Mac-Auth and WPA-PSK on radius-server

実験用アドレス radius.klab
Sat Dec 28 06:10:11 PST 2013


Hello!

I try Mac-Auth and WPA-PSK on radius-server, but I can't connect.
radius-server and hostapd are running on the same machine, supplicant is
android4.1.1.
WPA-PSK(not use radius) and PEAP(on freeradius) can be used without
problems.
And No problem when written the passphrase in hostapd.conf.
Please give me advice!


composition
-machine os is ubuntu12.04.
-hostapd version is 2.0.
-radius server is freeradius3.0.


######.config info######
CONFIG_DRIVER_HOSTAP=y
CONFIG_DRIVER_NL80211=y
CONFIG_IAPP=y
CONFIG_RSN_PREAUTH=y
CONFIG_PEERKEY=y
CONFIG_EAP=y
CONFIG_PKCS12=y


#####hostapd.conf info#####
interface=wlan0
driver=nl80211
ssid=hostapd
hw_mode=g
channel=5
macaddr_acl=2
auth_algs=1
own_ip_addr=10.0.0.1
nas_identifier=hostapd
auth_server_addr=10.0.0.1
auth_server_port=1812
auth_server_shared_secret=test-123
wpa=1
wpa_psk_radius=2


######freeradius debuglog#####
Sending Access-Accept of id 8 from 10.0.0.1 port 1812 to 10.0.0.1 port 47824
User-Name = (My supplicant Mac-address)
User-Password = (My supplicant Mac-address)
Calling-Station-Id = (My supplicant Mac-address)
Tunnel-Password:0 = '11111111'


