From owner-freebsd-wireless@FreeBSD.ORG  Thu May 21 20:07:08 2015
Return-Path: <owner-freebsd-wireless@FreeBSD.ORG>
Delivered-To: freebsd-wireless@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id EED70A71;
 Thu, 21 May 2015 20:07:08 +0000 (UTC)
Received: from mail-wg0-x22e.google.com (mail-wg0-x22e.google.com
 [IPv6:2a00:1450:400c:c00::22e])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 80ADB10AE;
 Thu, 21 May 2015 20:07:08 +0000 (UTC)
Received: by wghq2 with SMTP id q2so96484323wgh.1;
 Thu, 21 May 2015 13:07:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=message-id:date:from:user-agent:mime-version:to:cc:subject
 :references:in-reply-to:content-type:content-transfer-encoding;
 bh=PMhShQbuQ/zc+irRr1rfW2xjSuSEmgF9/kwrM4vFnSw=;
 b=D1M6OYZZnek1QVmYLtzf9yuE9DX3flU+oTHRIxnvdI3dmcTB1OA0zd9YhYSf+YiOs9
 LJWRphH8pOgCvzk67yCg8zJoFeZ0ywhZSrrmyD1L/xW1ThINKpxVozCkjpmpFUv9KSah
 1yXAac+eeewRp6PNF6uww/nj2yG5kBTsJMvj8xqnXLBJ3RwwgbopAU5xaqQzh/ArTxus
 QTiB2ee4hmBtiNRQ6d3190bhRY7jm/Zf7GcHTKfiEBIQ26NOI9Jtt0P9G3yIY+8leiWp
 zfs52/UbzefJIiV2AEQXGBIyfD7x/NZgPiXeSvDqQfZ/ZEaoBnBsvFDoJm5rfwostWX5
 +Bbg==
X-Received: by 10.180.14.134 with SMTP id p6mr782046wic.44.1432238827020;
 Thu, 21 May 2015 13:07:07 -0700 (PDT)
Received: from ?IPv6:2001:4200:7000:100:590d:7849:477:386a?
 ([2001:4200:7000:100:590d:7849:477:386a])
 by mx.google.com with ESMTPSA id gs7sm4417138wib.10.2015.05.21.13.07.05
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 21 May 2015 13:07:06 -0700 (PDT)
Message-ID: <555E3AE2.3040305@gmail.com>
Date: Thu, 21 May 2015 22:06:58 +0200
From: Johann <jhugo.meraka@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Adrian Chadd <adrian@freebsd.org>
CC: Willem@offermans.rompen.nl, 
 "freebsd-wireless@freebsd.org" <freebsd-wireless@freebsd.org>
Subject: Re: hostapd + freeradius can't connect
References: <01e701d08d75$fed02bd0$fc708370$@gmail.com>	<CAJ-VmokxL6Zz=K2p9zeg84_EF5zr6Kk4mWv=oxt2FA59JktA0w@mail.gmail.com>	<003c01d08dbe$6018b900$204a2b00$@gmail.com>	<CAJ-Vmo=anQCxvHq1jCR9bNk2OCjfye5gV_74jeWcr+OdBd1WWw@mail.gmail.com>	<555CB658.6040103@gmail.com>	<555CC261.8080505@gmail.com>	<20150521083957.GB5453@vpn.offrom.nl>	<CAJ-Vmo=U3UquD_csopYhBqEi1A+UHdYOb2dN1G1uUqZj-vFcUg@mail.gmail.com>	<555E1346.8010509@gmail.com>
 <CAJ-Vmon-HC2OqsqmFL2meMTgrpCReKpbhtEAP5kv2T0cKqQ1WQ@mail.gmail.com>
In-Reply-To: <CAJ-Vmon-HC2OqsqmFL2meMTgrpCReKpbhtEAP5kv2T0cKqQ1WQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-wireless@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Discussions of 802.11 stack,
 tools device driver development." <freebsd-wireless.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-wireless>, 
 <mailto:freebsd-wireless-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-wireless/>
List-Post: <mailto:freebsd-wireless@freebsd.org>
List-Help: <mailto:freebsd-wireless-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-wireless>, 
 <mailto:freebsd-wireless-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2015 20:07:09 -0000

The radius server I tested with has all our company configs on it, so I 
don't want to tarball it.

