hostapd for authentication of win wifi clients
Bob Beers
bbeers
Tue Jul 27 11:45:47 PDT 2004
Gunter Burchardt wrote:
> Hello Bob,
Thanks for the reply Gunter,
>
> The radius server sends a access reject. The hostapd-conf seams to be
> ok. Look through the radiusd log and find out why it rejects the user.
the radiusd output was this:
=======================
rad_recv: Access-Request packet from host 172.16.87.23:1035, id=1, length=147
User-Name = "bob"
NAS-IP-Address = 172.16.87.23
NAS-Port = 1
Called-Station-Id = "00-09-5B-41-10-B4:dugtrio"
Calling-Station-Id = "00-06-25-A9-99-27"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200000801626f62
Message-Authenticator = 0xf73763202777a44e03088760ef182feb
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 0 length 8
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched bob at 90
radius_xlat: 'Hello, bob'
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type Local
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
( this looks like the answer to why it rejects the user )
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.16.87.23:1035, id=1, length=147
Sending Access-Reject of id 1 to 172.16.87.23:1035
Reply-Message = "Hello, bob"
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 1 with timestamp 410132a1
Nothing to do. Sleeping until we see a request.
Another hostap user sent me this tidbit:
-----------------------
>bob Auth-Type := Local, User-Password == "bob"
>> Reply-Message = "Hello, %u"
>>
>> Ok here, too?
>>
Dunno; but I wonder why you'd tell Radius to do "Local" auth, when
you're doing EAP - or at least, you would like to.
-----------------------
So, I'd guess I need to say Auth-Type := EAP in my users file for
radiusd. But then I have to configure all of the EAP and TLS and
PEAP sections? This link, [1], tells me to build a wad of
certificates, but I would like to use user/password authentication.
Does anyone have another howto reference?
I'll try it again with Auth-Type := EAP, and post the results.
>
> A patch is available for WPA on windows. This patch works on first
> view, but a reauthentication causes a disconnect. So there is only
> only one secure wlan possibility in Windows: WEP rekeying using 802.1x.
> This is available in Windows XP.
>
> regards
> gunter
>
[1] <http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm>
--
Bob Beers
MIEEE 2415966
More information about the Hostap
mailing list