WPA/RADIUS Problems

Alan DeKok aland at deployingradius.com
Fri Sep 1 10:37:03 CEST 2006


Loukas Kalenderidis <loukas at hb.com.au> wrote:
>  I've configured FreeRADIUS as best I can figure  
> from what I've found on the web, but I'm having no success with  
> getting WPA to work. I'm using a D-Link 2100AP access point, and a  
> Mac OS X 10.4 client. From what I can gather it seems that I might  
> have misconfigured FreeRADIUS, based on the error message below.
> 
> I've configured a test user as follows:
> pants Auth-Type := Accept

  That won't make WPA work.  WPA requires a whole bunch of data
exchange before all the machines involved believe that net access has
been granted.

  You have to configure users, passwords, and certificates for it to work.

> The last 3 lines I found in a tutorial on the web, but I'm not sure  
> if they are necessary or not (and commenting them out makes no  
> difference).

  They're for VLAN assignment.  You don't need them.

> Watching the traffic shows the Access-Accept packet being sent back  
> to the AP, but confusingly the AP sends an Access-Accept back to the  
> RADIUS server! (10.0.0.100 is the AP, 10.0.0.101 is the RADIUS server):

   That's what the debug log shows, too.

  I'm a little surprised that the AP is sending the Access-Request
back to the server.  Since you've configured the server to do
something the AP doesn't expect, I guess you're in an untested area of
its behavior.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list