Is freeradius-server works through wifi?
Mr Dini
diniboy74 at gmail.com
Wed Jun 15 15:04:37 CEST 2016
Hi all!
I'm using this nice program on an old, linux nas and it works perfectly.
But now I bought a dongle and attached to the nas. And I tried to connect
to my wifi but I Cannot do that, because it gives me an Access-reject...
Is it possible to use that through wifi?
Here is a debugger output:
... adding new socket proxy address * port 5527
Listening on authentication interface wlan0 address * port 1812
Listening on accounting address * port 1813
Listening on command file /ffp/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.1 port 47778, id=0,
length=123
User-Name = "guest"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "1eb72cd00f4f"
Calling-Station-Id = "00e3b22aafa3"
NAS-Identifier = "1eb72cd00f4f"
NAS-Port = 38
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0200000a016775657374
Message-Authenticator = 0x1cdcf108446d0aed96f7d19e90a2ddea
# Executing section authorize from file /ffp/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "guest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 0 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
[sql] expand: %{User-Name} -> guest
[sql] sql_set_user escaped user --> 'guest'
rlm_sql (sql): Reserving sql socket id: 30
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY
id -> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'guest' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY
id -> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'guest' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username = 'guest'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 30
++[sql] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /ffp/etc/raddb/sites-enabled/default
+group authenticate {
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 0 to 192.168.1.1 port 47778
EAP-Message = 0x01010016041059dc9dc980e2a025b5879c8e7dcebcd2
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x327b67de327a635682a37fa2c5a9f0b6
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 47778, id=0,
length=137
Cleaning up request 0 ID 0 with timestamp +13
User-Name = "guest"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "1eb72cd00f4f"
Calling-Station-Id = "00e3b22aafa3"
NAS-Identifier = "1eb72cd00f4f"
NAS-Port = 38
Framed-MTU = 1400
State = 0x327b67de327a635682a37fa2c5a9f0b6
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02010006030d
Message-Authenticator = 0xfba748e19ef2d0c85f62a9c686c6a45b
# Executing section authorize from file /ffp/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "guest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
[sql] expand: %{User-Name} -> guest
[sql] sql_set_user escaped user --> 'guest'
rlm_sql (sql): Reserving sql socket id: 29
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY
id -> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'guest' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY
id -> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'guest' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username = 'guest'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 29
++[sql] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /ffp/etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/tls
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 0 to 192.168.1.1 port 47778
EAP-Message = 0x010200060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x327b67de33796a5682a37fa2c5a9f0b6
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 47778, id=0,
length=137
Cleaning up request 1 ID 0 with timestamp +13
User-Name = "guest"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "1eb72cd00f4f"
Calling-Station-Id = "00e3b22aafa3"
NAS-Identifier = "1eb72cd00f4f"
NAS-Port = 38
Framed-MTU = 1400
State = 0x327b67de33796a5682a37fa2c5a9f0b6
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020200060300
Message-Authenticator = 0x5b93793510020b8d51688f1ecd803739
# Executing section authorize from file /ffp/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "guest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 2 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
[sql] expand: %{User-Name} -> guest
[sql] sql_set_user escaped user --> 'guest'
rlm_sql (sql): Reserving sql socket id: 28
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY
id -> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'guest' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY
id -> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'guest' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username = 'guest'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 28
++[sql] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /ffp/etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP NAK
[eap] NAK asked for bad type 0
[eap] Failed in EAP select
++[eap] = invalid
+} # group authenticate = invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /ffp/etc/raddb/sites-enabled/default
+group REJECT {
[sql] expand: %{User-Name} -> guest
[sql] sql_set_user escaped user --> 'guest'
[sql] expand: %{User-Password} ->
[sql] ... expanding second conditional
[sql] expand: %{Chap-Password} ->
[sql] expand: INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES
( 'guest', '',
'Access-Reject', '2016-06-15 15:02:33')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
(username, pass, reply, authdate)
VALUES ( 'guest', '',
'Access-Reject', '2016-06-15 15:02:33')
rlm_sql (sql): Reserving sql socket id: 27
rlm_sql (sql): Released sql socket id: 27
++[sql] = ok
[eap] Reply already contained an EAP-Message, not inserting EAP-Failure
++[eap] = noop
[attr_filter.access_reject] expand: %{User-Name} -> guest
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] = updated
+} # group REJECT = updated
Delaying reject of request 2 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 2
Sending Access-Reject of id 0 to 192.168.1.1 port 47778
EAP-Message = 0x04020004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4.9 seconds.
Cleaning up request 2 ID 0 with timestamp +13
Ready to process requests.
With wired connection, it works So cool...
Thanks!
More information about the Freeradius-Users
mailing list