Re: dynamically added/removed PSKs without MAC pairing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Haven’t had my morning coffee yet (only opened my eyes 10 mins ago... that bad), but looks like:

1/ you’re not using wpa enterprise which would require authentication at an individual user level
2/ not specifying users with a valid realm (logs show no @ and the realm defaulting to NULL which is invalid)

Which I believe will stop the vlan selection working...

Will check my config, but it looks way wrong at first glance.

Are you trying to do wpa enterprise with user authentication to assign vlans?  Or have I misinterpreted the intent of your config?

If you’re trying to identify the machine/app it will need to identify itself in with the radius server (and it’ll use its Mac) *before* any user/auth can take place

Michelle Sullivan
http://www.mhix.org/
Sent from my iPad

> On 16 Nov 2018, at 08:43, Carlito Nueno <carlitonueno@xxxxxxxxx> wrote:
> 
> Hi Michael
> 
> Thanks for the suggestion.
> I am trying to get FreeRADIUS to work with hostapd. I added your
> suggestions and hostapd is pointing to Freeradius server on another
> machine. I am not using SQL, just basic users text file (for testing).
> Here are my configs and FreeRADIUS log:
> https://gist.github.com/ironpillow/9a6663d935bd336dbb318eb9a8466193
> 
> As you can see, FreeRADIUS log shows both User-Name and User-Password
> as client STA's mac address and freeRadius rejects the request. I then
> get an option to enter the password but that does not work as
> user-name and user-password are still client's mac address.
> 
> Any suggestions on how to setup FreeRADIUS side?
> 
> Thanks!
>> On Mon, Nov 12, 2018 at 11:34 AM michael-dev <michael-dev@xxxxxxxxxxxxx> wrote:
>> 
>> Am 08.11.2018 17:04, schrieb Carlito Nueno:
>>> Thanks for the info Michal.
>>> Yes, catch-all but I want to add passphrases dynamically
>> 
>> you can use FreeRADIUS + an SQL database with wpa_psk_radius=1 +
>> macaddr_acl=2, for example.
>> 
>> Regards,
>> M. Braun
> 
> _______________________________________________
> Hostap mailing list
> Hostap@xxxxxxxxxxxxxxxxxxx
> http://lists.infradead.org/mailman/listinfo/hostap

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap




[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux