will this work?

Pelusa Vali pelusitavali at postmaster.co.uk
Sun Mar 12 19:30:46 CET 2006


hi everybody, i use debian sarge, madwifi-ng-r1457, hostapd 0.4.8 and freeradius 1.1, i want to use eap-tls, is there any special configuration or patch should be applied to any of this programs to get them work? i tried configurations from madwifi users docs and many tutorials, but nothing works.  simply clients cann't authenticate, always get: Access-Reject.  
these are my conf files:

MADWIFI:

modprobe ath_pci autocreate=ap
wlanconfig ath0 create wlandev wifi0 wlanmode ap
ifconfig ath0 up
iwpriv ath0 mode 3
iwconfig ath0 essid MYWLAN
iwconfig ath0 channel 2
iwconfig ath0 bitrate 54M
iwconfig ath0 frag 512
iwconfig ath0 rts 250
iwpriv ath0 ar 1
echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/init.d/networking restart
IPTABLES=/sbin/iptables
$IPTABLES -F -t nat
$IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE
/etc/init.d/dhcp stop
/etc/init.d/dhcp start

DHCP:
subnet 192.168.10.0 netmask 255.255.255.0 {  
range 192.168.10.2 192.168.10.30;
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.10.255;
  default-lease-time 600;
  max-lease-time 7200;
}

HOSTAPD:
interface=ath0
driver=madwifi
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
debug=4
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=MYWLAN
macaddr_acl=0
auth_algs=3
ieee8021x=1
eap_message=hello
eapol_key_index_workaround=0
own_ip_addr=127.0.0.1
nas_identifier=www.server.com
auth_server_addr=127.0.0.1
auth_server_port=1812
auth_server_shared_secret=whatever
acct_server_addr=127.0.0.1
acct_server_port=1813
acct_server_shared_secret=whatever
wpa=1
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP
wpa_strict_rekey=1
wpa_gmk_rekey=86400

DEFAULT HOSTAPD:
#RUN_DAEMON=yes

RADIUS USERS:
"pupis" 
DEFAULT	Auth-Type = System
         Fall-Through = 1

here i tried too: DEFAULT	Auth-Type = EAP
         Fall-Through = 1

each one alone, and together.

RADIUS CLIENTS.CONF:
client 127.0.0.1 {
        secret         = whatever
        shortname      = www.server.com
}

RADIUS EAP.CONF:
default_eap_type = tls
tls {
certificate_file = ${raddbdir}/certs/cert-srv.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
}

when i run, get this:

hostapd logs:
Sending RADIUS message to accounting server
RADIUS message: code=4 (Accounting-Request) identifier=0 length=88
   Attribute 40 (Acct-Status-Type) length=6
      Value: 7
   Attribute 45 (Acct-Authentic) length=6
      Value: 1
   Attribute 4 (NAS-IP-Address) length=6
      Value: 127.0.0.1
   Attribute 32 (NAS-Identifier) length=14
      Value: 'www.server.com'
   Attribute 30 (Called-Station-Id) length=30
      Value: '00-0F-66-11-C1-97:MYWLAN'
   Attribute 49 (Acct-Terminate-Cause) length=6
      Value: 11
Next RADIUS client retransmit in 3 seconds
Flushing old station entries

running locally radtest:

radtest pupis whatever localhost 0 whatever
Sending Access-Request of id 178 to 127.0.0.1 port 1812
        User-Name = "pupis"
        User-Password = "whatever"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=178, length=20

by the way, i cann't run radclient or radeapclient, when use it, don't get any response.

but now, winxp clients don't detect this wlan as activated with wpa, only wlan without security, and don't get any ip direction, even i'm using dhcp.  if i don't run radius and hostapd then client do get ip direction and can use wlan.

so, my question again is, what should i do to get eap-tls working?? i heard that may be this won't work with debian, could it be a possible explanation?? i'm really tired , i tried everything i think,  and don't know what more should do.
thanks in advance for your patience.


_______________________________________________________________ 
Halloween Humour: What kind of girl does a mummy go out with?

postmaster.co.uk
http://www.postmaster.co.uk/cgi-bin/meme/quiz.pl?id=154




More information about the Freeradius-Users mailing list