Date: Wed, 13 May 2015 17:22:07 +0000 (UTC) From: <marcin.michta@gmail.com> To: adrian@freebsd.org Cc: freebsd-wireless@freebsd.org Subject: Re: hostapd + freeradius can't connect Message-ID: <E9AD433B9F60911F.1-684e42e0-99ac-4679-9c97-5de7d7ad15a0@mail.outlook.com> In-Reply-To: <CAJ-VmokxL6Zz=K2p9zeg84_EF5zr6Kk4mWv=oxt2FA59JktA0w@mail.gmail.com> References: <01e701d08d75$fed02bd0$fc708370$@gmail.com> <CAJ-VmokxL6Zz=K2p9zeg84_EF5zr6Kk4mWv=oxt2FA59JktA0w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Pozdrawiam, Marcin Michta On Wed, May 13, 2015 at 9:27 AM -0700, "Adrian Chadd" <adrian@freebsd.org> wrote: Hi! I haven't tested radius+wpa before; what's your radius config look like? (It'd be good to document how to do this in the wiki/handbook.) -a On 13 May 2015 at 05:11, Marcin Michta wrote: > Hi all, > So I'm trying configure hostapd to work (peap + mschapv2). I tried connect > by wpa_suplicant on FreeBSD, and Ubuntu with gui, but without success. > Freeradius allow to connect, but connections are failed - every time get: > > hostapd_wpa_auth_disconnect: WPA authenticator requests disconnect: STA > 00:24:d7:6f:eb:c4 reason 2 > > > > Where is mistake/bug? Or what is wrong? > log: > > 1431101834.596845: Configuration file: hostapd.conf > > 1431101834.596913: Line 10: DEPRECATED: 'debug' configuration variable is > not used anymore > > 1431101834.626788: ctrl_interface_group=0 > > 1431101834.627088: BSS count 1, BSSID mask 00:00:00:00:00:00 (0 bits) > > 1431101834.627098: Completing interface initialization > > 1431101834.627101: Flushing old station entries > > 1431101834.627109: Deauthenticate all stations > > 1431101834.627113: bsd_set_privacy: enabled=0 > > 1431101834.627117: bsd_set_key: alg=0 addr=0x0 key_idx=0 set_tx=1 seq_len=0 > key_len=0 > > 1431101834.627120: bsd_del_key: key_idx=0 > > 1431101834.627124: bsd_set_key: alg=0 addr=0x0 key_idx=1 set_tx=0 seq_len=0 > key_len=0 > > 1431101834.627127: bsd_del_key: key_idx=1 > > 1431101834.627130: bsd_set_key: alg=0 addr=0x0 key_idx=2 set_tx=0 seq_len=0 > key_len=0 > > 1431101834.627133: bsd_del_key: key_idx=2 > > 1431101834.627136: bsd_set_key: alg=0 addr=0x0 key_idx=3 set_tx=0 seq_len=0 > key_len=0 > > 1431101834.627139: bsd_del_key: key_idx=3 > > 1431101834.627143: Using interface wlan0 with hwaddr 00:0e:2e:c4:2f:e7 and > ssid 'RADIUS' > > 1431101834.627155: wlan0: RADIUS Authentication server 10.146.20.137:1812 > > 1431101834.627257: RADIUS local address: 10.146.103.7:14137 > > 1431101834.627270: wlan0: RADIUS Accounting server 10.146.20.137:1813 > > 1431101834.627288: RADIUS local address: 10.146.103.7:14773 > > 1431101834.627294: bsd_set_ieee8021x: enabled=1 > > 1431101834.627296: bsd_configure_wpa: enable WPA= 0x1 > > 1431101834.627514: WPA: group state machine entering state GTK_INIT (VLAN-ID > 0) > > 1431101834.627527: GMK - hexdump(len=32): [REMOVED] > > 1431101834.627530: GTK - hexdump(len=32): [REMOVED] > > 1431101834.627532: WPA: group state machine entering state SETKEYSDONE > (VLAN-ID 0) > > 1431101834.627535: bsd_set_key: alg=2 addr=0x0 key_idx=1 set_tx=1 seq_len=0 > key_len=32 > > 1431101834.632173: ioctl[SIOCS80211, op=19, val=0, arg_len=64]: Device not > configured > > 1431101834.632194: bsd_set_privacy: enabled=1 > > 1431101834.632200: bsd_set_opt_ie: set WPA+RSN ie (len 24) > > 1431101834.632229: wlan0: RADIUS Sending RADIUS message to accounting server > > 1431101834.632259: wlan0: RADIUS Next RADIUS client retransmit in 3 seconds > > > > 1431101834.702842: wlan0: Setup of interface done. > > 1431101834.702886: Discard routing message to if#0 (not for us 8) > > > > 1431101834.702897: wlan0: RADIUS Received 20 bytes from RADIUS server > > 1431101834.702914: wlan0: RADIUS Received RADIUS message > > 1431101834.702925: wlan0: STA 00:00:00:00:00:00 RADIUS: Received RADIUS > packet matched with a pending request, round trip time 0.07 sec > > 1431101867.876189: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.11: associated > > 1431101867.876215: STA included WPA IE in (Re)AssocReq > > 1431101867.876220: New STA > > 1431101867.876230: wlan0: STA 00:24:d7:6f:eb:c4 WPA: event 1 notification > > 1431101867.876243: bsd_set_key: alg=0 addr=0x8014908d0 key_idx=0 set_tx=1 > seq_len=0 key_len=0 > > 1431101867.876248: bsd_del_key: addr=00:24:d7:6f:eb:c4 > > 1431101867.876258: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: start > authentication > > 1431101867.876270: EAP: Server state machine created > > 1431101867.876275: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > IDLE > > 1431101867.876279: IEEE 802.1X: 00:24:d7:6f:eb:c4 CTRL_DIR entering state > FORCE_BOTH > > 1431101867.876291: wlan0: STA 00:24:d7:6f:eb:c4 WPA: start authentication > > 1431101867.876302: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state INITIALIZE > > 1431101867.876307: bsd_set_key: alg=0 addr=0x8014908d0 key_idx=0 set_tx=1 > seq_len=0 key_len=0 > > 1431101867.876310: bsd_del_key: addr=00:24:d7:6f:eb:c4 > > 1431101867.876316: WPA: 00:24:d7:6f:eb:c4 WPA_PTK_GROUP entering state IDLE > > 1431101867.876319: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state > AUTHENTICATION > > 1431101867.876322: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state > AUTHENTICATION2 > > 1431101867.876329: IEEE 802.1X: 00:24:d7:6f:eb:c4 AUTH_PAE entering state > DISCONNECTED > > 1431101867.876337: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: unauthorizing > port > > 1431101867.876348: IEEE 802.1X: 00:24:d7:6f:eb:c4 AUTH_PAE entering state > RESTART > > 1431101867.876354: EAP: EAP entering state INITIALIZE > > 1431101867.876358: CTRL-EVENT-EAP-STARTED 00:24:d7:6f:eb:c4 > > 1431101867.876360: EAP: EAP entering state SELECT_ACTION > > 1431101867.876362: EAP: getDecision: no identity known yet -> CONTINUE > > 1431101867.876364: EAP: EAP entering state PROPOSE_METHOD > > 1431101867.876366: EAP: getNextMethod: vendor 0 type 1 > > 1431101867.876369: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1 > > 1431101867.876371: EAP: EAP entering state METHOD_REQUEST > > 1431101867.876374: EAP: building EAP-Request: Identifier 77 > > 1431101867.876377: EAP: EAP entering state SEND_REQUEST > > 1431101867.876379: EAP: EAP entering state IDLE > > 1431101867.876381: EAP: retransmit timeout 3 seconds (from dynamic back off; > retransCount=0) > > 1431101867.876383: IEEE 802.1X: 00:24:d7:6f:eb:c4 AUTH_PAE entering state > CONNECTING > > 1431101867.876386: IEEE 802.1X: 00:24:d7:6f:eb:c4 AUTH_PAE entering state > AUTHENTICATING > > 1431101867.876389: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > REQUEST > > 1431101867.876394: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending EAP > Packet (identifier 77) > > 1431101867.880287: IEEE 802.1X: 14 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.880294: IEEE 802.1X: version=1 type=0 length=10 > > 1431101867.880298: EAP: code=2 identifier=77 length=10 > > 1431101867.880300: (response) > > 1431101867.880305: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received EAP > packet (code=2 id=77 len=10) from STA: EAP Response-Identity (1) > > 1431101867.880322: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > RESPONSE > > 1431101867.880326: EAP: EAP entering state RECEIVED > > 1431101867.880328: EAP: parseEapResp: rxResp=1 respId=77 respMethod=1 > respVendor=0 respVendorMethod=0 > > 1431101867.880331: EAP: EAP entering state INTEGRITY_CHECK > > 1431101867.880333: EAP: EAP entering state METHOD_RESPONSE > > 1431101867.880335: EAP-Identity: Peer identity - hexdump_ascii(len=5): > > 7a 65 6e 6f 6e zenon > > 1431101867.880341: EAP: EAP entering state SELECT_ACTION > > 1431101867.880343: EAP: getDecision: -> PASSTHROUGH > > 1431101867.880345: EAP: EAP entering state INITIALIZE_PASSTHROUGH > > 1431101867.880347: EAP: EAP entering state AAA_REQUEST > > 1431101867.880348: EAP: EAP entering state AAA_IDLE > > 1431101867.880353: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: STA identity > 'zenon' > > 1431101867.880363: Encapsulating EAP message into a RADIUS packet > > 1431101867.880379: wlan0: RADIUS Sending RADIUS message to authentication > server > > 1431101867.880399: wlan0: RADIUS Next RADIUS client retransmit in 3 seconds > > > > 1431101867.882189: wlan0: RADIUS Received 64 bytes from RADIUS server > > 1431101867.882237: wlan0: RADIUS Received RADIUS message > > 1431101867.882254: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received RADIUS > packet matched with a pending request, round trip time 0.00 sec > > 1431101867.882272: RADIUS packet matching with station 00:24:d7:6f:eb:c4 > > 1431101867.882284: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: decapsulated > EAP packet (code=1 id=78 len=6) from RADIUS server: EAP-Request-PEAP (25) > > 1431101867.882305: EAP: EAP entering state AAA_RESPONSE > > 1431101867.882308: EAP: getId: id=78 > > 1431101867.882311: EAP: EAP entering state SEND_REQUEST2 > > 1431101867.882313: EAP: EAP