Carlito Nueno wrote:
I am not trying to do wpa enterprise. I am trying to wpa-psk using
radius with user authentication and also assign vlans.
I haven't setup realm because I am not trying to group users.
Here is what I am trying to do:
For testing I removed Tunnel-Type = "VLAN".
Based on what I understand, this type of authentication is mac address
+ password based.
But when I try to connect to the network, freeRadius logs show:
(1) User-Name = "a1438ecbea33"
(1) User-Password = "a1438ecbea33"
Both username and password are automatically sent to the radius server
and are the same. So I am getting this error:
(1) pap: Comparing with "known good" Cleartext-Password
(1) pap: ERROR: Cleartext password does not match "known good" password
(1) pap: Passwords don't match
But I want to enter the password set in the users file to authenticate
the device/user.
Oh gotchya sorry was way to early for me to even contemplate answering
technical mails :P
The Mac, is it from the AP or the connecting device. If from the AP it
will because you need to authenticate these to radius seperately. If
the device it won't be used instead of a username because usernames are
Enterprise.. that said, your authentication realm is NULL - which is
invalid in your config so is likely to be part of the issue.
Michelle
Thanks
On Thu, Nov 15, 2018 at 2:01 PM Michelle Sullivan <michelle@xxxxxxxxx> wrote:
Haven’t had my morning coffee yet (only opened my eyes 10 mins ago... that bad), but looks like:
1/ you’re not using wpa enterprise which would require authentication at an individual user level
2/ not specifying users with a valid realm (logs show no @ and the realm defaulting to NULL which is invalid)
Which I believe will stop the vlan selection working...
Will check my config, but it looks way wrong at first glance.
Are you trying to do wpa enterprise with user authentication to assign vlans? Or have I misinterpreted the intent of your config?
If you’re trying to identify the machine/app it will need to identify itself in with the radius server (and it’ll use its Mac) *before* any user/auth can take place
Michelle Sullivan
http://www.mhix.org/
Sent from my iPad
On 16 Nov 2018, at 08:43, Carlito Nueno <carlitonueno@xxxxxxxxx> wrote:
Hi Michael
Thanks for the suggestion.
I am trying to get FreeRADIUS to work with hostapd. I added your
suggestions and hostapd is pointing to Freeradius server on another
machine. I am not using SQL, just basic users text file (for testing).
Here are my configs and FreeRADIUS log:
https://gist.github.com/ironpillow/9a6663d935bd336dbb318eb9a8466193
As you can see, FreeRADIUS log shows both User-Name and User-Password
as client STA's mac address and freeRadius rejects the request. I then
get an option to enter the password but that does not work as
user-name and user-password are still client's mac address.
Any suggestions on how to setup FreeRADIUS side?
Thanks!
On Mon, Nov 12, 2018 at 11:34 AM michael-dev <michael-dev@xxxxxxxxxxxxx> wrote:
Am 08.11.2018 17:04, schrieb Carlito Nueno:
Thanks for the info Michal.
Yes, catch-all but I want to add passphrases dynamically
you can use FreeRADIUS + an SQL database with wpa_psk_radius=1 +
macaddr_acl=2, for example.
Regards,
M. Braun
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
--
Michelle Sullivan
http://www.mhix.org/
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap