hostapd authenticates but dhcpd doesn't give out address

Bob Beers bbeers
Tue Jun 15 06:38:53 PDT 2004


Hi list, (I'm re-posting this, so apologies if it does finally
  show up twice)

I am running a custom 2.4.20 kernel and the 0.2.2 hostap
  driver, and all is well:  I can associate all 802.11b
  stations (hostap and windows) that I try with the hostap AP
  and then get dynamic IP assignment via dhcpd on the AP.
But, when I try to implement the hostapd and a remote radius
  server for authentication I can associate stations, but the
  dhcpd daemon on the AP never seems to get the dhcp requests.

Can someone point me to some more reading or example config files
  so that I can get this working correctly, please?  Maybe I'm
  forgetting something on the station side also?


What I think I want is to allow stations to associate,
  but until after opening a browser for username password validation
  on a T&C page, not allow them any connectivity.  Am I headed in
  the right direction here?

here's my hostapd.conf:

bash-2.05# cat /etc/hostapd.conf | grep = | grep -v ^#
interface=wlan0
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
debug=2
dump_file=/tmp/hostapd.dump
daemonize=1
ssid=edgeRM
macaddr_acl=2
auth_algs=1
ieee8021x=1
minimal_eap=1
eap_message=hello
wep_key_len_broadcast=5
wep_key_len_unicast=5
wep_rekey_period=300
eapol_key_index_workaround=0
own_ip_addr=172.16.1.201
auth_server_addr=172.16.1.200
auth_server_port=1812
auth_server_shared_secret=secret
acct_server_addr=172.16.1.200
acct_server_port=1813
acct_server_shared_secret=secret

here's some of the log messages I get on the AP:

in /var/log/messages:

Jun 10 16:24:16 rack001 hostapd: wlan0: STA 00:09:5b:2f:f6:b4 IEEE 802.11: 
disassociated due to inactivity
Jun 10 16:24:17 rack001 hostapd: wlan0: STA 00:09:5b:2f:f6:b4 IEEE 802.11: 
deauthenticated due to inactivity
Jun 10 16:24:17 rack001 hostapd: wlan0: STA 00:09:5b:2f:f6:b4 IEEE 802.11: 
authenticated
Jun 10 16:24:17 rack001 hostapd: wlan0: STA 00:09:5b:2f:f6:b4 IEEE 802.11: 
associated (aid 1)

in /var/log/debug: (I think this first line is about the dhcp request)

Jun 10 16:24:15 rack001 kernel: wifi0: dropped frame to unauthorized port (IEEE 
802.1X): ethertype=0x0000
Jun 10 16:24:15 rack001 kernel: wifi0: TX len=24 jiffies=1143809
Jun 10 16:24:15 rack001 kernel:    FC=0x020a (type=2:0) [FromDS] dur=0x0000 
seq=0x0000
Jun 10 16:24:15 rack001 kernel:    A1=00:09:5b:2f:f6:b4 A2=00:09:5b:41:10:b4 
A3=00:09:5b:41:10:b4
Jun 10 16:24:17 rack001 kernel: wifi0: Could not find STA 00:09:5b:2f:f6:b4 for 
this TX error (@1144012)
Jun 10 16:24:18 rack001 kernel: wifi0: TX: IEEE 802.1X - passing unencrypted 
EAPOL frame
Jun 10 16:24:49 rack001 kernel: wifi0: TX: IEEE 802.1X - passing unencrypted 
EAPOL frame

here's what I see when running 'hostapd -d /etc/hostapd.conf':