To do a basic freeradius test with local user, the following should work.
Integrating will LDAP is a little bit more work

pkg install freeradius
You only need to edit 3 files in /usr/local/etc/raddb

vi users -> add the following to the end of the file:
"wifi"                          Cleartext-Password := "test"

vi clients.conf -> add the following to the end of the file:
client radtest {
         ipaddr                          = 146.64.5.0
         netmask                         = 24
         secret                          = test123
         require_message_authenticator   = no
         nastype                         = other
         shortname                       = 5net
}

vi  proxy.conf -> add the following to the end of the file:
realm LOCAL {
}
realm NULL {
}

run freeradius in debug mode:
radiusd -X

An android phone is usually a good test - configure the following:
PEAP
MSCHAPv2
identity - wifi
password - test

FreeBSD with wpa_supplicant.conf

      network={
              ssid="testAP"
              scan_ssid=1
              key_mgmt=WPA-EAP
              eap=PEAP
              identity="wifi"
              password="test"
              phase2="auth=MSCHAPV2"
      }

Johann

On 2015/05/21 08:03 PM, Adrian Chadd wrote:
> HI,
>
> Would you mind creating a tarball up with your radius and hostapd
> configs? I'd like to repliate it at home ASAP.
>
> Thanks!
>
>
> -a
>
>
> On 21 May 2015 at 10:17, Johann <jhugo.meraka@gmail.com> wrote:
>> I've tried it this morning on 11.0-CURRENT #172 r280972: Thu Apr  2 and it
>> worked.
>>
>> Here is my configs.
>> rc.conf
>> wlans_ath0="wlan0"
>> create_args_wlan0="wlanmode hostap country ZA"
>> ifconfig_wlan0="mode 11g channel 6"
>> hostapd_enable="YES"
>> cloned_interfaces="bridge0"
>> ifconfig_bridge0="addm vr0 addm wlan0 up"
>> ifconfig_vr0="146.64.5.5/24 up"
>> defaultrouter="146.64.5.1"
>>
>>
>> hostapd.conf
>> interface=wlan0
>> ctrl_interface=/var/run/hostapd
>> ctrl_interface_group=wheel
>> ssid=testAP
>> hw_mode=g
>> channel=6
>>
>> wpa=2
>> ignore_broadcast_ssid=0
>> wpa_pairwise=CCMP TKIP
>> wpa_key_mgmt=WPA-EAP
>> wpa_pairwise=TKIP CCMP
>> rsn_pairwise=CCMP
>>
>> ieee8021x=1
>> own_ip_addr=146.64.5.5
>> auth_server_addr=146.64.8.20
>> auth_server_port=1812
>> auth_server_shared_secret=test123
>>
>> Regards
>> Johann
>>
>>
>> On 2015/05/21 06:47 PM, Adrian Chadd wrote:
>>> That's the plan. Once I fix a couple other things I'm going to go see
>>> why it currently isn't working.
>>>
>>>
>>>
>>> -adrian
>>>
>>> On 21 May 2015 at 01:39, Willem Offermans <Willem@offermans.rompen.nl>
>>> wrote:
>>>> Dear FreeBSD friends,
>>>>
>>>> Sorry to interrupt here, but I got triggered by this e-mail thread.
>>>>
>>>> Do I understand correctly that it is possible to connect hostapd with
>>>> FreeRadius and OpenLDAP? Would it be possible to do the authentication of
>>>> wireless access over the ldap server? If yes, do I need FreeRadius to
