Date: Thu, 12 Apr 2012 16:25:09 +0200 From: Johann Hugo <jhugo@meraka.csir.co.za> To: freebsd-wireless@freebsd.org Subject: hostapd + 802.1X with external Authentication Server Message-ID: <201204121625.09572.jhugo@meraka.csir.co.za>
next in thread | raw e-mail | index | archive | help
--Boundary-00=_FXuhPtxQ4SdKv90
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Hi all
Has anyone succeeded in configuring hostapd + 802.1X with an external
Authentication Server ?
I can get it to work with a PSK, but not with an external radius server.
I don't see any errors when I run hostapd in the foreground, but it never
fowards the authentication packets to the radius server. Hostapd also don't
like the "eap_server" keyword in hostapd.conf.
The wpa_supplicant of the client never gets past this before it restarts:
CTRL-EVENT-DISCONNECTED bssid=00:00:00:00:00:00 reason=0
Im not sure if I'm missing something, but I get the same results on FreeBSD 8,
9 and 10.
Here is my rc.conf, hostapd.conf and the output of running hostapd.
Thanks
Johann
--Boundary-00=_FXuhPtxQ4SdKv90
Content-Type: text/plain;
charset="UTF-8";
name="rc.conf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="rc.conf"
hostname="AP-vlan"
wlans_ath0="wlan0"
create_args_wlan0="wlanmode hostap country ZA"
ifconfig_wlan0="146.64.5.5/24 mode 11g channel 6"
defaultrouter="146.64.5.1"
hostapd_enable="YES"
cloned_interfaces="bridge0"
ifconfig_bridge0="addm sis0 addm wlan0 up"
ifconfig_sis0="up"
--Boundary-00=_FXuhPtxQ4SdKv90
Content-Type: text/plain;
charset="UTF-8";
name="hostapd.conf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="hostapd.conf"
interface=wlan0
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=testAP
hw_mode=g
channel=6
wpa=1
wpa_pairwise=CCMP TKIP
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP CCMP
rsn_pairwise=CCMP
#eap_server=1
#eapol_version=1
#eapol_key_index_workaround=1
ieee8021x=1
own_ip_addr=146.64.5.5
#nas_identifier=testAP
auth_server_addr=146.64.8.25
auth_server_port=1812
auth_server_shared_secret=testing123
--Boundary-00=_FXuhPtxQ4SdKv90
Content-Type: text/plain;
charset="UTF-8";
name="hostapd.out"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="hostapd.out"
AP-vlan:~ # hostapd -d /etc/hostapd.conf
Configuration file: /etc/hostapd.conf
ctrl_interface_group=0 (from group name 'wheel')
BSS count 1, BSSID mask 00:00:00:00:00:00 (0 bits)
Completing interface initialization
Mode: (null) Channel: 6 Frequency: -1 MHz
Flushing old station entries
Deauthenticate all stations
bsd_set_privacy: enabled=0
bsd_set_key: alg=0 addr=0x0 key_idx=0 set_tx=1 seq_len=0 key_len=0
bsd_del_key: key_idx=0
bsd_set_key: alg=0 addr=0x0 key_idx=1 set_tx=0 seq_len=0 key_len=0
bsd_del_key: key_idx=1
bsd_set_key: alg=0 addr=0x0 key_idx=2 set_tx=0 seq_len=0 key_len=0
bsd_del_key: key_idx=2
bsd_set_key: alg=0 addr=0x0 key_idx=3 set_tx=0 seq_len=0 key_len=0
bsd_del_key: key_idx=3
Using interface wlan0 with hwaddr 00:80:48:4f:2a:ee and ssid 'testAP'
wlan0: RADIUS Authentication server 146.64.8.25:1812
RADIUS local address: 146.64.5.5:37935
bsd_set_ieee8021x: enabled=1
bsd_configure_wpa: enable WPA= 0x1
WPA: group state machine entering state GTK_INIT (VLAN-ID 0)
GMK - hexdump(len=32): [REMOVED]
GTK - hexdump(len=32): [REMOVED]
WPA: group state machine entering state SETKEYSDONE (VLAN-ID 0)
bsd_set_key: alg=2 addr=0x0 key_idx=1 set_tx=1 seq_len=0 key_len=32
bsd_set_privacy: enabled=1
bsd_set_opt_ie: set WPA+RSN ie (len 28)
wlan0: Setup of interface done.
