WPA/RADIUS Problems

[Loukas Kalenderidis]

On 01/09/2006, at 6:37 PM, Alan DeKok wrote:

> Loukas Kalenderidis <loukas at hb.com.au> wrote:
>>  I've configured FreeRADIUS as best I can figure
>> from what I've found on the web, but I'm having no success with
>> getting WPA to work. I'm using a D-Link 2100AP access point, and a
>> Mac OS X 10.4 client. From what I can gather it seems that I might
>> have misconfigured FreeRADIUS, based on the error message below.
>>
>> I've configured a test user as follows:
>> pants Auth-Type := Accept
>
>   That won't make WPA work.  WPA requires a whole bunch of data
> exchange before all the machines involved believe that net access has
> been granted.
>
>   You have to configure users, passwords, and certificates for it  
> to work.

I've been trying to use an existing user that works with dialup  
access, but kept having authorization rejected, so I decided to try  
configuring that test user with Auth-Type:= Accept to simplify the  
problem. Bad idea? I was under the impression I don't need  
certificates unless I'm using TLS, is this incorrect?

>
>> The last 3 lines I found in a tutorial on the web, but I'm not sure
>> if they are necessary or not (and commenting them out makes no
>> difference).
>
>   They're for VLAN assignment.  You don't need them.

Thanks.

>
>> Watching the traffic shows the Access-Accept packet being sent back
>> to the AP, but confusingly the AP sends an Access-Accept back to the
>> RADIUS server! (10.0.0.100 is the AP, 10.0.0.101 is the RADIUS  
>> server):
>
>    That's what the debug log shows, too.

Is this what the following error is about?
Error: Authentication reply packet code 2 sent to a non-proxy reply  
port from client testap:1025 - ID 0 : IGNORED

That makes more sense now.

Thanks,
Loukas