Is freeradius-server works through wifi?

Mr Dini diniboy74 at gmail.com
Wed Jun 15 15:04:37 CEST 2016


Hi all!

I'm using this nice program on an old, linux nas and it works perfectly.
But now I bought a dongle and attached to the nas. And I tried to connect
to my wifi but I Cannot do that, because it gives me an Access-reject...

Is it possible to use that through wifi?

Here is a debugger output:

 ... adding new socket proxy address * port 5527
Listening on authentication interface wlan0 address * port 1812
Listening on accounting address * port 1813
Listening on command file /ffp/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.1 port 47778, id=0,
length=123
        User-Name = "guest"
        NAS-IP-Address = 192.168.1.1
        Called-Station-Id = "1eb72cd00f4f"
        Calling-Station-Id = "00e3b22aafa3"
        NAS-Identifier = "1eb72cd00f4f"
        NAS-Port = 38
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x0200000a016775657374
        Message-Authenticator = 0x1cdcf108446d0aed96f7d19e90a2ddea
# Executing section authorize from file /ffp/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "guest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 0 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
[sql]   expand: %{User-Name} -> guest
[sql] sql_set_user escaped user --> 'guest'
rlm_sql (sql): Reserving sql socket id: 30
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM radcheck
      WHERE username = 'guest'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM radreply
      WHERE username = 'guest'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username = 'guest'
        ORDER BY priority
rlm_sql (sql): Released sql socket id: 30
++[sql] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /ffp/etc/raddb/sites-enabled/default
+group authenticate {
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 0 to 192.168.1.1 port 47778
        EAP-Message = 0x01010016041059dc9dc980e2a025b5879c8e7dcebcd2
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x327b67de327a635682a37fa2c5a9f0b6
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 47778, id=0,
length=137
Cleaning up request 0 ID 0 with timestamp +13
        User-Name = "guest"
        NAS-IP-Address = 192.168.1.1
        Called-Station-Id = "1eb72cd00f4f"
        Calling-Station-Id = "00e3b22aafa3"
        NAS-Identifier = "1eb72cd00f4f"
        NAS-Port = 38
        Framed-MTU = 1400
        State = 0x327b67de327a635682a37fa2c5a9f0b6
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x02010006030d
        Message-Authenticator = 0xfba748e19ef2d0c85f62a9c686c6a45b
# Executing section authorize from file /ffp/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "guest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
[sql]   expand: %{User-Name} -> guest
[sql] sql_set_user escaped user --> 'guest'
rlm_sql (sql): Reserving sql socket id: 29
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM radcheck
      WHERE username = 'guest'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM radreply
      WHERE username = 'guest'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username = 'guest'
        ORDER BY priority
rlm_sql (sql): Released sql socket id: 29
++[sql] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /ffp/etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/tls
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 0 to 192.168.1.1 port 47778
        EAP-Message = 0x010200060d20
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x327b67de33796a5682a37fa2c5a9f0b6
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 47778, id=0,
length=137
Cleaning up request 1 ID 0 with timestamp +13
        User-Name = "guest"
        NAS-IP-Address = 192.168.1.1
        Called-Station-Id = "1eb72cd00f4f"
        Calling-Station-Id = "00e3b22aafa3"
        NAS-Identifier = "1eb72cd00f4f"
        NAS-Port = 38
        Framed-MTU = 1400
        State = 0x327b67de33796a5682a37fa2c5a9f0b6
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x020200060300
        Message-Authenticator = 0x5b93793510020b8d51688f1ecd803739
# Executing section authorize from file /ffp/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "guest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 2 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
[sql]   expand: %{User-Name} -> guest
[sql] sql_set_user escaped user --> 'guest'
rlm_sql (sql): Reserving sql socket id: 28
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM radcheck
      WHERE username = 'guest'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM radreply
      WHERE username = 'guest'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username = 'guest'
        ORDER BY priority
rlm_sql (sql): Released sql socket id: 28
++[sql] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /ffp/etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP NAK
[eap] NAK asked for bad type 0
[eap] Failed in EAP select
++[eap] = invalid
+} # group authenticate = invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /ffp/etc/raddb/sites-enabled/default
+group REJECT {
[sql]   expand: %{User-Name} -> guest
[sql] sql_set_user escaped user --> 'guest'
[sql]   expand: %{User-Password} ->
[sql]   ... expanding second conditional
[sql]   expand: %{Chap-Password} ->
[sql]   expand: INSERT INTO radpostauth
(username, pass, reply, authdate)                           VALUES (
                    '%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth
        (username, pass, reply, authdate)                           VALUES
(                           'guest',                           '',
                  'Access-Reject', '2016-06-15 15:02:33')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
              (username, pass, reply, authdate)
VALUES (                           'guest',                           '',
                        'Access-Reject', '2016-06-15 15:02:33')
rlm_sql (sql): Reserving sql socket id: 27
rlm_sql (sql): Released sql socket id: 27
++[sql] = ok
[eap] Reply already contained an EAP-Message, not inserting EAP-Failure
++[eap] = noop
[attr_filter.access_reject]     expand: %{User-Name} -> guest
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] = updated
+} # group REJECT = updated
Delaying reject of request 2 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 2
Sending Access-Reject of id 0 to 192.168.1.1 port 47778
        EAP-Message = 0x04020004
        Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4.9 seconds.
Cleaning up request 2 ID 0 with timestamp +13
Ready to process requests.

With wired connection, it works So cool...

Thanks!


More information about the Freeradius-Users mailing list