WPA/RADIUS Problems
Alan DeKok
aland at deployingradius.com
Fri Sep 1 10:37:03 CEST 2006
Loukas Kalenderidis <loukas at hb.com.au> wrote:
> I've configured FreeRADIUS as best I can figure
> from what I've found on the web, but I'm having no success with
> getting WPA to work. I'm using a D-Link 2100AP access point, and a
> Mac OS X 10.4 client. From what I can gather it seems that I might
> have misconfigured FreeRADIUS, based on the error message below.
>
> I've configured a test user as follows:
> pants Auth-Type := Accept
That won't make WPA work. WPA requires a whole bunch of data
exchange before all the machines involved believe that net access has
been granted.
You have to configure users, passwords, and certificates for it to work.
> The last 3 lines I found in a tutorial on the web, but I'm not sure
> if they are necessary or not (and commenting them out makes no
> difference).
They're for VLAN assignment. You don't need them.
> Watching the traffic shows the Access-Accept packet being sent back
> to the AP, but confusingly the AP sends an Access-Accept back to the
> RADIUS server! (10.0.0.100 is the AP, 10.0.0.101 is the RADIUS server):
That's what the debug log shows, too.
I'm a little surprised that the AP is sending the Access-Request
back to the server. Since you've configured the server to do
something the AP doesn't expect, I guess you're in an untested area of
its behavior.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list