Date: Thu, 21 May 2015 22:06:58 +0200 From: Johann <jhugo.meraka@gmail.com> To: Adrian Chadd <adrian@freebsd.org> Cc: Willem@offermans.rompen.nl, "freebsd-wireless@freebsd.org" <freebsd-wireless@freebsd.org> Subject: Re: hostapd + freeradius can't connect Message-ID: <555E3AE2.3040305@gmail.com> In-Reply-To: <CAJ-Vmon-HC2OqsqmFL2meMTgrpCReKpbhtEAP5kv2T0cKqQ1WQ@mail.gmail.com> References: <01e701d08d75$fed02bd0$fc708370$@gmail.com> <CAJ-VmokxL6Zz=K2p9zeg84_EF5zr6Kk4mWv=oxt2FA59JktA0w@mail.gmail.com> <003c01d08dbe$6018b900$204a2b00$@gmail.com> <CAJ-Vmo=anQCxvHq1jCR9bNk2OCjfye5gV_74jeWcr%2BOdBd1WWw@mail.gmail.com> <555CB658.6040103@gmail.com> <555CC261.8080505@gmail.com> <20150521083957.GB5453@vpn.offrom.nl> <CAJ-Vmo=U3UquD_csopYhBqEi1A%2BUHdYOb2dN1G1uUqZj-vFcUg@mail.gmail.com> <555E1346.8010509@gmail.com> <CAJ-Vmon-HC2OqsqmFL2meMTgrpCReKpbhtEAP5kv2T0cKqQ1WQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The radius server I tested with has all our company configs on it, so I
don't want to tarball it.
To do a basic freeradius test with local user, the following should work.
Integrating will LDAP is a little bit more work
pkg install freeradius
You only need to edit 3 files in /usr/local/etc/raddb
vi users -> add the following to the end of the file:
"wifi" Cleartext-Password := "test"
vi clients.conf -> add the following to the end of the file:
client radtest {
ipaddr = 146.64.5.0
netmask = 24
secret = test123
require_message_authenticator = no
nastype = other
shortname = 5net
}
vi proxy.conf -> add the following to the end of the file:
realm LOCAL {
}
realm NULL {
}
run freeradius in debug mode:
radiusd -X
An android phone is usually a good test - configure the following:
PEAP
MSCHAPv2
identity - wifi
password - test
FreeBSD with wpa_supplicant.conf
network={
ssid="testAP"
scan_ssid=1
key_mgmt=WPA-EAP
eap=PEAP
identity="wifi"
password="test"
phase2="auth=MSCHAPV2"
}
Johann
On 2015/05/21 08:03 PM, Adrian Chadd wrote:
> HI,
>
> Would you mind creating a tarball up with your radius and hostapd
> configs? I'd like to repliate it at home ASAP.
>
> Thanks!
>
>
> -a
>
>
> On 21 May 2015 at 10:17, Johann <jhugo.meraka@gmail.com> wrote:
>> I've tried it this morning on 11.0-CURRENT #172 r280972: Thu Apr 2 and it
>> worked.
>>
>> Here is my configs.
>> rc.conf
>> wlans_ath0="wlan0"
>> create_args_wlan0="wlanmode hostap country ZA"
>> ifconfig_wlan0="mode 11g channel 6"
>> hostapd_enable="YES"
>> cloned_interfaces="bridge0"
>> ifconfig_bridge0="addm vr0 addm wlan0 up"
>> ifconfig_vr0="146.64.5.5/24 up"
>> defaultrouter="146.64.5.1"
>>
>>
>> hostapd.conf
>> interface=wlan0
>> ctrl_interface=/var/run/hostapd
>> ctrl_interface_group=wheel
>> ssid=testAP
>> hw_mode=g
>> channel=6
>>
>> wpa=2
>> ignore_broadcast_ssid=0
>> wpa_pairwise=CCMP TKIP
>> wpa_key_mgmt=WPA-EAP
>> wpa_pairwise=TKIP CCMP
>> rsn_pairwise=CCMP
>>
>> ieee8021x=1
>> own_ip_addr=146.64.5.5
>> auth_server_addr=146.64.8.20
>> auth_server_port=1812
>> auth_server_shared_secret=test123
>>
>> Regards
>> Johann
>>
>>
>> On 2015/05/21 06:47 PM, Adrian Chadd wrote:
>>> That's the plan. Once I fix a couple other things I'm going to go see
>>> why it currently isn't working.
