instantiating eap-gtc</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: gtc {</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: challenge = "Password: "</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: auth_type = "PAP"</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: }</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;"><span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: Module: Linked to sub-module rlm_eap_tls</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: Module: Instantiating eap-tls</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: tls {</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: rsa_key_exchange = no</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: dh_key_exchange = yes</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: rsa_key_length = 512</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: dh_key_length = 512</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: verify_depth = 0</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: pem_file_type = yes</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: private_key_file = "$/etc/freeradius/certs/serverd.pem"</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: certificate_file = "$/etc/freeradius/certs/serverd.pem"</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: CA_file = "$/etc/freeradius/certs/root.pem"</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: private_key_password = "whatever"</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: dh_file = "$/etc/freeradius/certs/dh"</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: random_file = "$/etc/freeradius/certs/random"</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: fragment_size = 1024</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: include_length = yes</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: check_crl = yes</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: cipher_list = "DEFAULT"</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: make_cert_command = "$/etc/root/Workdir/bootstrap"</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: cache {</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: enable = no</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: lifetime = 24</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: max_entries = 255</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: }</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;"><span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Debug: }</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Error: rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Error: rlm_eap_tls: Error reading certificate file $/etc/freeradius/certs/serverd.pem</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Error: rlm_eap: Failed to initialize type tls</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Error: /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Error: /etc/freeradius/sites-enabled/inner-tunnel[223]: Failed to find module "eap".</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">Tue Apr 27 11:12:19 2010 : Error: /etc/freeradius/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section.</span><br style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">
<span style="background-color: rgb(204, 204, 204); font-family: courier new,monospace;">serverd:~#</span><br><br>Frankly, I don't know what the error means: is that the rlm_eap module was not found (and it's right, it is not present in my system) , if so how can I install it without reinstalling the whole freeradius ?<br>
Any Help will be appreciated.<br>Best regards.<br><br><div class="gmail_quote">On Fri, Apr 23, 2010 at 7:21 AM, Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Johnny R wrote:<br>
> * is the cipher login/password which comes from CopSpot(or any<br>
<div class="im">> captive portal) deciphered before ipcop sends it to<br>
> freeradius-server? (It's a kind of question which can not be asked<br>
> here but ... never know)<br>
<br>
</div> I have no idea what that means.<br>
<br>
> * the authentication type set in ipcop is just "radius" (and its<br>
<div class="im">> ip), so I don't understand why the packet contains CHAP?<br>
<br>
</div> <shrug> Go ask the ipcop people.<br>
<div class="im"><br>
> according<br>
> to <a href="http://deployingradius.com/documents/configuration/active_directory.html" target="_blank">http://deployingradius.com/documents/configuration/active_directory.html</a>,<br>
> centralizing the authentication in samba will work fine, but I want to<br>
> do it against ldap. I think, what's wrong here is that I added users by<br>
> smbldap-useradd, not simply ldapadd (which won't work actually, it says:<br>
> "invalid credentials") ...<br>
><br>
> * So how can I force freeradius to use pap<br>
<br>
</div> You can't. The NAS (ipcop) determines what to put in the<br>
Access-Request, not FreeRADIUS.<br>
<br>
You need to put the clear-text password into the database. That's the<br>
only thing you can do to FreeRADIUS which will help.<br>
<div class="im"><br>
> (to be able to<br>
> authenticate it against ldap) even the passwd/login is tls<br>
> ciphered (from chilispot)????I m really convinced that that's not<br>
> possible, even senseless but I have to know why ...<br>
<br>
</div> I have no idea what that means.<br>
<div class="im"><br>
> Finally, once again, I really want to thank the list for your<br>
> availability, the freeradius dev. team, because this is a success for<br>
> the open source community.<br>
> Thanks,<br>
<br>
</div> It's what I do...<br>
<div><div></div><div class="h5"><br>
Alan DeKok.<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>-----------------------------------------------------------------<br>|JJohnny RANDRIAMAMPIONONA |<br>| Phone: +212663682554 |<br>
| National School of Applied Sciences |<br>| 1818 TANGIER 90000 |<br>|----------------------------------------------------------------|<br>
</div>