Hi all,
Problem solved about CopSpot and Freeradius, it works against the user file (not OpenLDAP). Actually, I am wondering if I can do the authentication using eap-tls module. I enabled  it and it gave me the following output:
Tue Apr 27 11:12:19 2010 : Debug: radiusd: #### Loading Virtual Servers ####
Tue Apr 27 11:12:19 2010 : Debug: server inner-tunnel {
Tue Apr 27 11:12:19 2010 : Debug:  modules {
Tue Apr 27 11:12:19 2010 : Debug:  Module: Checking authenticate {...} for more modules to load
Tue Apr 27 11:12:19 2010 : Debug:     (Loaded rlm_pap, checking if it's valid)
Tue Apr 27 11:12:19 2010 : Debug:  Module: Linked to module rlm_pap
Tue Apr 27 11:12:19 2010 : Debug:  Module: Instantiating pap
Tue Apr 27 11:12:19 2010 : Debug:   pap {
Tue Apr 27 11:12:19 2010 : Debug:       encryption_scheme = "auto"
Tue Apr 27 11:12:19 2010 : Debug:       auto_header = no
Tue Apr 27 11:12:19 2010 : Debug:   }
Tue Apr 27 11:12:19 2010 : Debug:     (Loaded rlm_chap, checking if it's valid)
Tue Apr 27 11:12:19 2010 : Debug:  Module: Linked to module rlm_chap
Tue Apr 27 11:12:19 2010 : Debug:  Module: Instantiating chap
Tue Apr 27 11:12:19 2010 : Debug:     (Loaded rlm_mschap, checking if it's valid)
Tue Apr 27 11:12:19 2010 : Debug:  Module: Linked to module rlm_mschap
Tue Apr 27 11:12:19 2010 : Debug:  Module: Instantiating mschap
Tue Apr 27 11:12:19 2010 : Debug:   mschap {
Tue Apr 27 11:12:19 2010 : Debug:       use_mppe = yes
Tue Apr 27 11:12:19 2010 : Debug:       require_encryption = no
Tue Apr 27 11:12:19 2010 : Debug:       require_strong = no
Tue Apr 27 11:12:19 2010 : Debug:       with_ntdomain_hack = no
Tue Apr 27 11:12:19 2010 : Debug:   }
Tue Apr 27 11:12:19 2010 : Debug:     (Loaded rlm_unix, checking if it's valid)
Tue Apr 27 11:12:19 2010 : Debug:  Module: Linked to module rlm_unix
Tue Apr 27 11:12:19 2010 : Debug:  Module: Instantiating unix
Tue Apr 27 11:12:19 2010 : Debug:   unix {
Tue Apr 27 11:12:19 2010 : Debug:       radwtmp = "/var/log/freeradius/radwtmp"
Tue Apr 27 11:12:19 2010 : Debug:   }
Tue Apr 27 11:12:19 2010 : Debug:     (Loaded rlm_eap, checking if it's valid)
Tue Apr 27 11:12:19 2010 : Debug:  Module: Linked to module rlm_eap
Tue Apr 27 11:12:19 2010 : Debug:  Module: Instantiating eap
Tue Apr 27 11:12:19 2010 : Debug:   eap {
Tue Apr 27 11:12:19 2010 : Debug:       default_eap_type = "tls"
Tue Apr 27 11:12:19 2010 : Debug:       timer_expire = 60
Tue Apr 27 11:12:19 2010 : Debug:       ignore_unknown_eap_types = no
Tue Apr 27 11:12:19 2010 : Debug:       cisco_accounting_username_bug = no
Tue Apr 27 11:12:19 2010 : Debug:       max_sessions = 4096
Tue Apr 27 11:12:19 2010 : Debug:   }
Tue Apr 27 11:12:19 2010 : Debug:  Module: Linked to sub-module rlm_eap_md5
Tue Apr 27 11:12:19 2010 : Debug:  Module: Instantiating eap-md5
Tue Apr 27 11:12:19 2010 : Debug:  Module: Linked to sub-module rlm_eap_leap
Tue Apr 27 11:12:19 2010 : Debug:  Module: Instantiating eap-leap
Tue Apr 27 11:12:19 2010 : Debug:  Module: Linked to sub-module rlm_eap_gtc
Tue Apr 27 11:12:19 2010 : Debug:  Module: Instantiating eap-gtc
Tue Apr 27 11:12:19 2010 : Debug:    gtc {
Tue Apr 27 11:12:19 2010 : Debug:       challenge = "Password: "
Tue Apr 27 11:12:19 2010 : Debug:       auth_type = "PAP"
Tue Apr 27 11:12:19 2010 : Debug:    }
Tue Apr 27 11:12:19 2010 : Debug:  Module: Linked to sub-module rlm_eap_tls
Tue Apr 27 11:12:19 2010 : Debug:  Module: Instantiating eap-tls
Tue Apr 27 11:12:19 2010 : Debug:    tls {
Tue Apr 27 11:12:19 2010 : Debug:       rsa_key_exchange = no
Tue Apr 27 11:12:19 2010 : Debug:       dh_key_exchange = yes
Tue Apr 27 11:12:19 2010 : Debug:       rsa_key_length = 512
Tue Apr 27 11:12:19 2010 : Debug:       dh_key_length = 512
Tue Apr 27 11:12:19 2010 : Debug:       verify_depth = 0
Tue Apr 27 11:12:19 2010 : Debug:       pem_file_type = yes
Tue Apr 27 11:12:19 2010 : Debug:       private_key_file = "$/etc/freeradius/certs/serverd.pem"
Tue Apr 27 11:12:19 2010 : Debug:       certificate_file = "$/etc/freeradius/certs/serverd.pem"
Tue Apr 27 11:12:19 2010 : Debug:       CA_file = "$/etc/freeradius/certs/root.pem"
Tue Apr 27 11:12:19 2010 : Debug:       private_key_password = "whatever"
Tue Apr 27 11:12:19 2010 : Debug:       dh_file = "$/etc/freeradius/certs/dh"
Tue Apr 27 11:12:19 2010 : Debug:       random_file = "$/etc/freeradius/certs/random"
Tue Apr 27 11:12:19 2010 : Debug:       fragment_size = 1024
Tue Apr 27 11:12:19 2010 : Debug:       include_length = yes
Tue Apr 27 11:12:19 2010 : Debug:       check_crl = yes
Tue Apr 27 11:12:19 2010 : Debug:       cipher_list = "DEFAULT"
Tue Apr 27 11:12:19 2010 : Debug:       make_cert_command = "$/etc/root/Workdir/bootstrap"
Tue Apr 27 11:12:19 2010 : Debug:     cache {
Tue Apr 27 11:12:19 2010 : Debug:       enable = no
Tue Apr 27 11:12:19 2010 : Debug:       lifetime = 24
Tue Apr 27 11:12:19 2010 : Debug:       max_entries = 255
Tue Apr 27 11:12:19 2010 : Debug:     }
Tue Apr 27 11:12:19 2010 : Debug:    }
Tue Apr 27 11:12:19 2010 : Error: rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory
Tue Apr 27 11:12:19 2010 : Error: rlm_eap_tls: Error reading certificate file $/etc/freeradius/certs/serverd.pem
Tue Apr 27 11:12:19 2010 : Error: rlm_eap: Failed to initialize type tls
Tue Apr 27 11:12:19 2010 : Error: /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"
Tue Apr 27 11:12:19 2010 : Error: /etc/freeradius/sites-enabled/inner-tunnel[223]: Failed to find module "eap".
Tue Apr 27 11:12:19 2010 : Error: /etc/freeradius/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section.
serverd:~#