Discard routing message to if#180 (not for us 7)
Discard routing message to if#0 (not for us 7)
wlan0: STA 00:15:af:8e:3b:aa IEEE 802.11: associated
STA included WPA IE in (Re)AssocReq
New STA
wlan0: STA 00:15:af:8e:3b:aa WPA: event 1 notification
bsd_set_key: alg=0 addr=0x2845a308 key_idx=0 set_tx=1 seq_len=0 key_len=0
bsd_del_key: addr=00:15:af:8e:3b:aa
wlan0: STA 00:15:af:8e:3b:aa IEEE 802.1X: start authentication
EAP: Server state machine created
IEEE 802.1X: 00:15:af:8e:3b:aa BE_AUTH entering state IDLE
IEEE 802.1X: 00:15:af:8e:3b:aa CTRL_DIR entering state FORCE_BOTH
wlan0: STA 00:15:af:8e:3b:aa WPA: start authentication
WPA: 00:15:af:8e:3b:aa WPA_PTK entering state INITIALIZE
bsd_set_key: alg=0 addr=0x2845a308 key_idx=0 set_tx=1 seq_len=0 key_len=0
bsd_del_key: addr=00:15:af:8e:3b:aa
WPA: 00:15:af:8e:3b:aa WPA_PTK_GROUP entering state IDLE
WPA: 00:15:af:8e:3b:aa WPA_PTK entering state AUTHENTICATION
WPA: 00:15:af:8e:3b:aa WPA_PTK entering state AUTHENTICATION2
IEEE 802.1X: 00:15:af:8e:3b:aa AUTH_PAE entering state DISCONNECTED
wlan0: STA 00:15:af:8e:3b:aa IEEE 802.1X: unauthorizing port
IEEE 802.1X: 00:15:af:8e:3b:aa AUTH_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
CTRL-EVENT-EAP-STARTED 00:15:af:8e:3b:aa
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: no identity known yet -> CONTINUE
EAP: EAP entering state PROPOSE_METHOD
EAP: getNextMethod: vendor 0 type 1
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
EAP: EAP entering state METHOD_REQUEST
EAP: method not initialized
EAP: EAP entering state SEND_REQUEST
EAP: SEND_REQUEST - no eapReqData
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: 00:15:af:8e:3b:aa AUTH_PAE entering state CONNECTING
IEEE 802.1X: 00:15:af:8e:3b:aa - (EAP) retransWhile --> 0
EAP: EAP entering state RETRANSMIT
EAP: EAP entering state IDLE
EAP: retransmit timeout 6 seconds (from dynamic back off; retransCount=1)
IEEE 802.1X: 4 bytes from 00:15:af:8e:3b:aa
IEEE 802.1X: version=1 type=1 length=0
wlan0: STA 00:15:af:8e:3b:aa IEEE 802.1X: received EAPOL-Start from STA
wlan0: STA 00:15:af:8e:3b:aa WPA: event 5 notification
WPA: 00:15:af:8e:3b:aa WPA_PTK entering state AUTHENTICATION2
IEEE 802.1X: 00:15:af:8e:3b:aa - (EAP) retransWhile --> 0
EAP: EAP entering state RETRANSMIT
EAP: EAP entering state IDLE
EAP: retransmit timeout 12 seconds (from dynamic back off; retransCount=2)
wlan0: STA 00:15:af:8e:3b:aa IEEE 802.11: disassociated
AP-STA-DISCONNECTED 00:15:af:8e:3b:aa
wlan0: STA 00:15:af:8e:3b:aa WPA: event 2 notification
bsd_set_key: alg=0 addr=0x2845a308 key_idx=0 set_tx=1 seq_len=0 key_len=0
bsd_del_key: addr=00:15:af:8e:3b:aa
ioctl[SIOCS80211, op=20, val=0, arg_len=7]: No such file or directory
WPA: 00:15:af:8e:3b:aa WPA_PTK entering state DISCONNECTED
WPA: 00:15:af:8e:3b:aa WPA_PTK entering state INITIALIZE
bsd_set_key: alg=0 addr=0x2845a308 key_idx=0 set_tx=1 seq_len=0 key_len=0
bsd_del_key: addr=00:15:af:8e:3b:aa
ioctl[SIOCS80211, op=20, val=0, arg_len=7]: No such file or directory
EAP: Server state machine removed
wlan0: STA 00:15:af:8e:3b:aa IEEE 802.11: associated
STA included WPA IE in (Re)AssocReq
New STA
wlan0: STA 00:15:af:8e:3b:aa WPA: event 1 notification
bsd_set_key: alg=0 addr=0x2845a308 key_idx=0 set_tx=1 seq_len=0 key_len=0
