From owner-freebsd-wireless@FreeBSD.ORG  Sat May 16 11:39:05 2015
Return-Path: <owner-freebsd-wireless@FreeBSD.ORG>
Delivered-To: freebsd-wireless@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 317ABA4A;
 Sat, 16 May 2015 11:39:05 +0000 (UTC)
Received: from mail-wg0-x22d.google.com (mail-wg0-x22d.google.com
 [IPv6:2a00:1450:400c:c00::22d])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id BBB311BAC;
 Sat, 16 May 2015 11:39:04 +0000 (UTC)
Received: by wgbhc8 with SMTP id hc8so107470919wgb.3;
 Sat, 16 May 2015 04:39:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=from:to:cc:references:in-reply-to:subject:date:message-id
 :mime-version:content-type:content-transfer-encoding
 :content-language:thread-index;
 bh=YGsbdt09lKM0HobfeH92L8DB5kSfxUEWsAdZfNZPvq4=;
 b=q4BiOXqwjI/38SitVMRml4BvYBX/7K1AmLtMEtWvEXQqyoDEb6moJsuMLUPwDmwJqX
 isGJXPcCtofHKlfG+kR01OIFf96ZVbqDPxDEkC+fCXt3R5AEAoEmYTK/GBtQfIJi/H3I
 xVN2+EwYi+fmZlYpLEwLokgHr6QPZYUXlZtaACZ6WkL+9dKkGxYTV7fOeWAIdkoJXMVt
 X5EVtffuYDn4Um7Wj2QZzvHNXaCONkaGXU0vLAaTwfqj06NH6p7ZrbBB2NPZbQt577sK
 KwjsD2B2bSSXBq1K3qIArlIooJcfryHrsL/b8rUEp2C3DuSvvZ4votHkghQUipwcrQGO
 Jf+A==
X-Received: by 10.180.107.38 with SMTP id gz6mr5420781wib.63.1431776341935;
 Sat, 16 May 2015 04:39:01 -0700 (PDT)
Received: from botmachine (muszelka.nat.student.pw.edu.pl. [194.29.137.5])
 by mx.google.com with ESMTPSA id z12sm6928655wjw.39.2015.05.16.04.39.00
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Sat, 16 May 2015 04:39:01 -0700 (PDT)
From: "Marcin Michta" <marcin.michta@gmail.com>
To: "'Adrian Chadd'" <adrian@freebsd.org>
Cc: <freebsd-wireless@freebsd.org>
References: <01e701d08d75$fed02bd0$fc708370$@gmail.com>
 <CAJ-VmokxL6Zz=K2p9zeg84_EF5zr6Kk4mWv=oxt2FA59JktA0w@mail.gmail.com>
 <003c01d08dbe$6018b900$204a2b00$@gmail.com>
 <CAJ-Vmo=anQCxvHq1jCR9bNk2OCjfye5gV_74jeWcr+OdBd1WWw@mail.gmail.com>
In-Reply-To: <CAJ-Vmo=anQCxvHq1jCR9bNk2OCjfye5gV_74jeWcr+OdBd1WWw@mail.gmail.com>
Subject: RE: hostapd + freeradius can't connect
Date: Sat, 16 May 2015 13:39:05 +0200
Message-ID: <008b01d08fcc$eae23ce0$c0a6b6a0$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Content-language: pl
Thread-index: AQLmW7Myy37hx44G94iEUPVz4fJerwJvc76jAXcwUTACKmvruZsiUDFA
X-BeenThere: freebsd-wireless@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Discussions of 802.11 stack,
 tools device driver development." <freebsd-wireless.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-wireless>, 
 <mailto:freebsd-wireless-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-wireless/>
List-Post: <mailto:freebsd-wireless@freebsd.org>
List-Help: <mailto:freebsd-wireless-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-wireless>, 
 <mailto:freebsd-wireless-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 16 May 2015 11:39:05 -0000

> Hi,
>=20
> Has this ever worked?
>
> Someone had issues as well, and it turned out to be large UDP frames =
(from freeradius) being dropped by an intermediary (in this instance,
> openvpn.)
>=20
> I wonder if you're seeing the same issue.
>
> Unfortunately I don't have an 802.3x + wifi/EAP setup here to test =
with. I'll try to set something up soon, but no promises.
>
> What's the wpa_supplicant.conf look like on the client?
>
> Thanks!
>
> (and since it's been almost 15 years since I touched radius - what are =
you using to store user/pass in? How do I add a valid test user to the =
radius server?)

No, because I trying to do it first time. Like I said - when I set Cisco =
AP to use the same freeradius server, everything works fine.

I'll be grateful if you try.

My wpa.conf:
ctrl_interface=3D/var/run/wpa_supplicant
ctrl_interface_group=3Dwheel
network=3D{
        ssid=3D"RADIUS"
        scan_ssid=3D1
        key_mgmt=3DWPA-EAP
        eap=3DPEAP
        identity=3D"ztest"
        anonymous_identity=3D" anonymous"
        password=3D"password"
        phase2=3D"auth=3DMSCHAPV2"
}

I have ldap server to store users accounts.

Simplest way to add test user is add it to "users" file - symbolic link =
of "mods-config/files/authorize":
https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/raddb/mods-co=
nfig/files/authorize

- Martin