Frankly, I don't know what the error means: is that the rlm_eap module  was not found (and it's right, it is not present in my system) , if so how can I install it without reinstalling the whole freeradius ?
Any Help will be appreciated.
Best regards.

On Fri, Apr 23, 2010 at 7:21 AM, Alan DeKok <aland@deployingradius.com> wrote:
Johnny R wrote:
>     * is the cipher login/password which comes from CopSpot(or any
>       captive portal) deciphered before ipcop sends it to
>       freeradius-server? (It's a kind of question which can not be asked
>       here but ... never know)

 I have no idea what that means.

>     * the authentication type set in ipcop is just "radius" (and its
>       ip), so I don't understand why the packet contains CHAP?

 <shrug> Go ask the ipcop people.

> according
> to http://deployingradius.com/documents/configuration/active_directory.html,
> centralizing the authentication in samba will work fine, but I want to
> do it against ldap. I think, what's wrong here is that I added users by
> smbldap-useradd, not simply ldapadd (which won't work actually, it says:
> "invalid credentials") ...
>
>     * So how can I force freeradius to use pap

 You can't.  The NAS (ipcop) determines what to put in the
Access-Request, not FreeRADIUS.

 You need to put the clear-text password into the database.  That's the
only thing you can do to FreeRADIUS which will help.

> (to be able to
>       authenticate it against ldap) even the passwd/login is tls
>       ciphered (from chilispot)????I m really convinced that that's not
>       possible, even senseless but I have to know why ...

 I have no idea what that means.

> Finally, once again, I really want to thank the list for your
> availability, the freeradius dev. team, because this is a success for
> the open source community.
> Thanks,

 It's what I do...

 Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



--
-----------------------------------------------------------------
|JJohnny RANDRIAMAMPIONONA              |
| Phone: +212663682554                            |
| National School of Applied Sciences          |
| 1818 TANGIER 90000                               |
|----------------------------------------------------------------|