entering state IDLE2 > > 1431101867.882314: EAP: retransmit timeout 3 seconds (from dynamic back off; > retransCount=0) > > 1431101867.882317: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > REQUEST > > 1431101867.882322: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending EAP > Packet (identifier 78) > > 1431101867.883893: IEEE 802.1X: 122 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.883907: IEEE 802.1X: version=1 type=0 length=118 > > 1431101867.883923: EAP: code=2 identifier=78 length=118 > > 1431101867.883925: (response) > > 1431101867.883930: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received EAP > packet (code=2 id=78 len=118) from STA: EAP Response-PEAP (25) > > 1431101867.883947: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > RESPONSE > > 1431101867.883952: EAP: EAP entering state RECEIVED2 > > 1431101867.883954: EAP: parseEapResp: rxResp=1 respId=78 respMethod=25 > respVendor=0 respVendorMethod=0 > > 1431101867.883956: EAP: EAP entering state AAA_REQUEST > > 1431101867.883959: EAP: EAP entering state AAA_IDLE > > 1431101867.883961: Encapsulating EAP message into a RADIUS packet > > 1431101867.883969: Copied RADIUS State Attribute > > 1431101867.883975: wlan0: RADIUS Sending RADIUS message to authentication > server > > 1431101867.883995: wlan0: RADIUS Next RADIUS client retransmit in 3 seconds > > > > 1431101867.890371: wlan0: RADIUS Received 1068 bytes from RADIUS server > > 1431101867.890413: wlan0: RADIUS Received RADIUS message > > 1431101867.890427: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received RADIUS > packet matched with a pending request, round trip time 0.00 sec > > 1431101867.890450: RADIUS packet matching with station 00:24:d7:6f:eb:c4 > > 1431101867.890461: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: decapsulated > EAP packet (code=1 id=79 len=1004) from RADIUS server: EAP-Request-PEAP (25) > > 1431101867.890483: EAP: EAP entering state AAA_RESPONSE > > 1431101867.890486: EAP: getId: id=79 > > 1431101867.890489: EAP: EAP entering state SEND_REQUEST2 > > 1431101867.890491: EAP: EAP entering state IDLE2 > > 1431101867.890493: EAP: retransmit timeout 3 seconds (from dynamic back off; > retransCount=0) > > 1431101867.890495: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > REQUEST > > 1431101867.890500: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending EAP > Packet (identifier 79) > > 1431101867.892393: IEEE 802.1X: 10 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.892408: IEEE 802.1X: version=1 type=0 length=6 > > 1431101867.892423: EAP: code=2 identifier=79 length=6 > > 1431101867.892426: (response) > > 1431101867.892430: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received EAP > packet (code=2 id=79 len=6) from STA: EAP Response-PEAP (25) > > 1431101867.892450: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > RESPONSE > > 1431101867.892454: EAP: EAP entering state RECEIVED2 > > 1431101867.892456: EAP: parseEapResp: rxResp=1 respId=79 respMethod=25 > respVendor=0 respVendorMethod=0 > > 1431101867.892459: EAP: EAP entering state AAA_REQUEST > > 1431101867.892461: EAP: EAP entering state AAA_IDLE > > 1431101867.892463: Encapsulating EAP message into a RADIUS packet > > 1431101867.892471: Copied RADIUS State Attribute > > 1431101867.892477: wlan0: RADIUS Sending RADIUS message to authentication > server > > 1431101867.892496: wlan0: RADIUS Next RADIUS client retransmit in 3 seconds > > > > 1431101867.893138: wlan0: RADIUS Received 1064 bytes from RADIUS server > > 1431101867.893185: wlan0: RADIUS Received RADIUS message > > 1431101867.893204: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received RADIUS > packet matched with a pending request, round trip time 0.00 sec > > 1431101867.893222: RADIUS packet matching with station 00:24:d7:6f:eb:c4 > > 1431101867.893229: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: decapsulated > EAP packet (code=1 id=80 len=1000) from RADIUS server: EAP-Request-PEAP (25) > > 1431101867.893245: EAP: EAP entering state AAA_RESPONSE > > 1431101867.893249: EAP: getId: id=80 > > 1431101867.893251: EAP: EAP entering state SEND_REQUEST2 > > 1431101867.893253: EAP: EAP entering state IDLE2 > > 1431101867.893255: EAP: retransmit timeout 3 seconds (from dynamic back off; > retransCount=0) > > 1431101867.893257: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > REQUEST > > 1431101867.893262: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending EAP > Packet (identifier 80) > > 1431101867.894019: IEEE 802.1X: 10 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.894043: IEEE 802.1X: version=1 type=0 length=6 > > 1431101867.894047: EAP: code=2 identifier=80 length=6 > > 1431101867.894049: (response) > > 1431101867.894054: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received EAP > packet (code=2 id=80 len=6) from STA: EAP Response-PEAP (25) > > 1431101867.894074: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > RESPONSE > > 1431101867.894078: EAP: EAP entering state RECEIVED2 > > 1431101867.894080: EAP: parseEapResp: rxResp=1 respId=80 respMethod=25 > respVendor=0 respVendorMethod=0 > > 1431101867.894083: EAP: EAP entering state AAA_REQUEST > > 1431101867.894085: EAP: EAP entering state AAA_IDLE > > 1431101867.894087: Encapsulating EAP message into a RADIUS packet > > 1431101867.894095: Copied RADIUS State Attribute > > 1431101867.894101: wlan0: RADIUS Sending RADIUS message to authentication > server > > 1431101867.894121: wlan0: RADIUS Next RADIUS client retransmit in 3 seconds > > > > 1431101867.894735: wlan0: RADIUS Received 968 bytes from RADIUS server > > 1431101867.894777: wlan0: RADIUS Received RADIUS message > > 1431101867.894792: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received RADIUS > packet matched with a pending request, round trip time 0.00 sec > > 1431101867.894814: RADIUS packet matching with station 00:24:d7:6f:eb:c4 > > 1431101867.894828: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: decapsulated > EAP packet (code=1 id=81 len=904) from RADIUS server: EAP-Request-PEAP (25) > > 1431101867.894847: EAP: EAP entering state AAA_RESPONSE > > 1431101867.894851: EAP: getId: id=81 > > 1431101867.894853: EAP: EAP entering state SEND_REQUEST2 > > 1431101867.894855: EAP: EAP entering state IDLE2 > > 1431101867.894857: EAP: retransmit timeout 3 seconds (from dynamic back off; > retransCount=0) > > 1431101867.894859: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > REQUEST > > 1431101867.894864: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending EAP > Packet (identifier 81) > > 1431101867.902143: IEEE 802.1X: 212 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.902157: IEEE 802.1X: version=1 type=0 length=208 > > 1431101867.902173: EAP: code=2 identifier=81 length=208 > > 1431101867.902175: (response) > > 1431101867.902180: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received EAP > packet (code=2 id=81 len=208) from STA: EAP Response-PEAP (25) > > 1431101867.902198: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > RESPONSE > > 1431101867.902203: EAP: EAP entering state RECEIVED2 > > 1431101867.902205: EAP: parseEapResp: rxResp=1 respId=81 respMethod=25 > respVendor=0 respVendorMethod=0 > > 1431101867.902207: EAP: EAP entering state AAA_REQUEST > > 1431101867.902209: EAP: EAP entering state AAA_IDLE > > 1431101867.902211: Encapsulating EAP message into a RADIUS packet > > 1431101867.902219: Copied RADIUS State Attribute > > 1431101867.902225: wlan0: RADIUS Sending RADIUS message to authentication > server > > 1431101867.902244: wlan0: RADIUS Next RADIUS client retransmit in 3 seconds > > > > 1431101867.905030: wlan0: RADIUS Received 123 bytes from RADIUS server > > 1431101867.905067: wlan0: RADIUS Received RADIUS message > > 1431101867.905078: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received RADIUS > packet matched with a pending request, round trip time 0.00 sec > > 1431101867.905090: RADIUS packet matching with station 00:24:d7:6f:eb:c4 > > 1431101867.905097: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: decapsulated > EAP packet (code=1 id=82 len=65) from RADIUS server: EAP-Request-PEAP (25) > > 1431101867.905114: EAP: EAP entering state AAA_RESPONSE > > 1431101867.905118: EAP: getId: id=82 > > 1431101867.905120: EAP: EAP entering state SEND_REQUEST2 > > 1431101867.905122: EAP: EAP entering state IDLE2 > > 1431101867.905124: EAP: retransmit timeout 3 seconds (from dynamic back off; > retransCount=0) > > 1431101867.905126: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > REQUEST > > 1431101867.905131: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending EAP > Packet (identifier 82) > > 1431101867.905787: IEEE 802.1X: 10 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.905794: IEEE 802.1X: version=1 type=0 length=6 > > 1431101867.905797: EAP: code=2 identifier=82 length=6 > > 1431101867.905799: (response) > > 1431101867.905804: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received EAP > packet (code=2 id=82 len=6) from STA: EAP Response-PEAP (25) > > 1431101867.905822: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > RESPONSE > > 1431101867.905826: EAP: EAP entering state RECEIVED2 > > 1431101867.905828: EAP: parseEapResp: rxResp=1 respId=82 respMethod=25 > respVendor=0 respVendorMethod=0 > > 1431101867.905831: EAP: EAP entering state AAA_REQUEST > > 1431101867.905833: EAP: EAP entering state AAA_IDLE > > 1431101867.905835: Encapsulating EAP message into a RADIUS packet > > 1431101867.905843: Copied RADIUS State Attribute > > 1431101867.905848: wlan0: RADIUS Sending RADIUS message to authentication > server > > 1431101867.905867: wlan0: RADIUS Next RADIUS client retransmit in 3 seconds > > > > 1431101867.906465: wlan0: RADIUS Received 101 bytes from RADIUS server > > 1431101867.906501: wlan0: RADIUS Received RADIUS message > > 1431101867.906512: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received RADIUS > packet matched with a pending request, round trip time 0.00 sec > > 1431101867.906523: RADIUS packet matching with station 00:24:d7:6f:eb:c4 > > 1431101867.906529: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: decapsulated > EAP packet (code=1 id=83 len=43) from RADIUS server: EAP-Request-PEAP (25) > > 1431101867.906541: EAP: EAP entering state AAA_RESPONSE > > 1431101867.906544: EAP: getId: id=83 > > 1431101867.906546: EAP: EAP entering state SEND_REQUEST2 > > 1431101867.906548: EAP: EAP entering state IDLE2 > > 1431101867.906550: EAP: retransmit timeout 3 seconds (from dynamic back off; > retransCount=0) > > 1431101867.906552: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > REQUEST > > 1431101867.906556: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending EAP > Packet (identifier 83) > > 1431101867.907142: IEEE 802.1X: 84 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.907155: IEEE 802.1X: version=1 type=0 length=80 > > 1431101867.907172: EAP: code=2 identifier=83 length=80 > > 1431101867.907174: (response) > > 1431101867.907179: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received EAP > packet (code=2 id=83 len=80) from STA: EAP Response-PEAP (25) > > 1431101867.907196: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > RESPONSE > > 1431101867.907200: EAP: EAP entering state RECEIVED2 > > 1431101867.907202: EAP: parseEapResp: rxResp=1 respId=83 respMethod=25 > respVendor=0 respVendorMethod=0 > > 1431101867.907204: EAP: EAP entering state AAA_REQUEST > > 1431101867.907206: EAP: EAP entering state AAA_IDLE > > 1431101867.907208: Encapsulating EAP message into a RADIUS packet > > 1431101867.907216: Copied RADIUS State Attribute > > 1431101867.907221: wlan0: RADIUS Sending RADIUS message to authentication > server > > 1431101867.907240: wlan0: RADIUS Next RADIUS client retransmit in 3 seconds > > > > 1431101867.907972: wlan0: RADIUS Received 133 bytes from RADIUS server > > 1431101867.908012: wlan0: RADIUS Received RADIUS message > > 1431101867.908027: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received RADIUS > packet matched with a pending request, round trip time 0.00 sec > > 1431101867.908046: RADIUS packet matching with station 00:24:d7:6f:eb:c4 > > 1431101867.908057: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: decapsulated > EAP packet (code=1 id=84 len=75) from RADIUS server: EAP-Request-PEAP (25) > > 1431101867.908077: EAP: EAP entering state AAA_RESPONSE > > 1431101867.908080: EAP: getId: id=84 > > 1431101867.908082: EAP: EAP entering state SEND_REQUEST2 > > 1431101867.908085: EAP: EAP entering state IDLE2 > > 1431101867.908086: EAP: retransmit timeout 3 seconds (from dynamic back off; > retransCount=0) > > 1431101867.908089: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > REQUEST > > 1431101867.908094: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending EAP > Packet (identifier 84) > > 1431101867.909646: IEEE 802.1X: 148 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.909670: IEEE 802.1X: version=1 type=0 length=144 > > 1431101867.909674: EAP: code=2 identifier=84 length=144 > > 1431101867.909677: (response) > > 1431101867.909684: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received EAP > packet (code=2 id=84 len=144) from STA: EAP Response-PEAP (25) > > 1431101867.909709: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > RESPONSE > > 1431101867.909716: EAP: EAP entering state RECEIVED2 > > 1431101867.909719: EAP: parseEapResp: rxResp=1 respId=84 respMethod=25 > respVendor=0 respVendorMethod=0 > > 1431101867.909724: EAP: EAP entering state AAA_REQUEST > > 1431101867.909728: EAP: EAP entering state AAA_IDLE > > 1431101867.909732: Encapsulating EAP message into a RADIUS packet > > 1431101867.909743: Copied RADIUS State Attribute > > 1431101867.909753: wlan0: RADIUS Sending RADIUS message to authentication > server > > 1431101867.909781: wlan0: RADIUS Next RADIUS client retransmit in 3 seconds > > > > 1431101867.920871: wlan0: RADIUS Received 149 bytes from RADIUS server > > 1431101867.920907: wlan0: RADIUS Received RADIUS message > > 1431101867.920923: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received RADIUS > packet matched with a pending request, round trip time 0.01 sec > > 1431101867.920942: RADIUS packet matching with station 00:24:d7:6f:eb:c4 > > 1431101867.920952: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: decapsulated > EAP packet (code=1 id=85 len=91) from RADIUS server: EAP-Request-PEAP (25) > > 1431101867.920972: EAP: EAP entering state AAA_RESPONSE > > 1431101867.920976: EAP: getId: id=85 > > 1431101867.920977: EAP: EAP entering state SEND_REQUEST2 > > 1431101867.920979: EAP: EAP entering state IDLE2 > > 1431101867.920981: EAP: retransmit timeout 3 seconds (from dynamic back off; > retransCount=0) > > 1431101867.920984: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > REQUEST > > 1431101867.920988: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending EAP > Packet (identifier 85) > > 1431101867.922767: IEEE 802.1X: 84 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.922782: IEEE 802.1X: version=1 type=0 length=80 > > 1431101867.922798: EAP: code=2 identifier=85 length=80 > > 1431101867.922800: (response) > > 1431101867.922804: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received EAP > packet (code=2 id=85 len=80) from STA: EAP Response-PEAP (25) > > 1431101867.922823: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > RESPONSE > > 1431101867.922827: EAP: EAP entering state RECEIVED2 > > 1431101867.922829: EAP: parseEapResp: rxResp=1 respId=85 respMethod=25 > respVendor=0 respVendorMethod=0 > > 1431101867.922832: EAP: EAP entering state AAA_REQUEST > > 1431101867.922834: EAP: EAP entering state AAA_IDLE > > 1431101867.922837: Encapsulating EAP message into a RADIUS packet > > 1431101867.922844: Copied RADIUS State Attribute > > 1431101867.922850: wlan0: RADIUS Sending RADIUS message to authentication > server > > 1431101867.922869: wlan0: RADIUS Next RADIUS client retransmit in 3 seconds > > > > 1431101867.962095: wlan0: RADIUS Received 101 bytes from RADIUS server > > 1431101867.962130: wlan0: RADIUS Received RADIUS message > > 1431101867.962140: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received RADIUS > packet matched with a pending request, round trip time 0.03 sec > > 1431101867.962152: RADIUS packet matching with station 00:24:d7:6f:eb:c4 > > 1431101867.962158: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: decapsulated > EAP packet (code=1 id=86 len=43) from RADIUS server: EAP-Request-PEAP (25) > > 1431101867.962171: EAP: EAP entering state AAA_RESPONSE > > 1431101867.962174: EAP: getId: id=86 > > 1431101867.962176: EAP: EAP entering state SEND_REQUEST2 > > 1431101867.962178: EAP: EAP entering state IDLE2 > > 1431101867.962179: EAP: retransmit timeout 3 seconds (from dynamic back off; > retransCount=0) > > 1431101867.962182: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > REQUEST > > 1431101867.962186: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending EAP > Packet (identifier 86) > > 1431101867.970388: IEEE 802.1X: 84 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.970403: IEEE 802.1X: version=1 type=0 length=80 > > 1431101867.970419: EAP: code=2 identifier=86 length=80 > > 1431101867.970421: (response) > > 1431101867.970426: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received EAP > packet (code=2 id=86 len=80) from STA: EAP Response-PEAP (25) > > 1431101867.970446: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > RESPONSE > > 1431101867.970450: EAP: EAP entering state RECEIVED2 > > 1431101867.970452: EAP: parseEapResp: rxResp=1 respId=86 respMethod=25 > respVendor=0 respVendorMethod=0 > > 1431101867.970455: EAP: EAP entering state AAA_REQUEST > > 1431101867.970457: EAP: EAP entering state AAA_IDLE > > 1431101867.970459: Encapsulating EAP message into a RADIUS packet > > 1431101867.970467: Copied RADIUS State Attribute > > 1431101867.970473: wlan0: RADIUS Sending RADIUS message to authentication > server > > 1431101867.970492: wlan0: RADIUS Next RADIUS client retransmit in 3 seconds > > > > 1431101867.971435: wlan0: RADIUS Received 167 bytes from RADIUS server > > 1431101867.971473: wlan0: RADIUS Received RADIUS message > > 1431101867.971489: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received RADIUS > packet matched with a pending request, round trip time 0.00 sec > > 1431101867.971507: RADIUS packet matching with station 00:24:d7:6f:eb:c4 > > 1431101867.971520: MS-MPPE-Send-Key - hexdump(len=32): [REMOVED] > > 1431101867.971524: MS-MPPE-Recv-Key - hexdump(len=32): [REMOVED] > > 1431101867.971529: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: old identity > 'zenon' updated with User-Name from Access-Accept 'zenon' > > 1431101867.971545: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: decapsulated > EAP packet (code=3 id=86 len=4) from RADIUS server: EAP Success > > 1431101867.971558: EAP: EAP entering state SUCCESS2 > > 1431101867.971561: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > SUCCESS > > 1431101867.971566: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending EAP > Packet (identifier 86) > > 1431101867.971586: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering state > IDLE > > 1431101867.971597: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state INITPMK > > 1431101867.971600: WPA: PMK from EAPOL state machine (len=64) > > 1431101867.971603: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state PTKSTART > > 1431101867.971607: wlan0: STA 00:24:d7:6f:eb:c4 WPA: sending 1/4 msg of > 4-Way Handshake > > 1431101867.971618: WPA: Send EAPOL(version=1 secure=0 mic=0 ack=1 install=0 > pairwise=8 kde_len=0 keyidx=0 encr=0) > > 1431101867.986144: IEEE 802.1X: 123 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.986164: IEEE 802.1X: version=1 type=3 length=119 > > 1431101867.986174: wlan0: STA 00:24:d7:6f:eb:c4 WPA: received EAPOL-Key > frame (2/4 Pairwise) > > 1431101867.986192: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state > PTKCALCNEGOTIATING > > 1431101867.986213: WPA: PTK derivation - A1=00:0e:2e:c4:2f:e7 > A2=00:24:d7:6f:eb:c4 > > 1431101867.986220: WPA: PMK - hexdump(len=32): [REMOVED] > > 1431101867.986224: WPA: PTK - hexdump(len=64): [REMOVED] > > 1431101867.986232: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state > PTKCALCNEGOTIATING2 > > 1431101867.986237: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state > PTKINITNEGOTIATING > > 1431101867.986243: bsd_get_seqnum: addr=00:00:00:00:00:00 idx=1 > > 1431101867.986255: wlan0: STA 00:24:d7:6f:eb:c4 WPA: sending 3/4 msg of > 4-Way Handshake > > 1431101867.986272: WPA: Send EAPOL(version=1 secure=0 mic=1 ack=1 install=1 > pairwise=8 kde_len=24 keyidx=0 encr=0) > > 1431101867.986765: IEEE 802.1X: 99 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.986779: IEEE 802.1X: version=1 type=3 length=95 > > 1431101867.986797: wlan0: STA 00:24:d7:6f:eb:c4 WPA: received EAPOL-Key > frame (4/4 Pairwise) > > 1431101867.986814: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state PTKINITDONE > > 1431101867.986818: bsd_set_key: alg=2 addr=0x8014908d0 key_idx=0 set_tx=1 > seq_len=0 key_len=32 > > 1431101867.986868: ioctl[SIOCS80211, op=19, val=0, arg_len=64]: Device not > configured > > 1431101867.986874: hostapd_wpa_auth_disconnect: WPA authenticator requests > disconnect: STA 00:24:d7:6f:eb:c4 reason 2 > > 1431101867.986901: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.11: deauthenticated > due to local deauth request > > 1431101867.986919: EAP: Server state machine removed > > 1431101867.986928: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.11: disassociated > > 1431101867.986936: Disassociation notification for unknown STA > 00:24:d7:6f:eb:c4 > > ^C1431101872.085020: Signal 2 received - terminating > > 1431101872.085031: Flushing old station entries > > 1431101872.085040: Deauthenticate all stations > > 1431101872.085121: wlan0: RADIUS Sending RADIUS message to accounting server > > 1431101872.085149: bsd_set_privacy: enabled=0 > > 1431101872.085156: bsd_set_opt_ie: set WPA+RSN ie (len 0) > > 1431101872.085166: bsd_set_ieee8021x: enabled=0 > > > > hostapd.conf: > > interface=wlan0 > > driver=bsd > > logger_syslog=-1 > > logger_syslog_level=0 > > debug=2 > > dump_file=/tmp/hostapd.dump > > ctrl_interface=/var/run/hostapd > > ctrl_interface_group=0 > > ssid=RADIUS > > hw_mode=g > > own_ip_addr=127.0.0.1 > > ieee8021x=1 > > nas_identifier=app-k7 > > auth_server_addr=10.146.20.137 > > auth_server_port=1812 > > auth_server_shared_secret=azxswqtgbnhyt > > acct_server_addr=10.146.20.137 > > acct_server_port=1813 > > acct_server_shared_secret=azxswqtgbnhyt > > radius_retry_primary_interval=600 > > radius_acct_interim_interval=900 > > wpa=1 > > wpa_key_mgmt=WPA-EAP > > > > Best regards > > Marcin Michta > > _______________________________________________ > freebsd-wireless@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-wireless > To unsubscribe, send any mail to "freebsd-wireless-unsubscribe@freebsd.org" From owner-freebsd-wireless@FreeBSD.ORG Wed May 13 20:50:02 2015 Return-Path: <owner-freebsd-wireless@FreeBSD.ORG> Delivered-To: freebsd-wireless@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EE37A627; Wed, 13 May 2015 20:50:01 +0000 (UTC) Received: from mail-wg0-x233.google.com (mail-wg0-x233.google.com [IPv6:2a00:1450:400c:c00::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6853C13AB; Wed, 13 May 2015 20:50:01 +0000 (UTC) Received: by wgbhc8 with SMTP id hc8so21961832wgb.3; Wed, 13 May 2015 13:49:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-type:content-transfer-encoding:thread-index :content-language; bh=jh2GtkzeIsn2IHlh5bPLxKSIIAXuPz8Ri4JfPCUQwT4=; b=Rajx5PFqzpYi2wxiojyjSda3vEnLTFzXqxlWIS/kqpPVVsTG8lXG9TGOKbfOcck5GG p2FnkAGg76hAYpHKkL1dsHC3RqGbnIDtFtOmHLqL8g/PwCPBspWNsc05oM0GuA4beC7S Bf4vI21zHACTBdpDwUsm870eJZ2TQt1W4HMRpUfzRIowwiSAEErNvPA3PnAcX4cht5b1 Q8U7dY3XOVPd4e9Tqnm0EJfUsH/vpuaLbFnwJLc1DCENfx7atabDvNjjnnq4vA4UUHn8 kAmhlC/MnOIF8j7pQZBHl69iAXakOa/F+E/MLOGnZqy/eS4TVn5jHuRxguquuqC/8A9f whTA== X-Received: by 10.180.77.83 with SMTP id q19mr41648774wiw.89.1431550199773; Wed, 13 May 2015 13:49:59 -0700 (PDT) Received: from botmachine (muszelka.nat.student.pw.edu.pl. [194.29.137.5]) by mx.google.com with ESMTPSA id mc20sm9828841wic.15.2015.05.13.13.49.57 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 13 May 2015 13:49:59 -0700 (PDT) From: "Marcin Michta" <marcin.michta@gmail.com> To: "'Adrian Chadd'" <adrian@freebsd.org> Cc: <freebsd-wireless@freebsd.org> References: <01e701d08d75$fed02bd0$fc708370$@gmail.com> <CAJ-VmokxL6Zz=K2p9zeg84_EF5zr6Kk4mWv=oxt2FA59JktA0w@mail.gmail.com> In-Reply-To: <CAJ-VmokxL6Zz=K2p9zeg84_EF5zr6Kk4mWv=oxt2FA59JktA0w@mail.gmail.com> Subject: RE: hostapd + freeradius can't connect Date: Wed, 13 May 2015 22:49:56 +0200 Message-ID: <003c01d08dbe$6018b900$204a2b00$@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQLmW7Myy37hx44G94iEUPVz4fJerwJvc76jmztEOJA= Content-Language: pl X-BeenThere: freebsd-wireless@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussions of 802.11 stack, tools device driver development." <freebsd-wireless.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-wireless>, <mailto:freebsd-wireless-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-wireless/>; List-Post: <mailto:freebsd-wireless@freebsd.org> List-Help: <mailto:freebsd-wireless-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-wireless>, <mailto:freebsd-wireless-request@freebsd.org?subject=subscribe> X-List-Received-Date: Wed, 13 May 2015 20:50:02 -0000 When I set on Cisco AP my freeradius server all works fine. All devices can connect to network. So I guess that is not freeradius's = fault My radius configs: radiusd.conf: prefix =3D /usr/local exec_prefix =3D ${prefix} sysconfdir =3D ${prefix}/etc localstatedir =3D /var sbindir =3D ${exec_prefix}/sbin logdir =3D /var/log raddbdir =3D ${sysconfdir}/raddb radacctdir =3D ${logdir}/radacct name =3D radiusd confdir =3D ${raddbdir} modconfdir =3D ${confdir}/mods-config certdir =3D ${confdir}/certs cadir =3D ${confdir}/certs run_dir =3D ${localstatedir}/run/${name} db_dir =3D ${raddbdir} libdir =3D /usr/local/lib/freeradius-3.0.8 pidfile =3D ${run_dir}/${name}.pid correct_escapes =3D true max_request_time =3D 30 cleanup_delay =3D 5 max_requests =3D 1024 hostname_lookups =3D no log { destination =3D files colourise =3D yes file =3D ${logdir}/radiusd syslog_facility =3D daemon stripped_names =3D no auth =3D yes msg_denied =3D "You are already logged in - access denied" } checkrad =3D ${sbindir}/checkrad security { user =3D freeradius group =3D freeradius allow_core_dumps =3D no max_attributes =3D 200 reject_delay =3D 1 status_server =3D