device simply doesn't connect, no errors
Alan DeKok
aland at deployingradius.com
Wed Feb 9 22:38:23 UTC 2022
On Feb 9, 2022, at 2:57 PM, Vincent W. <vincent.wrusch at gmail.com> wrote:
> I hope you are having a nice day, I am currently trying to set up a
> freeradius based wifi system for the small student dorm I am living in. We
> are using private Wifis all over the place right now, but we want to change
> this in the future. As a 'starting' experiment I am trying to set up a
> freeradius server with an access-point in our server room.
> Right now I am using freeRadius 3.0. installed on an Ubuntu 20.04 Lxd
> container and an old TP-Link Router with Openwrt on it as an Access Point.
That should be fine.
> The goal is to use Eap_Peap with MschapV2 as authentication method and
> everything should be set up by now. I am using an android 11 phone (with
> the CA-certificate installed) to connect, but it simply won't. I type in
> everything as it should be, but it simply says "connecting" forever. The
> following is the debug log of freeradius for 10 requests and they are quite
> different from each other. (8) seems to be the most successful one with
> multiple "erfolgreich angemeldet"="successfully logged in" messages.
OK.
> Notice that log (0) is the server output belonging to "radtest -t mschap
> nutzer magazin 127.0.0.1:18120 0 testing123". Further notice: As a test
> user I just created the user "nutzer" with the password "magazin".
That means FreeRADIUS works. Maybe the WiFi AP is broken, maybe the supplicant is broken. :(
> I do have an Android 9 device available, but in contrast to my newer phone
> it needs a "domain" extra, and I couldn't figure out anything that works
> for that field.
> SO what the hell doesn't work here?
> ...
> (10) Sent Access-Accept Id 232 from [Radius-Server--IP]:1812 to
> [AccessPoint-IP]:52784 length 0
> (10) MS-MPPE-Recv-Key =
> 0xc00afb4a5bcb38d545ce954afbe9bd270d9d2d9eff388c9e26334c496739119d
> (10) MS-MPPE-Send-Key =
> 0x0d596e21fc68bc9283e2f40c94a5a23b2ebc525f199b38613ef307594d68d4cc
> (10) EAP-Message = 0x03400004
> (10) Message-Authenticator = 0x00000000000000000000000000000000
> (10) User-Name = "anonymous"
> (10) Finished request
FreeRADIUS has told the supplicant and the WiFi access point "it's OK, let the user on the network".
if the user doesn't get on the network, then either the supplicant and/or the WiFi AP is doing something wrong. You'll have to look at logs on those machines to see.
Sorry, no amount of poking FreeRADIUS will help figure out what's going on with the supplicant and WiFi AP.
Alan DeKok.
More information about the Freeradius-Users
mailing list