>>>
>>>
>>>
>>> -adrian
>>>
>>> On 21 May 2015 at 01:39, Willem Offermans <Willem@offermans.rompen.nl>
>>> wrote:
>>>> Dear FreeBSD friends,
>>>>
>>>> Sorry to interrupt here, but I got triggered by this e-mail thread.
>>>>
>>>> Do I understand correctly that it is possible to connect hostapd with
>>>> FreeRadius and OpenLDAP? Would it be possible to do the authentication of
>>>> wireless access over the ldap server? If yes, do I need FreeRadius to
>>>> intermediate between hostapd and OpenLDAP?
>>>>
>>>> Is there some documentation around to setup hostapd + OpenLDAP or hostapd
>>>> +
>>>> FreeRadius + OpenLDAP under FreeBSD?
>>>>
>>>> Sorry, to interrp
>>>>
>>>> On Wed, May 20, 2015 at 07:20:33PM +0200, Johann wrote:
>>>>> On 2015/05/20 06:29 PM, Johann wrote:
>>>>>> On 2015/05/16 08:03 AM, Adrian Chadd wrote:
>>>>>>> Hi,
>>>>>>> Has this ever worked?
>>>>>> Yes.
>>>>>>
>>>>>> I got it working in April 2012 on FreeBSD 8 and 9. I've used a
>>>>>> FreeRadius server and a FreeBSD client with wpa_supplicant to test
>>>>>> it.
>>>>>>
>>>>>> At that stage you had to enable the eap_server when you compile hostapd
>>>>>>
>>>>>> # echo HOSTAPD_CFLAGS+=-DEAP_SERVER >> /etc/src.conf
>>>>>> # cd /usr/src/usr.sbin/wpa/hostapd
>>>>>> # make
>>>>>> # make install
>>>>>>
>>>>>> but Bernhard Schmidt fixed it so that EAP_SERVER was enabled by
>>>>>> default.
>>>>>>
>>>>>>
>>>>>> Here is the configs that I used:
>>>>>>
>>>>>> rc.conf
>>>>>> hostname="AP-vlan"
>>>>>> wlans_ath0="wlan0"
>>>>>> create_args_wlan0="wlanmode hostap country ZA"
>>>>>> ifconfig_wlan0="146.64.5.5/24 mode 11g channel 6"
>>>>>> defaultrouter="146.64.5.1"
>>>>>> hostapd_enable="YES"
>>>>>> cloned_interfaces="bridge0"
>>>>>> ifconfig_bridge0="addm sis0 addm wlan0 up"
>>>>>> ifconfig_sis0="up"
>>>>>>
>>>>>>
>>>>>> hostapd.conf
>>>>>> interface=wlan0
>>>>>> ctrl_interface=/var/run/hostapd
>>>>>> ctrl_interface_group=wheel
>>>>>> ssid=testAP
>>>>>> hw_mode=g
>>>>>> channel=6
>>>>>>
>>>>>> wpa=1
>>>>>> wpa_pairwise=CCMP TKIP
>>>>>> wpa_key_mgmt=WPA-EAP
>>>>>> wpa_pairwise=TKIP CCMP
>>>>>> rsn_pairwise=CCMP
>>>>>>
>>>>>> Hope it helps
>>>>>>
>>>>>> Regards
>>>>>> Johann
>>>>>> _______________________________________________
>>>>>> freebsd-wireless@freebsd.org mailing list
>>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-wireless
>>>>>> To unsubscribe, send any mail to
>>>>>> "freebsd-wireless-unsubscribe@freebsd.org"
>>>>>>
>>>>> Looks like this part of hostapd.conf got lost.
>>>>>
>>>>> ieee8021x=1
>>>>> own_ip_addr=146.64.5.5
>>>>> auth_server_addr=146.64.8.25
>>>>> auth_server_port=1812
>>>>> auth_server_shared_secret=same-as-on-freeradius
>>>>>
>>>>> Johann
>>>>>
>>>>> _______________________________________________
>>>>> freebsd-wireless@freebsd.org mailing list
>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-wireless
>>>>> To unsubscribe, send any mail to
>>>>> "freebsd-wireless-unsubscribe@freebsd.org"
>>>> --
>>>> Met vriendelijke groeten,
>>>> With kind regards,
>>>> Mit freundlichen Gruessen,
>>>> De jrus wah,
>>>>
>>>> Wiel
>>>>
>>>> *************************************
>>>> W.K. Offermans
>>>> _______________________________________________
>>>> freebsd-wireless@freebsd.org mailing list
>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-wireless
>>>> To unsubscribe, send any mail to
>>>> "freebsd-wireless-unsubscribe@freebsd.org"
>>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?555E3AE2.3040305>