yes allow_vulnerable_openssl =3D no } proxy_requests =3D yes $INCLUDE proxy.conf $INCLUDE clients.conf thread pool { start_servers =3D 5 max_servers =3D 32 min_spare_servers =3D 3 max_spare_servers =3D 10 max_requests_per_server =3D 0 auto_limit_acct =3D no } modules { $INCLUDE mods-enabled/ } instantiate { } policy { $INCLUDE policy.d/ } $INCLUDE sites-enabled/ ######################## sites-enabled/default: server default { listen { type =3D auth ipaddr =3D * port =3D 0 limit { max_connections =3D 16 lifetime =3D 0 idle_timeout =3D 30 } } listen { ipaddr =3D * port =3D 0 type =3D acct limit { } } listen { type =3D auth port =3D 0 limit { max_connections =3D 16 lifetime =3D 0 idle_timeout =3D 30 } } listen { ipv6addr =3D :: port =3D 0 type =3D acct limit { } } authorize { filter_username preprocess digest suffix eap { ok =3D return } expiration logintime } authenticate { digest eap } preacct { preprocess acct_unique suffix files } accounting { detail unix exec attr_filter.accounting_response } session { } post-auth { update { &reply: +=3D &session-state: } exec remove_reply_message_if_eap Post-Auth-Type REJECT { attr_filter.access_reject eap remove_reply_message_if_eap } } pre-proxy { } post-proxy { eap } } ######################## sites-enabled/inner-tunnel: server inner-tunnel { listen { ipaddr =3D 127.0.0.1 port =3D 18120 type =3D auth } authorize { chap mschap suffix update control { &Proxy-To-Realm :=3D LOCAL } eap { ok =3D return } files ldap expiration logintime pap } authenticate { Auth-Type PAP { ldap } chap Auth-Type MS-CHAP { mschap } eap } session { radutmp } post-auth { reply_log ldap Post-Auth-Type REJECT { attr_filter.access_reject update outer.session-state { &Module-Failure-Message :=3D = &request:Module-Failure-Message } } } pre-proxy { } post-proxy { eap } ######################## mods-enabled/eap: eap { default_eap_type =3D peap timer_expire =3D 60 ignore_unknown_eap_types =3D no cisco_accounting_username_bug =3D no max_sessions =3D ${max_requests} gtc { auth_type =3D PAP } tls-config tls-common { private_key_password =3D whatever private_key_file =3D ${certdir}/server.pem certificate_file =3D ${certdir}/server.pem ca_file =3D ${cadir}/ca.pem dh_file =3D ${certdir}/dh ca_path =3D ${cadir} cipher_list =3D "DEFAULT" ecdh_curve =3D "prime256v1" cache { enable =3D yes max_entries =3D 255 } verify { } ocsp { enable =3D no override_cert_url =3D yes url =3D "http://127.0.0.1/ocsp/" } } tls { tls =3D tls-common } ttls { tls =3D tls-common default_eap_type =3D mschapv2 copy_request_to_tunnel =3D no use_tunneled_reply =3D no virtual_server =3D "inner-tunnel" } peap { tls =3D tls-common default_eap_type =3D mschapv2 copy_request_to_tunnel =3D no use_tunneled_reply =3D no virtual_server =3D "inner-tunnel" } mschapv2 { } } > Hi! > > I haven't tested radius+wpa before; what's your radius config look = like? >=20 > (It'd be good to document how to do this in the wiki/handbook.) > > > > -a On 13 May 2015 at 05:11, Marcin Michta <marcin.michta@gmail.com> wrote: > Hi all, > So I'm trying configure hostapd to work (peap + mschapv2). I tried=20 > connect by wpa_suplicant on FreeBSD, and Ubuntu with gui, but without = success. > Freeradius allow to connect, but connections are failed - every time = get: > > hostapd_wpa_auth_disconnect: WPA authenticator requests disconnect:=20 > STA > 00:24:d7:6f:eb:c4 reason 2 > > > > Where is mistake/bug? Or what is wrong? > log: > > 1431101834.596845: Configuration file: hostapd.conf > > 1431101834.596913: Line 10: DEPRECATED: 'debug' configuration variable = > is not used anymore > > 1431101834.626788: ctrl_interface_group=3D0 > > 1431101834.627088: BSS count 1, BSSID mask 00:00:00:00:00:00 (0 bits) > > 1431101834.627098: Completing interface initialization > > 1431101834.627101: Flushing old station entries > > 1431101834.627109: Deauthenticate all stations > > 1431101834.627113: bsd_set_privacy: enabled=3D0 > > 1431101834.627117: bsd_set_key: alg=3D0 addr=3D0x0 key_idx=3D0 = set_tx=3D1=20 > seq_len=3D0 > key_len=3D0 > > 1431101834.627120: bsd_del_key: key_idx=3D0 > > 1431101834.627124: bsd_set_key: alg=3D0 addr=3D0x0 key_idx=3D1 = set_tx=3D0=20 > seq_len=3D0 > key_len=3D0 > > 1431101834.627127: bsd_del_key: key_idx=3D1 > > 1431101834.627130: bsd_set_key: alg=3D0 addr=3D0x0 key_idx=3D2 = set_tx=3D0=20 > seq_len=3D0 > key_len=3D0 > > 1431101834.627133: bsd_del_key: key_idx=3D2 > > 1431101834.627136: bsd_set_key: alg=3D0 addr=3D0x0 key_idx=3D3 = set_tx=3D0=20 > seq_len=3D0 > key_len=3D0 > > 1431101834.627139: bsd_del_key: key_idx=3D3 > > 1431101834.627143: Using interface wlan0 with hwaddr 00:0e:2e:c4:2f:e7 = > and ssid 'RADIUS' > > 1431101834.627155: wlan0: RADIUS Authentication server=20 > 10.146.20.137:1812 > > 1431101834.627257: RADIUS local address: 10.146.103.7:14137 > > 1431101834.627270: wlan0: RADIUS Accounting server 10.146.20.137:1813 > > 1431101834.627288: RADIUS local address: 10.146.103.7:14773 > > 1431101834.627294: bsd_set_ieee8021x: enabled=3D1 > > 1431101834.627296: bsd_configure_wpa: enable WPA=3D 0x1 > > 1431101834.627514: WPA: group state machine entering state GTK_INIT=20 > (VLAN-ID > 0) > > 1431101834.627527: GMK - hexdump(len=3D32): [REMOVED] > > 1431101834.627530: GTK - hexdump(len=3D32): [REMOVED] > > 1431101834.627532: WPA: group state machine entering state SETKEYSDONE = > (VLAN-ID 0) > > 1431101834.627535: bsd_set_key: alg=3D2 addr=3D0x0 key_idx=3D1 = set_tx=3D1=20 > seq_len=3D0 > key_len=3D32 > > 1431101834.632173: ioctl[SIOCS80211, op=3D19, val=3D0, arg_len=3D64]: = Device=20 > not configured > > 1431101834.632194: bsd_set_privacy: enabled=3D1 > > 1431101834.632200: bsd_set_opt_ie: set WPA+RSN ie (len 24) > > 1431101834.632229: wlan0: RADIUS Sending RADIUS message to accounting=20 > server > > 1431101834.632259: wlan0: RADIUS Next RADIUS client retransmit in 3=20 > seconds > > > > 1431101834.702842: wlan0: Setup of interface done. > > 1431101834.702886: Discard routing message to if#0 (not for us 8) > > > > 1431101834.702897: wlan0: RADIUS Received 20 bytes from RADIUS server > > 1431101834.702914: wlan0: RADIUS Received RADIUS message > > 1431101834.702925: wlan0: STA 00:00:00:00:00:00 RADIUS: Received=20 > RADIUS packet matched with a pending request, round trip time 0.07 sec > > 1431101867.876189: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.11:=20 > associated > > 1431101867.876215: STA included WPA IE in (Re)AssocReq > > 1431101867.876220: New STA > > 1431101867.876230: wlan0: STA 00:24:d7:6f:eb:c4 WPA: event 1=20 > notification > > 1431101867.876243: bsd_set_key: alg=3D0 addr=3D0x8014908d0 key_idx=3D0 = > set_tx=3D1 > seq_len=3D0 key_len=3D0 > > 1431101867.876248: bsd_del_key: addr=3D00:24:d7:6f:eb:c4 > > 1431101867.876258: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: start=20 > authentication > > 1431101867.876270: EAP: Server state machine created > > 1431101867.876275: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state IDLE > > 1431101867.876279: IEEE 802.1X: 00:24:d7:6f:eb:c4 CTRL_DIR entering=20 > state FORCE_BOTH > > 1431101867.876291: wlan0: STA 00:24:d7:6f:eb:c4 WPA: start=20 > authentication > > 1431101867.876302: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state=20 > INITIALIZE > > 1431101867.876307: bsd_set_key: alg=3D0 addr=3D0x8014908d0 key_idx=3D0 = > set_tx=3D1 > seq_len=3D0 key_len=3D0 > > 1431101867.876310: bsd_del_key: addr=3D00:24:d7:6f:eb:c4 > > 1431101867.876316: WPA: 00:24:d7:6f:eb:c4 WPA_PTK_GROUP entering state = > IDLE > > 1431101867.876319: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state=20 > AUTHENTICATION > > 1431101867.876322: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state > AUTHENTICATION2 > > 1431101867.876329: IEEE 802.1X: 00:24:d7:6f:eb:c4 AUTH_PAE entering=20 > state DISCONNECTED > > 1431101867.876337: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X:=20 > unauthorizing port > > 1431101867.876348: IEEE 802.1X: 00:24:d7:6f:eb:c4 AUTH_PAE entering=20 > state RESTART > > 1431101867.876354: EAP: EAP entering state INITIALIZE > > 1431101867.876358: CTRL-EVENT-EAP-STARTED 00:24:d7:6f:eb:c4 > > 1431101867.876360: EAP: EAP entering state SELECT_ACTION > > 1431101867.876362: EAP: getDecision: no identity known yet -> CONTINUE > > 1431101867.876364: EAP: EAP entering state PROPOSE_METHOD > > 1431101867.876366: EAP: getNextMethod: vendor 0 type 1 > > 1431101867.876369: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=3D0 = method=3D1 > > 1431101867.876371: EAP: EAP entering state METHOD_REQUEST > > 1431101867.876374: EAP: building EAP-Request: Identifier 77 > > 1431101867.876377: EAP: EAP entering state SEND_REQUEST > > 1431101867.876379: EAP: EAP entering state IDLE > > 1431101867.876381: EAP: retransmit timeout 3 seconds (from dynamic=20 > back off; > retransCount=3D0) > > 1431101867.876383: IEEE 802.1X: 00:24:d7:6f:eb:c4 AUTH_PAE entering=20 > state CONNECTING > > 1431101867.876386: IEEE 802.1X: 