######debuglog(-d option) info######
random: Trying to read entropy from /dev/random
Configuration file: radius.conf
nl80211: interface wlan0 in phy phy0
rfkill: initial event: idx=0 type=1 op=0 soft=0 hard=0
nl80211: Using driver-based off-channel TX
nl80211: Add own interface ifindex 3
nl80211: Set mode ifindex 3 iftype 3 (AP)
nl80211: Setup AP - device_ap_sme=0 use_monitor=0
nl80211: Subscribe to mgmt frames with AP handle 0x2502070
nl80211: Register frame type=0xb0 nl_handle=0x2502070
nl80211: Register frame match - hexdump(len=0): [NULL]
nl80211: Register frame type=0x0 nl_handle=0x2502070
nl80211: Register frame match - hexdump(len=0): [NULL]
nl80211: Register frame type=0x20 nl_handle=0x2502070
nl80211: Register frame match - hexdump(len=0): [NULL]
nl80211: Register frame type=0xa0 nl_handle=0x2502070
nl80211: Register frame match - hexdump(len=0): [NULL]
nl80211: Register frame type=0xc0 nl_handle=0x2502070
nl80211: Register frame match - hexdump(len=0): [NULL]
nl80211: Register frame type=0xd0 nl_handle=0x2502070
nl80211: Register frame match - hexdump(len=0): [NULL]
nl80211: Register frame type=0x40 nl_handle=0x2502070
nl80211: Register frame match - hexdump(len=0): [NULL]
BSS count 1, BSSID mask 00:00:00:00:00:00 (0 bits)
nl80211: Regulatory information - country=00
nl80211: 2402-2472 @ 40 MHz
nl80211: 2457-2482 @ 20 MHz
nl80211: 2474-2494 @ 20 MHz
nl80211: 5170-5250 @ 40 MHz
nl80211: 5735-5835 @ 40 MHz
nl80211: Added 802.11b mode based on 802.11g information
Completing interface initialization
Mode: IEEE 802.11g Channel: 5 Frequency: 2432 MHz
nl80211: Set freq 2432 (ht_enabled=0 sec_channel_offset=0)
RATE[0] rate=10 flags=0x1
RATE[1] rate=20 flags=0x1
RATE[2] rate=55 flags=0x1
RATE[3] rate=110 flags=0x1
RATE[4] rate=60 flags=0x0
RATE[5] rate=90 flags=0x0
RATE[6] rate=120 flags=0x0
RATE[7] rate=180 flags=0x0
RATE[8] rate=240 flags=0x0
RATE[9] rate=360 flags=0x0
RATE[10] rate=480 flags=0x0
RATE[11] rate=540 flags=0x0
wlan0: Flushing old station entries
wlan0: Deauthenticate all stations
nl80211: CMD_FRAME freq=2432 wait=0 no_cck=0 no_ack=0 offchanok=0
nl80211: Frame TX command accepted; cookie 0xffff8801b7e5f600
wpa_driver_nl80211_set_key: ifindex=3 alg=0 addr=(nil) key_idx=0 set_tx=0
seq_len=0 key_len=0
wpa_driver_nl80211_set_key: ifindex=3 alg=0 addr=(nil) key_idx=1 set_tx=0
seq_len=0 key_len=0
wpa_driver_nl80211_set_key: ifindex=3 alg=0 addr=(nil) key_idx=2 set_tx=0
seq_len=0 key_len=0
wpa_driver_nl80211_set_key: ifindex=3 alg=0 addr=(nil) key_idx=3 set_tx=0
seq_len=0 key_len=0
Using interface wlan0 with hwaddr (MyAP Mac-address) and ssid "hostapd"
wlan0: RADIUS Authentication server 10.0.0.1:1812
RADIUS local address: 10.0.0.1:46791
random: Got 20/20 bytes from /dev/random
GMK - hexdump(len=32): [REMOVED]
Key Counter - hexdump(len=32): [REMOVED]
WPA: Delay group state machine start until Beacon frames have been
configured
nl80211: Set beacon (beacon_set=0)
WPA: Start group state machine to set initial keys
WPA: group state machine entering state GTK_INIT (VLAN-ID 0)
GTK - hexdump(len=32): [REMOVED]
WPA: group state machine entering state SETKEYSDONE (VLAN-ID 0)
wpa_driver_nl80211_set_key: ifindex=3 alg=2 addr=0x44ce1a key_idx=1
set_tx=1
seq_len=0 key_len=32
broadcast key
wpa_driver_nl80211_set_operstate: operstate 0->1 (UP)
netlink: Operstate: linkmode=-1, operstate=6
wlan0: Setup of interface done.
ctrl_iface not configured!
RTM_NEWLINK: operstate=1 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
nl80211: if_removed already cleared - ignore event
RTM_NEWLINK: operstate=1 ifi_flags=0x11043 ([UP][RUNNING][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
nl80211: if_removed already cleared - ignore event
OLBC AP detected: (something Mac-address) - enable protection
nl80211: Set beacon (beacon_set=1)
~
(Omission)
~
mgmt::auth
authentication: STA=(My supplicant Mac-address) auth_alg=0
auth_transaction=1 status_code=0 wep=0
wlan0: RADIUS Sending RADIUS message to authentication server
wlan0: RADIUS Next RADIUS client retransmit in 3 seconds
Authentication frame from (My supplicant Mac-address) waiting for an
external authentication
wlan0: RADIUS Received 91 bytes from RADIUS server
wlan0: RADIUS Received RADIUS message
wlan0: STA (Mysupplicant Mac-address) RADIUS: Received RADIUS packet
matched
with a pending request, round trip time 0.00 sec
Found matching Access-Request for RADIUS message (id=0)
Re-sending authentication frame after successful RADIUS ACL query
mgmt::auth
authentication: STA=(My supplicant Mac-address) auth_alg=0
auth_transaction=1 status_code=0 wep=0
Station (My supplicant Mac-address) not allowed to authenticate.
authentication reply: STA=(My supplicant Mac-address) auth_alg=0
auth_transaction=2 resp=1 (IE len=0)
nl80211: CMD_FRAME freq=2432 wait=0 no_cck=0 no_ack=0 offchanok=0
nl80211: Frame TX command accepted; cookie 0xffff88018df1fb00
nl80211: Event message available
nl80211: MLME event 60
nl80211: Frame TX status event
wlan0: Event TX_STATUS (18) received
mgmt::auth cb
handle_auth_cb: STA (My supplicant Mac-address) not found
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20131228/17c04214/attachment-0001.htm>



More information about the Hostap mailing list