Configuration file: /etc/hostapd.conf
Opening raw packet socket for ifindex 16
Using interface wlan0ap with hwaddr 00:09:5b:41:10:b4 and ssid 'edgeRM'
wlan0: RADIUS Authentication server 172.16.1.200:1812
wlan0: RADIUS Accounting server 172.16.1.200:1813
Sending RADIUS message to accounting server
RADIUS message: code=4 (Accounting-Request) identifier=0 length=70
    Attribute 40 (Acct-Status-Type) length=6
       Value: 7
    Attribute 45 (Acct-Authentic) length=6
       Value: 1
    Attribute 4 (NAS-IP-Address) length=6
       Value: 172.16.1.201
    Attribute 30 (Called-Station-Id) length=26
       Value: '00-09-5B-41-10-B4:edgeRM'
    Attribute 49 (Acct-Terminate-Cause) length=6
       Value: 11
Default WEP key - hexdump(len=5): 4b b7 0e d0 af
Flushing old station entries
Deauthenticate all stations
Received 20 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=5 (Accounting-Response) identifier=0 length=20
Received 30 bytes management frame
RX frame - hexdump(len=30): b0 00 02 01 00 09 5b 41 10 b4 00 09 5b 2f f6 b4 00 
09 5b 41 10 b4 30 34 00 00 01 00 00 00
MGMT
mgmt::auth
authentication: STA=00:09:5b:2f:f6:b4 auth_alg=0 auth_transaction=1 
status_code=0 wep=0
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=151
    Attribute 1 (User-Name) length=14
       Value: '00095b2ff6b4'
    Attribute 2 (User-Password) length=18
    Attribute 4 (NAS-IP-Address) length=6
       Value: 172.16.1.201
    Attribute 30 (Called-Station-Id) length=26
       Value: '00-09-5B-41-10-B4:edgeRM'
    Attribute 31 (Calling-Station-Id) length=19
       Value: '00-09-5B-2F-F6-B4'
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 80 (Message-Authenticator) length=18
Authentication frame from 00:09:5b:2f:f6:b4 waiting for an external authentication
Received 26 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=2 (Access-Accept) identifier=1 length=26
    Attribute 6 (?Unknown?) length=6
Found matching Access-Request for RADIUS message (id=1)
Re-sending authentication frame after successful RADIUS ACL query
mgmt::auth
authentication: STA=00:09:5b:2f:f6:b4 auth_alg=0 auth_transaction=1 
status_code=0 wep=0
   New STA
wlan0: STA 00:09:5b:2f:f6:b4 IEEE 802.11: authentication OK (open system)
wlan0: STA 00:09:5b:2f:f6:b4 WPA: event 0 notification
authentication reply: STA=00:09:5b:2f:f6:b4 auth_alg=0 auth_transaction=2 resp=0
Received 30 bytes management frame
RX frame - hexdump(len=30): b2 00 02 01 00 09 5b 2f f6 b4 00 09 5b 41 10 b4 00 
09 5b 41 10 b4 d0 62 00 00 02 00 00 00
MGMT (TX callback) ACK
mgmt::auth cb
wlan0: STA 00:09:5b:2f:f6:b4 IEEE 802.11: authenticated
Received 42 bytes management frame
RX frame - hexdump(len=42): 00 00 73 d1 00 09 5b 41 10 b4 00 09 5b 2f f6 b4 00 
09 5b 41 10 b4 40 34 01 00 0a 00 00 06 65 64 67 65 52 4d 01 04 82 84 0b 16
MGMT
mgmt::assoc_req
association request: STA=00:09:5b:2f:f6:b4 capab_info=0x01 listen_interval=10
   new AID 1
wlan0: STA 00:09:5b:2f:f6:b4 IEEE 802.11: association OK (aid 1)
Received 36 bytes management frame
RX frame - hexdump(len=36): 12 00 73 d1 00 09 5b 2f f6 b4 00 09 5b 41 10 b4 00 
09 5b 41 10 b4 e0 62 11 00 00 00 01 c0 01 04 82 84 0b 16
MGMT (TX callback) ACK
mgmt::assoc_resp cb
wlan0: STA 00:09:5b:2f:f6:b4 IEEE 802.11: associated (aid 1)
wlan0: STA 00:09:5b:2f:f6:b4 WPA: event 1 notification
wlan0: STA 00:09:5b:2f:f6:b4 IEEE 802.1X: start authentication
IEEE 802.1X: 00:09:5b:2f:f6:b4 AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 BE_AUTH entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 AUTH_KEY_TX entering state NO_KEY_TRANSMIT
IEEE 802.1X: 00:09:5b:2f:f6:b4 AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 BE_AUTH entering state IDLE
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 0)
IEEE 802.1X: 00:09:5b:2f:f6:b4 AUTH_PAE entering state DISCONNECTED
wlan0: STA 00:09:5b:2f:f6:b4 IEEE 802.1X: unauthorizing port
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:09:5b:2f:f6:b4 (identifier 0)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
Received 50 bytes management frame
RX frame - hexdump(len=50): 0a 02 02 01 00 09 5b 2f f6 b4 00 09 5b 41 10 b4 00 
09 5b 41 10 b4 90 63 aa aa 03 00 00 00 88 8e 01 00 00 0e 01 00 00 0e 01 68 65 6c 
6c 6f 45 64 67 65
DATA (TX callback) ACK
IEEE 802.1X: 00:09:5b:2f:f6:b4 TX status - version=1 type=0 length=14 - ack=1
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 29)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 28)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 27)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 26)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 25)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 24)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 23)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 22)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 21)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 20)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 19)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 18)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 17)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 16)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 15)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 14)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 13)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 12)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 11)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 10)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 9)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 8)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 7)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 6)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 5)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 4)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 3)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 2)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 1)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 0)
IEEE 802.1X: 00:09:5b:2f:f6:b4 AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:09:5b:2f:f6:b4 (identifier 0)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
Received 50 bytes management frame
RX frame - hexdump(len=50): 0a 02 02 01 00 09 5b 2f f6 b4 00 09 5b 41 10 b4 00 
09 5b 41 10 b4 70 76 aa aa 03 00 00 00 88 8e 01 00 00 0e 01 00 00 0e 01 68 65 6c 
6c 6f 45 64 67 65
DATA (TX callback) ACK
IEEE 802.1X: 00:09:5b:2f:f6:b4 TX status - version=1 type=0 length=14 - ack=1
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 29)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 28)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 27)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 Port Timers TICK (timers: 0 0 3599 26)
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
Signal 2 received - terminating
Removing station 00:09:5b:2f:f6:b4
IEEE 802.1X: station 00:09:5b:2f:f6:b4 port disabled
IEEE 802.1X: 00:09:5b:2f:f6:b4 AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:09:5b:2f:f6:b4 REAUTH_TIMER entering state INITIALIZE
Flushing old station entries
Deauthenticate all stations
Sending RADIUS message to accounting server
RADIUS message: code=4 (Accounting-Request) identifier=2 length=70
    Attribute 40 (Acct-Status-Type) length=6
       Value: 8
    Attribute 45 (Acct-Authentic) length=6
       Value: 1
    Attribute 4 (NAS-IP-Address) length=6
       Value: 172.16.1.201
    Attribute 30 (Called-Station-Id) length=26
       Value: '00-09-5B-41-10-B4:edgeRM'
    Attribute 49 (Acct-Terminate-Cause) length=6
       Value: 11




I hope this was not too lengthy.  Any help appreciated.  I'm trying to
  get a better understanding of and then amke good use of the hostapd
  features, but I'm not quite there yet.

Thanks,

-Bob
-- 
Bob Beers
MIEEE 2415966





More information about the Hostap mailing list