00:24:d7:6f:eb:c4 AUTH_PAE entering=20 > state AUTHENTICATING > > 1431101867.876389: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state REQUEST > > 1431101867.876394: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending=20 > EAP Packet (identifier 77) > > 1431101867.880287: IEEE 802.1X: 14 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.880294: IEEE 802.1X: version=3D1 type=3D0 length=3D10 > > 1431101867.880298: EAP: code=3D2 identifier=3D77 length=3D10 > > 1431101867.880300: (response) > > 1431101867.880305: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received=20 > EAP packet (code=3D2 id=3D77 len=3D10) from STA: EAP Response-Identity = (1) > > 1431101867.880322: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state RESPONSE > > 1431101867.880326: EAP: EAP entering state RECEIVED > > 1431101867.880328: EAP: parseEapResp: rxResp=3D1 respId=3D77 = respMethod=3D1 > respVendor=3D0 respVendorMethod=3D0 > > 1431101867.880331: EAP: EAP entering state INTEGRITY_CHECK > > 1431101867.880333: EAP: EAP entering state METHOD_RESPONSE > > 1431101867.880335: EAP-Identity: Peer identity - = hexdump_ascii(len=3D5): > > 7a 65 6e 6f 6e zenon > > 1431101867.880341: EAP: EAP entering state SELECT_ACTION > > 1431101867.880343: EAP: getDecision: -> PASSTHROUGH > > 1431101867.880345: EAP: EAP entering state INITIALIZE_PASSTHROUGH > > 1431101867.880347: EAP: EAP entering state AAA_REQUEST > > 1431101867.880348: EAP: EAP entering state AAA_IDLE > > 1431101867.880353: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: STA=20 > identity 'zenon' > > 1431101867.880363: Encapsulating EAP message into a RADIUS packet > > 1431101867.880379: wlan0: RADIUS Sending RADIUS message to=20 > authentication server > > 1431101867.880399: wlan0: RADIUS Next RADIUS client retransmit in 3=20 > seconds > > > > 1431101867.882189: wlan0: RADIUS Received 64 bytes from RADIUS server > > 1431101867.882237: wlan0: RADIUS Received RADIUS message > > 1431101867.882254: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received=20 > RADIUS packet matched with a pending request, round trip time 0.00 sec > > 1431101867.882272: RADIUS packet matching with station=20 > 00:24:d7:6f:eb:c4 > > 1431101867.882284: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X:=20 > decapsulated EAP packet (code=3D1 id=3D78 len=3D6) from RADIUS server: = > EAP-Request-PEAP (25) > > 1431101867.882305: EAP: EAP entering state AAA_RESPONSE > > 1431101867.882308: EAP: getId: id=3D78 > > 1431101867.882311: EAP: EAP entering state SEND_REQUEST2 > > 1431101867.882313: EAP: EAP entering state IDLE2 > > 1431101867.882314: EAP: retransmit timeout 3 seconds (from dynamic=20 > back off; > retransCount=3D0) > > 1431101867.882317: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state REQUEST > > 1431101867.882322: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending=20 > EAP Packet (identifier 78) > > 1431101867.883893: IEEE 802.1X: 122 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.883907: IEEE 802.1X: version=3D1 type=3D0 length=3D118 > > 1431101867.883923: EAP: code=3D2 identifier=3D78 length=3D118 > > 1431101867.883925: (response) > > 1431101867.883930: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received=20 > EAP packet (code=3D2 id=3D78 len=3D118) from STA: EAP Response-PEAP = (25) > > 1431101867.883947: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state RESPONSE > > 1431101867.883952: EAP: EAP entering state RECEIVED2 > > 1431101867.883954: EAP: parseEapResp: rxResp=3D1 respId=3D78 = respMethod=3D25 > respVendor=3D0 respVendorMethod=3D0 > > 1431101867.883956: EAP: EAP entering state AAA_REQUEST > > 1431101867.883959: EAP: EAP entering state AAA_IDLE > > 1431101867.883961: Encapsulating EAP message into a RADIUS packet > > 1431101867.883969: Copied RADIUS State Attribute > > 1431101867.883975: wlan0: RADIUS Sending RADIUS message to=20 > authentication server > > 1431101867.883995: wlan0: RADIUS Next RADIUS client retransmit in 3=20 > seconds > > > > 1431101867.890371: wlan0: RADIUS Received 1068 bytes from RADIUS=20 > server > > 1431101867.890413: wlan0: RADIUS Received RADIUS message > > 1431101867.890427: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received=20 > RADIUS packet matched with a pending request, round trip time 0.00 sec > > 1431101867.890450: RADIUS packet matching with station=20 > 00:24:d7:6f:eb:c4 > > 1431101867.890461: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X:=20 > decapsulated EAP packet (code=3D1 id=3D79 len=3D1004) from RADIUS = server:=20 > EAP-Request-PEAP (25) > > 1431101867.890483: EAP: EAP entering state AAA_RESPONSE > > 1431101867.890486: EAP: getId: id=3D79 > > 1431101867.890489: EAP: EAP entering state SEND_REQUEST2 > > 1431101867.890491: EAP: EAP entering state IDLE2 > > 1431101867.890493: EAP: retransmit timeout 3 seconds (from dynamic=20 > back off; > retransCount=3D0) > > 1431101867.890495: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state REQUEST > > 1431101867.890500: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending=20 > EAP Packet (identifier 79) > > 1431101867.892393: IEEE 802.1X: 10 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.892408: IEEE 802.1X: version=3D1 type=3D0 length=3D6 > > 1431101867.892423: EAP: code=3D2 identifier=3D79 length=3D6 > > 1431101867.892426: (response) > > 1431101867.892430: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received=20 > EAP packet (code=3D2 id=3D79 len=3D6) from STA: EAP Response-PEAP (25) > > 1431101867.892450: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state RESPONSE > > 1431101867.892454: EAP: EAP entering state RECEIVED2 > > 1431101867.892456: EAP: parseEapResp: rxResp=3D1 respId=3D79 = respMethod=3D25 > respVendor=3D0 respVendorMethod=3D0 > > 1431101867.892459: EAP: EAP entering state AAA_REQUEST > > 1431101867.892461: EAP: EAP entering state AAA_IDLE > > 1431101867.892463: Encapsulating EAP message into a RADIUS packet > > 1431101867.892471: Copied RADIUS State Attribute > > 1431101867.892477: wlan0: RADIUS Sending RADIUS message to=20 > authentication server > > 1431101867.892496: wlan0: RADIUS Next RADIUS client retransmit in 3=20 > seconds > > > > 1431101867.893138: wlan0: RADIUS Received 1064 bytes from RADIUS=20 > server > > 1431101867.893185: wlan0: RADIUS Received RADIUS message > > 1431101867.893204: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received=20 > RADIUS packet matched with a pending request, round trip time 0.00 sec > > 1431101867.893222: RADIUS packet matching with station=20 > 00:24:d7:6f:eb:c4 > > 1431101867.893229: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X:=20 > decapsulated EAP packet (code=3D1 id=3D80 len=3D1000) from RADIUS = server:=20 > EAP-Request-PEAP (25) > > 1431101867.893245: EAP: EAP entering state AAA_RESPONSE > > 1431101867.893249: EAP: getId: id=3D80 > > 1431101867.893251: EAP: EAP entering state SEND_REQUEST2 > > 1431101867.893253: EAP: EAP entering state IDLE2 > > 1431101867.893255: EAP: retransmit timeout 3 seconds (from dynamic=20 > back off; > retransCount=3D0) > > 1431101867.893257: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state REQUEST > > 1431101867.893262: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending=20 > EAP Packet (identifier 80) > > 1431101867.894019: IEEE 802.1X: 10 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.894043: IEEE 802.1X: version=3D1 type=3D0 length=3D6 > > 1431101867.894047: EAP: code=3D2 identifier=3D80 length=3D6 > > 1431101867.894049: (response) > > 1431101867.894054: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received=20 > EAP packet (code=3D2 id=3D80 len=3D6) from STA: EAP Response-PEAP (25) > > 1431101867.894074: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state RESPONSE > > 1431101867.894078: EAP: EAP entering state RECEIVED2 > > 1431101867.894080: EAP: parseEapResp: rxResp=3D1 respId=3D80 = respMethod=3D25 > respVendor=3D0 respVendorMethod=3D0 > > 1431101867.894083: EAP: EAP entering state AAA_REQUEST > > 1431101867.894085: EAP: EAP entering state AAA_IDLE > > 1431101867.894087: Encapsulating EAP message into a RADIUS packet > > 1431101867.894095: Copied RADIUS State Attribute > > 1431101867.894101: wlan0: RADIUS Sending RADIUS message to=20 > authentication server > > 1431101867.894121: wlan0: RADIUS Next RADIUS client retransmit in 3=20 > seconds > > > > 1431101867.894735: wlan0: RADIUS Received 968 bytes from RADIUS server > > 1431101867.894777: wlan0: RADIUS Received RADIUS message > > 1431101867.894792: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received=20 > RADIUS packet matched with a pending request, round trip time 0.00 sec > > 1431101867.894814: RADIUS packet matching with station=20 > 00:24:d7:6f:eb:c4 > > 1431101867.894828: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X:=20 > decapsulated EAP packet (code=3D1 id=3D81 len=3D904) from RADIUS = server:=20 > EAP-Request-PEAP (25) > > 1431101867.894847: EAP: EAP entering state AAA_RESPONSE > > 1431101867.894851: EAP: getId: id=3D81 > > 1431101867.894853: EAP: EAP entering state SEND_REQUEST2 > > 1431101867.894855: EAP: EAP entering state IDLE2 > > 1431101867.894857: EAP: retransmit timeout 3 seconds (from dynamic=20 > back off; > retransCount=3D0) > > 1431101867.894859: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state REQUEST > > 1431101867.894864: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending=20 > EAP Packet (identifier 81) > > 1431101867.902143: IEEE 802.1X: 212 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.902157: IEEE 802.1X: version=3D1 type=3D0 length=3D208 > > 1431101867.902173: EAP: code=3D2 identifier=3D81 length=3D208 > > 1431101867.902175: (response) > > 1431101867.902180: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received=20 > EAP packet (code=3D2 id=3D81 len=3D208) from STA: EAP Response-PEAP = (25) > > 1431101867.902198: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state RESPONSE > > 1431101867.902203: EAP: EAP entering state RECEIVED2 > > 1431101867.902205: EAP: parseEapResp: rxResp=3D1 respId=3D81 = respMethod=3D25 > respVendor=3D0 respVendorMethod=3D0 > > 1431101867.902207: EAP: EAP entering state AAA_REQUEST > > 1431101867.902209: EAP: EAP entering state AAA_IDLE > > 1431101867.902211: Encapsulating EAP message into a RADIUS packet > > 1431101867.902219: Copied RADIUS State Attribute > > 1431101867.902225: wlan0: RADIUS Sending RADIUS message to=20 > authentication server > > 1431101867.902244: wlan0: RADIUS Next RADIUS client retransmit in 3=20 > seconds > > > > 1431101867.905030: wlan0: RADIUS Received 123 bytes from RADIUS server > > 1431101867.905067: wlan0: RADIUS Received RADIUS message > > 1431101867.905078: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received=20 > RADIUS packet matched with a pending request, round trip time 0.00 sec > > 1431101867.905090: RADIUS packet matching with station=20 > 00:24:d7:6f:eb:c4 > > 1431101867.905097: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X:=20 > decapsulated EAP packet (code=3D1 id=3D82 len=3D65) from RADIUS = server:=20 > EAP-Request-PEAP (25) > > 1431101867.905114: EAP: EAP entering state AAA_RESPONSE > > 1431101867.905118: EAP: getId: id=3D82 > > 1431101867.905120: EAP: EAP entering state SEND_REQUEST2 > > 1431101867.905122: EAP: EAP entering state IDLE2 > > 1431101867.905124: EAP: retransmit timeout 3 seconds (from dynamic=20 > back off; > retransCount=3D0) > > 1431101867.905126: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state REQUEST > > 1431101867.905131: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending=20 > EAP Packet (identifier 82) > > 1431101867.905787: IEEE 802.1X: 10 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.905794: IEEE 802.1X: version=3D1 type=3D0 length=3D6 > > 1431101867.905797: EAP: code=3D2 identifier=3D82 length=3D6 > > 1431101867.905799: (response) > > 1431101867.905804: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received=20 > EAP packet (code=3D2 id=3D82 len=3D6) from STA: EAP Response-PEAP (25) > > 1431101867.905822: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state RESPONSE > > 1431101867.905826: EAP: EAP entering state RECEIVED2 > > 1431101867.905828: EAP: parseEapResp: rxResp=3D1 respId=3D82 = respMethod=3D25 > respVendor=3D0 respVendorMethod=3D0 > > 1431101867.905831: EAP: EAP entering state AAA_REQUEST > > 1431101867.905833: EAP: EAP entering state AAA_IDLE > > 1431101867.905835: Encapsulating EAP message into a RADIUS packet > > 1431101867.905843: Copied RADIUS State Attribute > > 1431101867.905848: wlan0: RADIUS Sending RADIUS message to=20 > authentication server > > 1431101867.905867: wlan0: RADIUS Next RADIUS client retransmit in 3=20 > seconds > > > > 1431101867.906465: wlan0: RADIUS Received 101 bytes from RADIUS server > > 1431101867.906501: wlan0: RADIUS Received RADIUS message > > 1431101867.906512: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received=20 > RADIUS packet matched with a pending request, round trip time 0.00 sec > > 1431101867.906523: RADIUS packet matching with station=20 > 00:24:d7:6f:eb:c4 > > 1431101867.906529: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X:=20 > decapsulated EAP packet (code=3D1 id=3D83 len=3D43) from RADIUS = server:=20 > EAP-Request-PEAP (25) > > 1431101867.906541: EAP: EAP entering state AAA_RESPONSE > > 1431101867.906544: EAP: getId: id=3D83 > > 1431101867.906546: EAP: EAP entering state SEND_REQUEST2 > > 1431101867.906548: EAP: EAP entering state IDLE2 > > 1431101867.906550: EAP: retransmit timeout 3 seconds (from dynamic=20 > back off; > retransCount=3D0) > > 1431101867.906552: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state REQUEST > > 1431101867.906556: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending=20 > EAP Packet (identifier 83) > > 1431101867.907142: IEEE 802.1X: 84 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.907155: IEEE 802.1X: version=3D1 type=3D0 length=3D80 > > 1431101867.907172: EAP: code=3D2 identifier=3D83 length=3D80 > > 1431101867.907174: (response) > > 1431101867.907179: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received=20 > EAP packet (code=3D2 id=3D83 len=3D80) from STA: EAP Response-PEAP = (25) > > 1431101867.907196: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state RESPONSE > > 1431101867.907200: EAP: EAP entering state RECEIVED2 > > 1431101867.907202: EAP: parseEapResp: rxResp=3D1 respId=3D83 = respMethod=3D25 > respVendor=3D0 respVendorMethod=3D0 > > 1431101867.907204: EAP: EAP entering state AAA_REQUEST > > 1431101867.907206: EAP: EAP entering state AAA_IDLE > > 1431101867.907208: Encapsulating EAP message into a RADIUS packet > > 1431101867.907216: Copied RADIUS State Attribute > > 1431101867.907221: wlan0: RADIUS Sending RADIUS message to=20 > authentication server > > 1431101867.907240: wlan0: RADIUS Next RADIUS client retransmit in 3=20 > seconds > > > > 1431101867.907972: wlan0: RADIUS Received 133 bytes from RADIUS server > > 1431101867.908012: wlan0: RADIUS Received RADIUS message > > 1431101867.908027: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received=20 > RADIUS packet matched with a pending request, round trip time 0.00 sec > > 1431101867.908046: RADIUS packet matching with station=20 > 00:24:d7:6f:eb:c4 > > 1431101867.908057: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X:=20 > decapsulated EAP packet (code=3D1 id=3D84 len=3D75) from RADIUS = server:=20 > EAP-Request-PEAP (25) > > 1431101867.908077: EAP: EAP entering state AAA_RESPONSE > > 1431101867.908080: EAP: getId: id=3D84 > > 1431101867.908082: EAP: EAP entering state SEND_REQUEST2 > > 1431101867.908085: EAP: EAP entering state IDLE2 > > 1431101867.908086: EAP: retransmit timeout 3 seconds (from dynamic=20 > back off; > retransCount=3D0) > > 1431101867.908089: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state REQUEST > > 1431101867.908094: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending=20 > EAP Packet (identifier 84) > > 1431101867.909646: IEEE 802.1X: 148 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.909670: IEEE 802.1X: version=3D1 type=3D0 length=3D144 > > 1431101867.909674: EAP: code=3D2 identifier=3D84 length=3D144 > > 1431101867.909677: (response) > > 1431101867.909684: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received=20 > EAP packet (code=3D2 id=3D84 len=3D144) from STA: EAP Response-PEAP = (25) > > 1431101867.909709: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state RESPONSE > > 1431101867.909716: EAP: EAP entering state RECEIVED2 > > 1431101867.909719: EAP: parseEapResp: rxResp=3D1 respId=3D84 = respMethod=3D25 > respVendor=3D0 respVendorMethod=3D0 > > 1431101867.909724: EAP: EAP entering state AAA_REQUEST > > 1431101867.909728: EAP: EAP entering state AAA_IDLE > > 1431101867.909732: Encapsulating EAP message into a RADIUS packet > > 1431101867.909743: Copied RADIUS State Attribute > > 1431101867.909753: wlan0: RADIUS Sending RADIUS message to=20 > authentication server > > 1431101867.909781: wlan0: RADIUS Next RADIUS client retransmit in 3=20 > seconds > > > > 1431101867.920871: wlan0: RADIUS Received 149 bytes from RADIUS server > > 1431101867.920907: wlan0: RADIUS Received RADIUS message > > 1431101867.920923: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received=20 > RADIUS packet matched with a pending request, round trip time 0.01 sec > > 1431101867.920942: RADIUS packet matching with station=20 > 00:24:d7:6f:eb:c4 > > 1431101867.920952: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X:=20 > decapsulated EAP packet (code=3D1 id=3D85 len=3D91) from RADIUS = server:=20 > EAP-Request-PEAP (25) > > 1431101867.920972: EAP: EAP entering state AAA_RESPONSE > > 1431101867.920976: EAP: getId: id=3D85 > > 1431101867.920977: EAP: EAP entering state SEND_REQUEST2 > > 1431101867.920979: EAP: EAP entering state IDLE2 > > 1431101867.920981: EAP: retransmit timeout 3 seconds (from dynamic=20 > back off; > retransCount=3D0) > > 1431101867.920984: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state REQUEST > > 1431101867.920988: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending=20 > EAP Packet (identifier 85) > > 1431101867.922767: IEEE 802.1X: 84 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.922782: IEEE 802.1X: version=3D1 type=3D0 length=3D80 > > 1431101867.922798: EAP: code=3D2 identifier=3D85 length=3D80 > > 1431101867.922800: (response) > > 1431101867.922804: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received=20 > EAP packet (code=3D2 id=3D85 len=3D80) from STA: EAP Response-PEAP = (25) > > 1431101867.922823: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state RESPONSE > > 1431101867.922827: EAP: EAP entering state RECEIVED2 > > 1431101867.922829: EAP: parseEapResp: rxResp=3D1 respId=3D85 = respMethod=3D25 > respVendor=3D0 respVendorMethod=3D0 > > 1431101867.922832: EAP: EAP entering state AAA_REQUEST > > 1431101867.922834: EAP: EAP entering state AAA_IDLE > > 1431101867.922837: Encapsulating EAP message into a RADIUS packet > > 1431101867.922844: Copied RADIUS State Attribute > > 1431101867.922850: wlan0: RADIUS Sending RADIUS message to=20 > authentication server > > 1431101867.922869: wlan0: RADIUS Next RADIUS client retransmit in 3=20 > seconds > > > > 1431101867.962095: wlan0: RADIUS Received 101 bytes from RADIUS server > > 1431101867.962130: wlan0: RADIUS Received RADIUS message > > 1431101867.962140: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received=20 > RADIUS packet matched with a pending request, round trip time 0.03 sec > > 1431101867.962152: RADIUS packet matching with station=20 > 00:24:d7:6f:eb:c4 > > 1431101867.962158: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X:=20 > decapsulated EAP packet (code=3D1 id=3D86 len=3D43) from RADIUS = server:=20 > EAP-Request-PEAP (25) > > 1431101867.962171: EAP: EAP entering state AAA_RESPONSE > > 1431101867.962174: EAP: getId: id=3D86 > > 1431101867.962176: EAP: EAP entering state SEND_REQUEST2 > > 1431101867.962178: EAP: EAP entering state IDLE2 > > 1431101867.962179: EAP: retransmit timeout 3 seconds (from dynamic=20 > back off; > retransCount=3D0) > > 1431101867.962182: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state REQUEST > > 1431101867.962186: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending=20 > EAP Packet (identifier 86) > > 1431101867.970388: IEEE 802.1X: 84 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.970403: IEEE 802.1X: version=3D1 type=3D0 length=3D80 > > 1431101867.970419: EAP: code=3D2 identifier=3D86 length=3D80 > > 1431101867.970421: (response) > > 1431101867.970426: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received=20 > EAP packet (code=3D2 id=3D86 len=3D80) from STA: EAP Response-PEAP = (25) > > 1431101867.970446: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state RESPONSE > > 1431101867.970450: EAP: EAP entering state RECEIVED2 > > 1431101867.970452: EAP: parseEapResp: rxResp=3D1 respId=3D86 = respMethod=3D25 > respVendor=3D0 respVendorMethod=3D0 > > 1431101867.970455: EAP: EAP entering state AAA_REQUEST > > 1431101867.970457: EAP: EAP entering state AAA_IDLE > > 1431101867.970459: Encapsulating EAP message into a RADIUS packet > > 1431101867.970467: Copied RADIUS State Attribute > > 1431101867.970473: wlan0: RADIUS Sending RADIUS message to=20 > authentication server > > 1431101867.970492: wlan0: RADIUS Next RADIUS client retransmit in 3=20 > seconds > > > > 1431101867.971435: wlan0: RADIUS Received 167 bytes from RADIUS server > > 1431101867.971473: wlan0: RADIUS Received RADIUS message > > 1431101867.971489: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received=20 > RADIUS packet matched with a pending request, round trip time 0.00 sec > > 1431101867.971507: RADIUS packet matching with station=20 > 00:24:d7:6f:eb:c4 > > 1431101867.971520: MS-MPPE-Send-Key - hexdump(len=3D32): [REMOVED] > > 1431101867.971524: MS-MPPE-Recv-Key - hexdump(len=3D32): [REMOVED] > > 1431101867.971529: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: old=20 > identity 'zenon' updated with User-Name from Access-Accept 'zenon' > > 1431101867.971545: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X:=20 > decapsulated EAP packet (code=3D3 id=3D86 len=3D4) from RADIUS server: = EAP=20 > Success > > 1431101867.971558: EAP: EAP entering state SUCCESS2 > > 1431101867.971561: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state SUCCESS > > 1431101867.971566: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending=20 > EAP Packet (identifier 86) > > 1431101867.971586: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering=20 > state IDLE > > 1431101867.971597: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state=20 > INITPMK > > 1431101867.971600: WPA: PMK from EAPOL state machine (len=3D64) > > 1431101867.971603: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state=20 > PTKSTART > > 1431101867.971607: wlan0: STA 00:24:d7:6f:eb:c4 WPA: sending 1/4 msg=20 > of 4-Way Handshake > > 1431101867.971618: WPA: Send EAPOL(version=3D1 secure=3D0 mic=3D0 = ack=3D1=20 > install=3D0 > pairwise=3D8 kde_len=3D0 keyidx=3D0 encr=3D0) > > 1431101867.986144: IEEE 802.1X: 123 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.986164: IEEE 802.1X: version=3D1 type=3D3 length=3D119 > > 1431101867.986174: wlan0: STA 00:24:d7:6f:eb:c4 WPA: received=20 > EAPOL-Key frame (2/4 Pairwise) > > 1431101867.986192: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state=20 > PTKCALCNEGOTIATING > > 1431101867.986213: WPA: PTK derivation - A1=3D00:0e:2e:c4:2f:e7 > A2=3D00:24:d7:6f:eb:c4 > > 1431101867.986220: WPA: PMK - hexdump(len=3D32): [REMOVED] > > 1431101867.986224: WPA: PTK - hexdump(len=3D64): [REMOVED] > > 1431101867.986232: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state > PTKCALCNEGOTIATING2 > > 1431101867.986237: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state=20 > PTKINITNEGOTIATING > > 1431101867.986243: bsd_get_seqnum: addr=3D00:00:00:00:00:00 idx=3D1 > > 1431101867.986255: wlan0: STA 00:24:d7:6f:eb:c4 WPA: sending 3/4 msg=20 > of 4-Way Handshake > > 1431101867.986272: WPA: Send EAPOL(version=3D1 secure=3D0 mic=3D1 = ack=3D1=20 > install=3D1 > pairwise=3D8 kde_len=3D24 keyidx=3D0 encr=3D0) > > 1431101867.986765: IEEE 802.1X: 99 bytes from 00:24:d7:6f:eb:c4 > > 1431101867.986779: IEEE 802.1X: version=3D1 type=3D3 length=3D95 > > 1431101867.986797: wlan0: STA 00:24:d7:6f:eb:c4 WPA: received=20 > EAPOL-Key frame (4/4 Pairwise) > > 1431101867.986814: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state=20 > PTKINITDONE > > 1431101867.986818: bsd_set_key: alg=3D2 addr=3D0x8014908d0 key_idx=3D0 = > set_tx=3D1 > seq_len=3D0 key_len=3D32 > > 1431101867.986868: ioctl[SIOCS80211, op=3D19, val=3D0, arg_len=3D64]: = Device=20 > not configured > > 1431101867.986874: hostapd_wpa_auth_disconnect: WPA authenticator=20 > requests > disconnect: STA 00:24:d7:6f:eb:c4 reason 2 > > 1431101867.986901: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.11:=20 > deauthenticated due to local deauth request > > 1431101867.986919: EAP: Server state machine removed > > 1431101867.986928: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.11:=20 > disassociated > > 1431101867.986936: Disassociation notification for unknown STA > 00:24:d7:6f:eb:c4 > > ^C1431101872.085020: Signal 2 received - terminating > > 1431101872.085031: Flushing old station entries > > 1431101872.085040: Deauthenticate all stations > > 1431101872.085121: wlan0: RADIUS Sending RADIUS message to accounting=20 > server > > 1431101872.085149: bsd_set_privacy: enabled=3D0 > > 1431101872.085156: bsd_set_opt_ie: set WPA+RSN ie (len 0) > > 1431101872.085166: bsd_set_ieee8021x: enabled=3D0 > > > > hostapd.conf: > > interface=3Dwlan0 > > driver=3Dbsd > > logger_syslog=3D-1 > > logger_syslog_level=3D0 > > debug=3D2 > > dump_file=3D/tmp/hostapd.dump > > ctrl_interface=3D/var/run/hostapd > > ctrl_interface_group=3D0 > > ssid=3DRADIUS > > hw_mode=3Dg > > own_ip_addr=3D127.0.0.1 > > ieee8021x=3D1 > > nas_identifier=3Dapp-k7 > > auth_server_addr=3D10.146.20.137 > > auth_server_port=3D1812 > > auth_server_shared_secret=3Dazxswqtgbnhyt > > acct_server_addr=3D10.146.20.137 > > acct_server_port=3D1813 > > acct_server_shared_secret=3Dazxswqtgbnhyt > > radius_retry_primary_interval=3D600 > > radius_acct_interim_interval=3D900 > > wpa=3D1 > > wpa_key_mgmt=3DWPA-EAP > > > > Best regards > > Marcin Michta > > _______________________________________________ > freebsd-wireless@freebsd.org mailing list=20 > http://lists.freebsd.org/mailman/listinfo/freebsd-wireless > To unsubscribe, send any mail to = "freebsd-wireless-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E9AD433B9F60911F.1-684e42e0-99ac-4679-9c97-5de7d7ad15a0>