From owner-freebsd-isp@FreeBSD.ORG Tue Jun 1 17:23:29 2010 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CCF281065670 for ; Tue, 1 Jun 2010 17:23:29 +0000 (UTC) (envelope-from paulo@nlink.com.br) Received: from smtp.nlink.com.br (smtp.nlink.com.br [201.12.59.3]) by mx1.freebsd.org (Postfix) with SMTP id CB7628FC1D for ; Tue, 1 Jun 2010 17:23:28 +0000 (UTC) Received: (qmail 25815 invoked from network); 1 Jun 2010 14:23:24 -0300 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=nlink.com.br; b=nWrJ12k0/5Si0L+I7sZ9ZFBuMU2rYdYnH6qTPnMK1s8zuOtrUuprKuMB76fbnqMJ1Yps6Zp+1QRDnV7DdGNmmK2dvnX0uQC/T6tISu7NLavMN/xBChtLJAZPy31Q7OmU ; Received: from j1.nlink.com.br (paulo@intra.nlink.com.br@201.12.59.126) by smtp.nlink.com.br with SMTP; 1 Jun 2010 14:23:24 -0300 Message-ID: <4C054207.9070204@nlink.com.br> Date: Tue, 01 Jun 2010 14:23:19 -0300 From: Paulo Fragoso User-Agent: Thunderbird 2.0.0.17 (X11/20081030) MIME-Version: 1.0 To: freebsd-isp@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Hostapd + Radius + PEAP X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jun 2010 17:23:29 -0000 Hi, We trying to setup an AP using FreeBSD 8.0 and auth via PEAP and Radius: hostapd.conf: interface=wlan0 debug=4 ctrl_interface=/var/run/hostapd ctrl_interface_group=wheel ssid=freebsdap wpa=1 wpa_key_mgmt=WPA-EAP wpa_pairwise=CCMP # Radius: own_ip_addr=X.Y.Z.AP nas_identifier=freebsdnas auth_server_addr=A.B.C.D auth_server_port=1812 auth_server_shared_secret=teste123 acct_server_addr=A.B.C.D acct_server_port=1813 acct_server_shared_secret=teste123 # Logs: logger_syslog=-1 logger_syslog_level=0 logger_stdout=-1 logger_stdout_level=0 Starting this server (X.Y.Z.AP) we can get initial traffic between hostapd and radius server, but there isn't traffic for PEAP when a station try to connect. This same station connect using WPA+PEAP to another AP which make AAA on same radius server (A.B.C.D). Looking for the sources we have noticed hosaptd is compiled without -DEAP_PEAP -DEAP_MSCHAPv2, how solve this? Thanks, Paulo Fragoso. From owner-freebsd-isp@FreeBSD.ORG Tue Jun 1 23:24:01 2010 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B968B106566B for ; Tue, 1 Jun 2010 23:24:01 +0000 (UTC) (envelope-from dewayne.geraghty@heuristicsystems.com.au) Received: from nschwqsrv02p.mx.bigpond.com (nschwqsrv02p.mx.bigpond.com [61.9.189.234]) by mx1.freebsd.org (Postfix) with ESMTP id 4D6B48FC12 for ; Tue, 1 Jun 2010 23:24:00 +0000 (UTC) Received: from nschwotgx03p.mx.bigpond.com ([58.172.114.57]) by nschwmtas03p.mx.bigpond.com with ESMTP id <20100601211057.UTNM20574.nschwmtas03p.mx.bigpond.com@nschwotgx03p.mx.bigpond.com> for ; Tue, 1 Jun 2010 21:10:57 +0000 Received: from mail.heuristicsystems.com.au ([58.172.114.57]) by nschwotgx03p.mx.bigpond.com with ESMTP id <20100601211056.XPOQ2192.nschwotgx03p.mx.bigpond.com@mail.heuristicsystems.com.au> for ; Tue, 1 Jun 2010 21:10:56 +0000 Received: from white (white.hs [10.0.5.2]) (authenticated bits=0) by mail.heuristicsystems.com.au (8.14.3/8.13.6) with ESMTP id o51L8jFa031611 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT) for ; Wed, 2 Jun 2010 07:08:45 +1000 (EST) (envelope-from dewayne.geraghty@heuristicsystems.com.au) From: "Dewayne Geraghty" To: References: <4C054207.9070204@nlink.com.br> Date: Wed, 2 Jun 2010 07:07:23 +1000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 In-Reply-To: <4C054207.9070204@nlink.com.br> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579 Thread-Index: AcsBrzMx5RdRKcJHR26fwmdoAuTnAQAHnRvw X-RPD-ScanID: Class unknown; VirusThreatLevel unknown, RefID str=0001.0A090204.4C057760.0182,ss=1,fgs=0 X-SIH-MSG-ID: ox42EdX+TAD0zmQv0WC2O1J3yArnq3Mt8ZoaRdJjqwQZTULdvMbOJ4/2Y9kEn5721S5ONxCEPmslZbzmXY7RiA== Subject: RE: Hostapd + Radius + PEAP X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jun 2010 23:24:01 -0000 You may need to modify the /usr/src/contrib/wpa/hostapd/defconfig to change the build settings. On 8.1 PRERELEASE the EAP_PEAP is included in the build configuration file (see below) # grep -v ^\# /usr/src/contrib/wpa/hostapd/defconfig|grep EAP CONFIG_EAP=y CONFIG_EAP_MD5=y CONFIG_EAP_TLS=y CONFIG_EAP_MSCHAPV2=y CONFIG_EAP_PEAP=y CONFIG_EAP_GTC=y CONFIG_EAP_TTLS=y Which I've crudely verified with # strings /usr/sbin/hostapd | grep EAP|grep PEAP PEAP Regards, Phil.