I am not trying to do wpa enterprise. I am trying to wpa-psk using radius with user authentication and also assign vlans. I haven't setup realm because I am not trying to group users. Here is what I am trying to do: For testing I removed Tunnel-Type = "VLAN". Based on what I understand, this type of authentication is mac address + password based. But when I try to connect to the network, freeRadius logs show: (1) User-Name = "a1438ecbea33" (1) User-Password = "a1438ecbea33" Both username and password are automatically sent to the radius server and are the same. So I am getting this error: (1) pap: Comparing with "known good" Cleartext-Password (1) pap: ERROR: Cleartext password does not match "known good" password (1) pap: Passwords don't match But I want to enter the password set in the users file to authenticate the device/user. Thanks On Thu, Nov 15, 2018 at 2:01 PM Michelle Sullivan <michelle@xxxxxxxxx> wrote: > > Haven’t had my morning coffee yet (only opened my eyes 10 mins ago... that bad), but looks like: > > 1/ you’re not using wpa enterprise which would require authentication at an individual user level > 2/ not specifying users with a valid realm (logs show no @ and the realm defaulting to NULL which is invalid) > > Which I believe will stop the vlan selection working... > > Will check my config, but it looks way wrong at first glance. > > Are you trying to do wpa enterprise with user authentication to assign vlans? Or have I misinterpreted the intent of your config? > > If you’re trying to identify the machine/app it will need to identify itself in with the radius server (and it’ll use its Mac) *before* any user/auth can take place > > Michelle Sullivan > http://www.mhix.org/ > Sent from my iPad > > > On 16 Nov 2018, at 08:43, Carlito Nueno <carlitonueno@xxxxxxxxx> wrote: > > > > Hi Michael > > > > Thanks for the suggestion. > > I am trying to get FreeRADIUS to work with hostapd. I added your > > suggestions and hostapd is pointing to Freeradius server on another > > machine. I am not using SQL, just basic users text file (for testing). > > Here are my configs and FreeRADIUS log: > > https://gist.github.com/ironpillow/9a6663d935bd336dbb318eb9a8466193 > > > > As you can see, FreeRADIUS log shows both User-Name and User-Password > > as client STA's mac address and freeRadius rejects the request. I then > > get an option to enter the password but that does not work as > > user-name and user-password are still client's mac address. > > > > Any suggestions on how to setup FreeRADIUS side? > > > > Thanks! > >> On Mon, Nov 12, 2018 at 11:34 AM michael-dev <michael-dev@xxxxxxxxxxxxx> wrote: > >> > >> Am 08.11.2018 17:04, schrieb Carlito Nueno: > >>> Thanks for the info Michal. > >>> Yes, catch-all but I want to add passphrases dynamically > >> > >> you can use FreeRADIUS + an SQL database with wpa_psk_radius=1 + > >> macaddr_acl=2, for example. > >> > >> Regards, > >> M. Braun > > > > _______________________________________________ > > Hostap mailing list > > Hostap@xxxxxxxxxxxxxxxxxxx > > http://lists.infradead.org/mailman/listinfo/hostap _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
