On Fri, Apr 15, 2016 at 11:00:52AM -0300, Nicolas Guerra wrote:
I have a router (openwrt) and the idea is that wifi authenticate using my radius server and my radius server proxy the request to other radius server (I can't get much info of this server).
OK.
when I execute the command in my radius server:
radtest <USER> <PASSWORD> localhost 0 testing123
...
request that works is:
(10) Sent Access-Request Id 192 from 0.0.0.0:52999 to <destination-radius-IP>:1812 length 92 (10) User-Name = "USER" (10) User-Password = "PASSWD" ...
That is PAP.
request that fails is:
(11) Sent Access-Request Id 46 from 0.0.0.0:52999 to <destination-radius-IP>:1812 length 216 (11) User-Name = "USER" (11) Called-Station-Id = "32-B5-C2-38-41-74:<WIFI-SSID>" ... (11) EAP-Message = 0x0291001101343137343233344066696e67 ...
That is EAP.
my question is: How can I modify the request received from router (openwrt) to make it looks like the working one?
You can't. Wireless uses EAP authentication, not plain PAP. As you are proxying, you need to get the remote RADIUS server to handle the correct EAP authentication for your device(s). Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>