No worries :) AP authenticates without a problem. The MAC is from device. I am not using enterprise. I am trying to get radius supplied passphrase for WPA-PSK. Ok, I will try with setting the realm option. Thanks On Thu, Nov 15, 2018 at 8:05 PM Michelle Sullivan <michelle@xxxxxxxxx> wrote: > > Carlito Nueno wrote: > > I am not trying to do wpa enterprise. I am trying to wpa-psk using > > radius with user authentication and also assign vlans. > > I haven't setup realm because I am not trying to group users. > > > > Here is what I am trying to do: > > > > For testing I removed Tunnel-Type = "VLAN". > > Based on what I understand, this type of authentication is mac address > > + password based. > > But when I try to connect to the network, freeRadius logs show: > > > > (1) User-Name = "a1438ecbea33" > > (1) User-Password = "a1438ecbea33" > > > > Both username and password are automatically sent to the radius server > > and are the same. So I am getting this error: > > (1) pap: Comparing with "known good" Cleartext-Password > > (1) pap: ERROR: Cleartext password does not match "known good" password > > (1) pap: Passwords don't match > > > > But I want to enter the password set in the users file to authenticate > > the device/user. > > Oh gotchya sorry was way to early for me to even contemplate answering > technical mails :P > > The Mac, is it from the AP or the connecting device. If from the AP it > will because you need to authenticate these to radius seperately. If > the device it won't be used instead of a username because usernames are > Enterprise.. that said, your authentication realm is NULL - which is > invalid in your config so is likely to be part of the issue. > > Michelle > > > Thanks > > On Thu, Nov 15, 2018 at 2:01 PM Michelle Sullivan <michelle@xxxxxxxxx> wrote: > >> Haven’t had my morning coffee yet (only opened my eyes 10 mins ago... that bad), but looks like: > >> > >> 1/ you’re not using wpa enterprise which would require authentication at an individual user level > >> 2/ not specifying users with a valid realm (logs show no @ and the realm defaulting to NULL which is invalid) > >> > >> Which I believe will stop the vlan selection working... > >> > >> Will check my config, but it looks way wrong at first glance. > >> > >> Are you trying to do wpa enterprise with user authentication to assign vlans? Or have I misinterpreted the intent of your config? > >> > >> If you’re trying to identify the machine/app it will need to identify itself in with the radius server (and it’ll use its Mac) *before* any user/auth can take place > >> > >> Michelle Sullivan > >> http://www.mhix.org/ > >> Sent from my iPad > >> > >>> On 16 Nov 2018, at 08:43, Carlito Nueno <carlitonueno@xxxxxxxxx> wrote: > >>> > >>> Hi Michael > >>> > >>> Thanks for the suggestion. > >>> I am trying to get FreeRADIUS to work with hostapd. I added your > >>> suggestions and hostapd is pointing to Freeradius server on another > >>> machine. I am not using SQL, just basic users text file (for testing). > >>> Here are my configs and FreeRADIUS log: > >>> https://gist.github.com/ironpillow/9a6663d935bd336dbb318eb9a8466193 > >>> > >>> As you can see, FreeRADIUS log shows both User-Name and User-Password > >>> as client STA's mac address and freeRadius rejects the request. I then > >>> get an option to enter the password but that does not work as > >>> user-name and user-password are still client's mac address. > >>> > >>> Any suggestions on how to setup FreeRADIUS side? > >>> > >>> Thanks! > >>>> On Mon, Nov 12, 2018 at 11:34 AM michael-dev <michael-dev@xxxxxxxxxxxxx> wrote: > >>>> > >>>> Am 08.11.2018 17:04, schrieb Carlito Nueno: > >>>>> Thanks for the info Michal. > >>>>> Yes, catch-all but I want to add passphrases dynamically > >>>> you can use FreeRADIUS + an SQL database with wpa_psk_radius=1 + > >>>> macaddr_acl=2, for example. > >>>> > >>>> Regards, > >>>> M. Braun > >>> _______________________________________________ > >>> Hostap mailing list > >>> Hostap@xxxxxxxxxxxxxxxxxxx > >>> http://lists.infradead.org/mailman/listinfo/hostap > > _______________________________________________ > > Hostap mailing list > > Hostap@xxxxxxxxxxxxxxxxxxx > > http://lists.infradead.org/mailman/listinfo/hostap > > > -- > Michelle Sullivan > http://www.mhix.org/ > _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