>>>> intermediate between hostapd and OpenLDAP?
>>>>
>>>> Is there some documentation around to setup hostapd + OpenLDAP or hostapd
>>>> +
>>>> FreeRadius + OpenLDAP under FreeBSD?
>>>>
>>>> Sorry, to interrp
>>>>
>>>> On Wed, May 20, 2015 at 07:20:33PM +0200, Johann wrote:
>>>>> On 2015/05/20 06:29 PM, Johann wrote:
>>>>>> On 2015/05/16 08:03 AM, Adrian Chadd wrote:
>>>>>>> Hi,
>>>>>>> Has this ever worked?
>>>>>> Yes.
>>>>>>
>>>>>> I got it working in April 2012 on FreeBSD 8 and 9. I've used a
>>>>>> FreeRadius server and a FreeBSD client with wpa_supplicant to test
>>>>>> it.
>>>>>>
>>>>>> At that stage you had to enable the eap_server when you compile hostapd
>>>>>>
>>>>>> # echo HOSTAPD_CFLAGS+=-DEAP_SERVER >> /etc/src.conf
>>>>>> # cd /usr/src/usr.sbin/wpa/hostapd
>>>>>> # make
>>>>>> # make install
>>>>>>
>>>>>> but Bernhard Schmidt fixed it so that EAP_SERVER was enabled by
>>>>>> default.
>>>>>>
>>>>>>
>>>>>> Here is the configs that I used:
>>>>>>
>>>>>> rc.conf
>>>>>> hostname="AP-vlan"
>>>>>> wlans_ath0="wlan0"
>>>>>> create_args_wlan0="wlanmode hostap country ZA"
>>>>>> ifconfig_wlan0="146.64.5.5/24 mode 11g channel 6"
>>>>>> defaultrouter="146.64.5.1"
>>>>>> hostapd_enable="YES"
>>>>>> cloned_interfaces="bridge0"
>>>>>> ifconfig_bridge0="addm sis0 addm wlan0 up"
>>>>>> ifconfig_sis0="up"
>>>>>>
>>>>>>
>>>>>> hostapd.conf
>>>>>> interface=wlan0
>>>>>> ctrl_interface=/var/run/hostapd
>>>>>> ctrl_interface_group=wheel
>>>>>> ssid=testAP
>>>>>> hw_mode=g
>>>>>> channel=6
>>>>>>
>>>>>> wpa=1
>>>>>> wpa_pairwise=CCMP TKIP
>>>>>> wpa_key_mgmt=WPA-EAP
>>>>>> wpa_pairwise=TKIP CCMP
>>>>>> rsn_pairwise=CCMP
>>>>>>
>>>>>> Hope it helps
>>>>>>
>>>>>> Regards
>>>>>> Johann
>>>>>> _______________________________________________
>>>>>> freebsd-wireless@freebsd.org mailing list
>>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-wireless
>>>>>> To unsubscribe, send any mail to
>>>>>> "freebsd-wireless-unsubscribe@freebsd.org"
>>>>>>
>>>>> Looks like this part of hostapd.conf got lost.
>>>>>
>>>>> ieee8021x=1
>>>>> own_ip_addr=146.64.5.5
>>>>> auth_server_addr=146.64.8.25
>>>>> auth_server_port=1812
>>>>> auth_server_shared_secret=same-as-on-freeradius
>>>>>
>>>>> Johann
>>>>>
>>>>> _______________________________________________
>>>>> freebsd-wireless@freebsd.org mailing list
>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-wireless
>>>>> To unsubscribe, send any mail to
>>>>> "freebsd-wireless-unsubscribe@freebsd.org"
>>>> --
>>>> Met vriendelijke groeten,
>>>> With kind regards,
>>>> Mit freundlichen Gruessen,
>>>> De jrus wah,
>>>>
>>>> Wiel
>>>>
>>>> *************************************
>>>>    W.K. Offermans
>>>> _______________________________________________
>>>> freebsd-wireless@freebsd.org mailing list
>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-wireless
>>>> To unsubscribe, send any mail to
>>>> "freebsd-wireless-unsubscribe@freebsd.org"
>>