hostapd_cli - get identity/username with 'sta <mac-addr>'
Michael Baird
Michael.Baird at ecs.vuw.ac.nz
Tue Sep 12 22:01:54 PDT 2017
Hi,
I am using hostapd as an 802.1X authenticator and am trying to get the
username of authenticated clients using the hostapd ctrl interface, both
with hostapd_cli and directly with the ctrl socket, so they can be
processed by an external application.
Using hostapd_cli 'sta <mac-addr>' there is a line:
"dot1xAuthSessionUserName=(null)"
which seems to always be '(null)' and not an actual username when
hostpad is using the integrated eap server.
However if I don't use the eap_server and use an external (freeradius),
'sta <mac-addr>' does return the username.
Is there something (compile/config option/etc) that I'm missing? or is
it a bug/intended behavior?
Ubuntu 16.04
hostapd 2.6
.config:
"# Driver interface for wired authenticator
CONFIG_DRIVER_WIRED=y
# WPA2/IEEE 802.11i RSN pre-authentication
CONFIG_RSN_PREAUTH=y
# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
CONFIG_PEERKEY=y
# IEEE 802.11w (management frame protection)
CONFIG_IEEE80211W=y
# Integrated EAP server
CONFIG_EAP=y
# EAP Re-authentication Protocol (ERP) in integrated EAP server
CONFIG_ERP=y
# EAP-MD5 for the integrated EAP server
CONFIG_EAP_MD5=y
# EAP-TLS for the integrated EAP server
CONFIG_EAP_TLS=y
# EAP-MSCHAPv2 for the integrated EAP server
CONFIG_EAP_MSCHAPV2=y
# EAP-PEAP for the integrated EAP server
CONFIG_EAP_PEAP=y
# EAP-GTC for the integrated EAP server
CONFIG_EAP_GTC=y
# EAP-TTLS for the integrated EAP server
CONFIG_EAP_TTLS=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
# Build IPv6 support for RADIUS operations
CONFIG_IPV6=y
"
wired.conf:
"
ctrl_interface=/var/run/hostapd
interface=eth0
driver=wired
logger_stdout=-1
logger_stdout_level=0
#debug=2
#dump_file=/tmp/hostapd.dump
ieee8021x=1
eap_reauth_period=3600
use_pae_group_addr=0
eap_server=1
eap_user_file=/etc/hostapd/hostapd.eap_user
"
Attached is the stdout & stderr from 'hostapd -dd
/etc/hostapd/wired.conf > sta-hostapd.log 2>&1 &'.
and the object returned from the command 'sta 00:00:00:11:11:00'
The authenticating client is user: hostuser0, mac 00:00:00:11:11:00
Thanks,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sta-hostapd.log
Type: text/x-log
Size: 5804 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20170913/e56f80d7/attachment.bin>
-------------- next part --------------
00:00:00:11:11:00
flags=[AUTHORIZED]
aid=0
capability=0x0
listen_interval=0
supported_rates=
timeout_next=NULLFUNC POLL
dot1xPaePortNumber=0
dot1xPaePortProtocolVersion=2
dot1xPaePortCapabilities=1
dot1xPaePortInitialize=0
dot1xPaePortReauthenticate=FALSE
dot1xAuthPaeState=5
dot1xAuthBackendAuthState=6
dot1xAuthAdminControlledDirections=0
dot1xAuthOperControlledDirections=0
dot1xAuthAuthControlledPortStatus=1
dot1xAuthAuthControlledPortControl=2
dot1xAuthQuietPeriod=60
dot1xAuthServerTimeout=30
dot1xAuthReAuthPeriod=3600
dot1xAuthReAuthEnabled=TRUE
dot1xAuthKeyTxEnabled=FALSE
dot1xAuthEapolFramesRx=3
dot1xAuthEapolFramesTx=3
dot1xAuthEapolStartFramesRx=1
dot1xAuthEapolLogoffFramesRx=0
dot1xAuthEapolRespIdFramesRx=0
dot1xAuthEapolRespFramesRx=2
dot1xAuthEapolReqIdFramesTx=1
dot1xAuthEapolReqFramesTx=2
dot1xAuthInvalidEapolFramesRx=0
dot1xAuthEapLengthErrorFramesRx=0
dot1xAuthLastEapolFrameVersion=2
dot1xAuthLastEapolFrameSource=00:00:00:11:11:00
dot1xAuthEntersConnecting=1
dot1xAuthEapLogoffsWhileConnecting=0
dot1xAuthEntersAuthenticating=0
dot1xAuthAuthSuccessesWhileAuthenticating=1
dot1xAuthAuthTimeoutsWhileAuthenticating=0
dot1xAuthAuthFailWhileAuthenticating=0
dot1xAuthAuthEapStartsWhileAuthenticating=0
dot1xAuthAuthEapLogoffWhileAuthenticating=0
dot1xAuthAuthReauthsWhileAuthenticated=0
dot1xAuthAuthEapStartsWhileAuthenticated=0
dot1xAuthAuthEapLogoffWhileAuthenticated=0
dot1xAuthBackendResponses=2
dot1xAuthBackendAccessChallenges=1
dot1xAuthBackendOtherRequestsToSupplicant=2
dot1xAuthBackendAuthSuccesses=1
dot1xAuthBackendAuthFails=0
dot1xAuthSessionId=F13FB9FA24E41CF2
dot1xAuthSessionAuthenticMethod=1
dot1xAuthSessionTime=0
dot1xAuthSessionTerminateCause=999
dot1xAuthSessionUserName=(null)
authMultiSessionId=77994CF543EAAC8A
last_eap_type_as=0 (unknown)
last_eap_type_sta=4 (MD5)
connected_time=0
More information about the Hostap
mailing list