Johnny R wrote:
* is the cipher login/password which comes from CopSpot(or any captive portal) deciphered before ipcop sends it to freeradius-server? (It's a kind of question which can not be asked here but ... never know)
I have no idea what that means.
* the authentication type set in ipcop is just "radius" (and its ip), so I don't understand why the packet contains CHAP?
<shrug> Go ask the ipcop people.
according to http://deployingradius.com/documents/configuration/active_directory.html, centralizing the authentication in samba will work fine, but I want to do it against ldap. I think, what's wrong here is that I added users by smbldap-useradd, not simply ldapadd (which won't work actually, it says: "invalid credentials") ...
* So how can I force freeradius to use pap
You can't. The NAS (ipcop) determines what to put in the Access-Request, not FreeRADIUS. You need to put the clear-text password into the database. That's the only thing you can do to FreeRADIUS which will help.
(to be able to authenticate it against ldap) even the passwd/login is tls ciphered (from chilispot)????I m really convinced that that's not possible, even senseless but I have to know why ...
I have no idea what that means.
Finally, once again, I really want to thank the list for your availability, the freeradius dev. team, because this is a success for the open source community. Thanks,
It's what I do... Alan DeKok.