bsd_del_key: addr=00:15:af:8e:3b:aa
wlan0: STA 00:15:af:8e:3b:aa IEEE 802.1X: start authentication
EAP: Server state machine created
IEEE 802.1X: 00:15:af:8e:3b:aa BE_AUTH entering state IDLE
IEEE 802.1X: 00:15:af:8e:3b:aa CTRL_DIR entering state FORCE_BOTH
wlan0: STA 00:15:af:8e:3b:aa WPA: start authentication
WPA: 00:15:af:8e:3b:aa WPA_PTK entering state INITIALIZE
bsd_set_key: alg=0 addr=0x2845a308 key_idx=0 set_tx=1 seq_len=0 key_len=0
bsd_del_key: addr=00:15:af:8e:3b:aa
WPA: 00:15:af:8e:3b:aa WPA_PTK_GROUP entering state IDLE
WPA: 00:15:af:8e:3b:aa WPA_PTK entering state AUTHENTICATION
WPA: 00:15:af:8e:3b:aa WPA_PTK entering state AUTHENTICATION2
IEEE 802.1X: 00:15:af:8e:3b:aa AUTH_PAE entering state DISCONNECTED
wlan0: STA 00:15:af:8e:3b:aa IEEE 802.1X: unauthorizing port
IEEE 802.1X: 00:15:af:8e:3b:aa AUTH_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
CTRL-EVENT-EAP-STARTED 00:15:af:8e:3b:aa
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: no identity known yet -> CONTINUE
EAP: EAP entering state PROPOSE_METHOD
EAP: getNextMethod: vendor 0 type 1
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
EAP: EAP entering state METHOD_REQUEST
EAP: method not initialized
EAP: EAP entering state SEND_REQUEST
EAP: SEND_REQUEST - no eapReqData
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: 00:15:af:8e:3b:aa AUTH_PAE entering state CONNECTING
IEEE 802.1X: 4 bytes from 00:15:af:8e:3b:aa
IEEE 802.1X: version=1 type=1 length=0
wlan0: STA 00:15:af:8e:3b:aa IEEE 802.1X: received EAPOL-Start from STA
wlan0: STA 00:15:af:8e:3b:aa WPA: event 5 notification
WPA: 00:15:af:8e:3b:aa WPA_PTK entering state AUTHENTICATION2
IEEE 802.1X: 00:15:af:8e:3b:aa - (EAP) retransWhile --> 0
EAP: EAP entering state RETRANSMIT
EAP: EAP entering state IDLE
EAP: retransmit timeout 6 seconds (from dynamic back off; retransCount=1)
wlan0: STA 00:15:af:8e:3b:aa IEEE 802.11: disassociated
AP-STA-DISCONNECTED 00:15:af:8e:3b:aa
wlan0: STA 00:15:af:8e:3b:aa WPA: event 2 notification
bsd_set_key: alg=0 addr=0x2845a308 key_idx=0 set_tx=1 seq_len=0 key_len=0
bsd_del_key: addr=00:15:af:8e:3b:aa
ioctl[SIOCS80211, op=20, val=0, arg_len=7]: No such file or directory
WPA: 00:15:af:8e:3b:aa WPA_PTK entering state DISCONNECTED
WPA: 00:15:af:8e:3b:aa WPA_PTK entering state INITIALIZE
bsd_set_key: alg=0 addr=0x2845a308 key_idx=0 set_tx=1 seq_len=0 key_len=0
bsd_del_key: addr=00:15:af:8e:3b:aa
ioctl[SIOCS80211, op=20, val=0, arg_len=7]: No such file or directory
EAP: Server state machine removed
--Boundary-00=_FXuhPtxQ4SdKv90
Content-Type: text/plain;
charset="UTF-8";
name="ifconfig.wlan0"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="ifconfig.wlan0"
AP-vlan:~ # ifconfig wlan0
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:80:48:4f:2a:ee
inet 146.64.5.5 netmask 0xffffff00 broadcast 146.64.5.255
inet6 fe80::280:48ff:fe4f:2aee%wlan0 prefixlen 64 scopeid 0x7
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
status: running
ssid testAP channel 6 (2437 MHz 11g) bssid 00:80:48:4f:2a:ee
regdomain NONE country ZA ecm authmode WPA privacy MIXED deftxkey 2
TKIP 2:128-bit txpower 30 scanvalid 60 protmode CTS wme burst
dtimperiod 1 -dfs
--Boundary-00=_FXuhPtxQ4SdKv90--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201204121625.09572.jhugo>