Hi, Has this ever worked?
Someone had issues as well, and it turned out to be large UDP frames (from freeradius) being dropped by an intermediary (in this instance, openvpn.) I wonder if you're seeing the same issue. Unfortunately I don't have an 802.3x + wifi/EAP setup here to test with. I'll try to set something up soon, but no promises. What's the wpa_supplicant.conf look like on the client? Thanks! -adrian On 13 May 2015 at 13:49, Marcin Michta <[email protected]> wrote: > When I set on Cisco AP my freeradius server all works fine. > All devices can connect to network. So I guess that is not freeradius's fault > My radius configs: > > radiusd.conf: > prefix = /usr/local > exec_prefix = ${prefix} > sysconfdir = ${prefix}/etc > localstatedir = /var > sbindir = ${exec_prefix}/sbin > logdir = /var/log > raddbdir = ${sysconfdir}/raddb > radacctdir = ${logdir}/radacct > name = radiusd > confdir = ${raddbdir} > modconfdir = ${confdir}/mods-config > certdir = ${confdir}/certs > cadir = ${confdir}/certs > run_dir = ${localstatedir}/run/${name} > db_dir = ${raddbdir} > libdir = /usr/local/lib/freeradius-3.0.8 > pidfile = ${run_dir}/${name}.pid > correct_escapes = true > max_request_time = 30 > cleanup_delay = 5 > max_requests = 1024 > hostname_lookups = no > log { > destination = files > colourise = yes > file = ${logdir}/radiusd > syslog_facility = daemon > stripped_names = no > auth = yes > msg_denied = "You are already logged in - access denied" > } > checkrad = ${sbindir}/checkrad > security { > user = freeradius > group = freeradius > allow_core_dumps = no > max_attributes = 200 > reject_delay = 1 > status_server = yes > allow_vulnerable_openssl = no > } > proxy_requests = yes > $INCLUDE proxy.conf > $INCLUDE clients.conf > thread pool { > start_servers = 5 > max_servers = 32 > min_spare_servers = 3 > max_spare_servers = 10 > max_requests_per_server = 0 > auto_limit_acct = no > } > modules { > $INCLUDE mods-enabled/ > } > instantiate { > } > policy { > $INCLUDE policy.d/ > } > $INCLUDE sites-enabled/ > ######################## > sites-enabled/default: > server default { > listen { > type = auth > ipaddr = * > port = 0 > limit { > max_connections = 16 > lifetime = 0 > idle_timeout = 30 > } > } > listen { > ipaddr = * > port = 0 > type = acct > limit { > } > } > listen { > type = auth > port = 0 > limit { > max_connections = 16 > lifetime = 0 > idle_timeout = 30 > } > } > listen { > ipv6addr = :: > port = 0 > type = acct > limit { > } > } > authorize { > filter_username > preprocess > digest > suffix > eap { > ok = return > } > expiration > logintime > } > authenticate { > digest > eap > } > preacct { > preprocess > acct_unique > suffix > files > } > accounting { > detail > unix > exec > attr_filter.accounting_response > } > session { > } > post-auth { > update { > &reply: += &session-state: > } > exec > remove_reply_message_if_eap > Post-Auth-Type REJECT { > attr_filter.access_reject > eap > remove_reply_message_if_eap > } > } > pre-proxy { > } > post-proxy { > eap > } > } > ######################## > sites-enabled/inner-tunnel: > server inner-tunnel { > listen { > ipaddr = 127.0.0.1 > port = 18120 > type = auth > } > authorize { > chap > mschap > suffix > update control { > &Proxy-To-Realm := LOCAL > } > eap { > ok = return > } > files > ldap > expiration > logintime > pap > } > authenticate { > Auth-Type PAP { > ldap > } > chap > Auth-Type MS-CHAP { > mschap > } > eap > } > session { > radutmp > } > post-auth { > reply_log > ldap > Post-Auth-Type REJECT { > attr_filter.access_reject > update outer.session-state { > &Module-Failure-Message := > &request:Module-Failure-Message > } > } > } > pre-proxy { > } > post-proxy { > eap > } > ######################## > mods-enabled/eap: > eap { > default_eap_type = peap > timer_expire = 60 > ignore_unknown_eap_types = no > cisco_accounting_username_bug = no > max_sessions = ${max_requests} > gtc { > auth_type = PAP > } > tls-config tls-common { > private_key_password = whatever > private_key_file = ${certdir}/server.pem > certificate_file = ${certdir}/server.pem > ca_file = ${cadir}/ca.pem > dh_file = ${certdir}/dh > ca_path = ${cadir} > cipher_list = "DEFAULT" > ecdh_curve = "prime256v1" > cache { > enable = yes > max_entries = 255 > } > verify { > } > ocsp { > enable = no > override_cert_url = yes > url = "http://127.0.0.1/ocsp/"; > } > } > tls { > tls = tls-common > } > ttls { > tls = tls-common > default_eap_type = mschapv2 > copy_request_to_tunnel = no > use_tunneled_reply = no > virtual_server = "inner-tunnel" > } > peap { > tls = tls-common > default_eap_type = mschapv2 > copy_request_to_tunnel = no > use_tunneled_reply = no > virtual_server = "inner-tunnel" > } > mschapv2 { > } > } > > > >> Hi! >> >> I haven't tested radius+wpa before; what's your radius config look like? >> >> (It'd be good to document how to do this in the wiki/handbook.) >> >> >> >> -a > > > On 13 May 2015 at 05:11, Marcin Michta <[email protected]> wrote: >> Hi all, >> So I'm trying configure hostapd to work (peap + mschapv2). I tried >> connect by wpa_suplicant on FreeBSD, and Ubuntu with gui, but without >> success. >> Freeradius allow to connect, but connections are failed - every time get: >> >> hostapd_wpa_auth_disconnect: WPA authenticator requests disconnect: >> STA >> 00:24:d7:6f:eb:c4 reason 2 >> >> >> >> Where is mistake/bug? Or what is wrong? >> log: >> >> 1431101834.596845: Configuration file: hostapd.conf >> >> 1431101834.596913: Line 10: DEPRECATED: 'debug' configuration variable >> is not used anymore >> >> 1431101834.626788: ctrl_interface_group=0 >> >> 1431101834.627088: BSS count 1, BSSID mask 00:00:00:00:00:00 (0 bits) >> >> 1431101834.627098: Completing interface initialization >> >> 1431101834.627101: Flushing old station entries >> >> 1431101834.627109: Deauthenticate all stations >> >> 1431101834.627113: bsd_set_privacy: enabled=0 >> >> 1431101834.627117: bsd_set_key: alg=0 addr=0x0 key_idx=0 set_tx=1 >> seq_len=0 >> key_len=0 >> >> 1431101834.627120: bsd_del_key: key_idx=0 >> >> 1431101834.627124: bsd_set_key: alg=0 addr=0x0 key_idx=1 set_tx=0 >> seq_len=0 >> key_len=0 >> >> 1431101834.627127: bsd_del_key: key_idx=1 >> >> 1431101834.627130: bsd_set_key: alg=0 addr=0x0 key_idx=2 set_tx=0 >> seq_len=0 >> key_len=0 >> >> 1431101834.627133: bsd_del_key: key_idx=2 >> >> 1431101834.627136: bsd_set_key: alg=0 addr=0x0 key_idx=3 set_tx=0 >> seq_len=0 >> key_len=0 >> >> 1431101834.627139: bsd_del_key: key_idx=3 >> >> 1431101834.627143: Using interface wlan0 with hwaddr 00:0e:2e:c4:2f:e7 >> and ssid 'RADIUS' >> >> 1431101834.627155: wlan0: RADIUS Authentication server >> 10.146.20.137:1812 >> >> 1431101834.627257: RADIUS local address: 10.146.103.7:14137 >> >> 1431101834.627270: wlan0: RADIUS Accounting server 10.146.20.137:1813 >> >> 1431101834.627288: RADIUS local address: 10.146.103.7:14773 >> >> 1431101834.627294: bsd_set_ieee8021x: enabled=1 >> >> 1431101834.627296: bsd_configure_wpa: enable WPA= 0x1 >> >> 1431101834.627514: WPA: group state machine entering state GTK_INIT >> (VLAN-ID >> 0) >> >> 1431101834.627527: GMK - hexdump(len=32): [REMOVED] >> >> 1431101834.627530: GTK - hexdump(len=32): [REMOVED] >> >> 1431101834.627532: WPA: group state machine entering state SETKEYSDONE >> (VLAN-ID 0) >> >> 1431101834.627535: bsd_set_key: alg=2 addr=0x0 key_idx=1 set_tx=1 >> seq_len=0 >> key_len=32 >> >> 1431101834.632173: ioctl[SIOCS80211, op=19, val=0, arg_len=64]: Device >> not configured >> >> 1431101834.632194: bsd_set_privacy: enabled=1 >> >> 1431101834.632200: bsd_set_opt_ie: set WPA+RSN ie (len 24) >> >> 1431101834.632229: wlan0: RADIUS Sending RADIUS message to accounting >> server >> >> 1431101834.632259: wlan0: RADIUS Next RADIUS client retransmit in 3 >> seconds >> >> >> >> 1431101834.702842: wlan0: Setup of interface done. >> >> 1431101834.702886: Discard routing message to if#0 (not for us 8) >> >> >> >> 1431101834.702897: wlan0: RADIUS Received 20 bytes from RADIUS server >> >> 1431101834.702914: wlan0: RADIUS Received RADIUS message >> >> 1431101834.702925: wlan0: STA 00:00:00:00:00:00 RADIUS: Received >> RADIUS packet matched with a pending request, round trip time 0.07 sec >> >> 1431101867.876189: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.11: >> associated >> >> 1431101867.876215: STA included WPA IE in (Re)AssocReq >> >> 1431101867.876220: New STA >> >> 1431101867.876230: wlan0: STA 00:24:d7:6f:eb:c4 WPA: event 1 >> notification >> >> 1431101867.876243: bsd_set_key: alg=0 addr=0x8014908d0 key_idx=0 >> set_tx=1 >> seq_len=0 key_len=0 >> >> 1431101867.876248: bsd_del_key: addr=00:24:d7:6f:eb:c4 >> >> 1431101867.876258: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: start >> authentication >> >> 1431101867.876270: EAP: Server state machine created >> >> 1431101867.876275: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state IDLE >> >> 1431101867.876279: IEEE 802.1X: 00:24:d7:6f:eb:c4 CTRL_DIR entering >> state FORCE_BOTH >> >> 1431101867.876291: wlan0: STA 00:24:d7:6f:eb:c4 WPA: start >> authentication >> >> 1431101867.876302: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state >> INITIALIZE >> >> 1431101867.876307: bsd_set_key: alg=0 addr=0x8014908d0 key_idx=0 >> set_tx=1 >> seq_len=0 key_len=0 >> >> 1431101867.876310: bsd_del_key: addr=00:24:d7:6f:eb:c4 >> >> 1431101867.876316: WPA: 00:24:d7:6f:eb:c4 WPA_PTK_GROUP entering state >> IDLE >> >> 1431101867.876319: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state >> AUTHENTICATION >> >> 1431101867.876322: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state >> AUTHENTICATION2 >> >> 1431101867.876329: IEEE 802.1X: 00:24:d7:6f:eb:c4 AUTH_PAE entering >> state DISCONNECTED >> >> 1431101867.876337: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: >> unauthorizing port >> >> 1431101867.876348: IEEE 802.1X: 00:24:d7:6f:eb:c4 AUTH_PAE entering >> state RESTART >> >> 1431101867.876354: EAP: EAP entering state INITIALIZE >> >> 1431101867.876358: CTRL-EVENT-EAP-STARTED 00:24:d7:6f:eb:c4 >> >> 1431101867.876360: EAP: EAP entering state SELECT_ACTION >> >> 1431101867.876362: EAP: getDecision: no identity known yet -> CONTINUE >> >> 1431101867.876364: EAP: EAP entering state PROPOSE_METHOD >> >> 1431101867.876366: EAP: getNextMethod: vendor 0 type 1 >> >> 1431101867.876369: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1 >> >> 1431101867.876371: EAP: EAP entering state METHOD_REQUEST >> >> 1431101867.876374: EAP: building EAP-Request: Identifier 77 >> >> 1431101867.876377: EAP: EAP entering state SEND_REQUEST >> >> 1431101867.876379: EAP: EAP entering state IDLE >> >> 1431101867.876381: EAP: retransmit timeout 3 seconds (from dynamic >> back off; >> retransCount=0) >> >> 1431101867.876383: IEEE 802.1X: 00:24:d7:6f:eb:c4 AUTH_PAE entering >> state CONNECTING >> >> 1431101867.876386: IEEE 802.1X: 00:24:d7:6f:eb:c4 AUTH_PAE entering >> state AUTHENTICATING >> >> 1431101867.876389: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state REQUEST >> >> 1431101867.876394: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending >> EAP Packet (identifier 77) >> >> 1431101867.880287: IEEE 802.1X: 14 bytes from 00:24:d7:6f:eb:c4 >> >> 1431101867.880294: IEEE 802.1X: version=1 type=0 length=10 >> >> 1431101867.880298: EAP: code=2 identifier=77 length=10 >> >> 1431101867.880300: (response) >> >> 1431101867.880305: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received >> EAP packet (code=2 id=77 len=10) from STA: EAP Response-Identity (1) >> >> 1431101867.880322: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state RESPONSE >> >> 1431101867.880326: EAP: EAP entering state RECEIVED >> >> 1431101867.880328: EAP: parseEapResp: rxResp=1 respId=77 respMethod=1 >> respVendor=0 respVendorMethod=0 >> >> 1431101867.880331: EAP: EAP entering state INTEGRITY_CHECK >> >> 1431101867.880333: EAP: EAP entering state METHOD_RESPONSE >> >> 1431101867.880335: EAP-Identity: Peer identity - hexdump_ascii(len=5): >> >> 7a 65 6e 6f 6e zenon >> >> 1431101867.880341: EAP: EAP entering state SELECT_ACTION >> >> 1431101867.880343: EAP: getDecision: -> PASSTHROUGH >> >> 1431101867.880345: EAP: EAP entering state INITIALIZE_PASSTHROUGH >> >> 1431101867.880347: EAP: EAP entering state AAA_REQUEST >> >> 1431101867.880348: EAP: EAP entering state AAA_IDLE >> >> 1431101867.880353: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: STA >> identity 'zenon' >> >> 1431101867.880363: Encapsulating EAP message into a RADIUS packet >> >> 1431101867.880379: wlan0: RADIUS Sending RADIUS message to >> authentication server >> >> 1431101867.880399: wlan0: RADIUS Next RADIUS client retransmit in 3 >> seconds >> >> >> >> 1431101867.882189: wlan0: RADIUS Received 64 bytes from RADIUS server >> >> 1431101867.882237: wlan0: RADIUS Received RADIUS message >> >> 1431101867.882254: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received >> RADIUS packet matched with a pending request, round trip time 0.00 sec >> >> 1431101867.882272: RADIUS packet matching with station >> 00:24:d7:6f:eb:c4 >> >> 1431101867.882284: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: >> decapsulated EAP packet (code=1 id=78 len=6) from RADIUS server: >> EAP-Request-PEAP (25) >> >> 1431101867.882305: EAP: EAP entering state AAA_RESPONSE >> >> 1431101867.882308: EAP: getId: id=78 >> >> 1431101867.882311: EAP: EAP entering state SEND_REQUEST2 >> >> 1431101867.882313: EAP: EAP entering state IDLE2 >> >> 1431101867.882314: EAP: retransmit timeout 3 seconds (from dynamic >> back off; >> retransCount=0) >> >> 1431101867.882317: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state REQUEST >> >> 1431101867.882322: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending >> EAP Packet (identifier 78) >> >> 1431101867.883893: IEEE 802.1X: 122 bytes from 00:24:d7:6f:eb:c4 >> >> 1431101867.883907: IEEE 802.1X: version=1 type=0 length=118 >> >> 1431101867.883923: EAP: code=2 identifier=78 length=118 >> >> 1431101867.883925: (response) >> >> 1431101867.883930: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received >> EAP packet (code=2 id=78 len=118) from STA: EAP Response-PEAP (25) >> >> 1431101867.883947: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state RESPONSE >> >> 1431101867.883952: EAP: EAP entering state RECEIVED2 >> >> 1431101867.883954: EAP: parseEapResp: rxResp=1 respId=78 respMethod=25 >> respVendor=0 respVendorMethod=0 >> >> 1431101867.883956: EAP: EAP entering state AAA_REQUEST >> >> 1431101867.883959: EAP: EAP entering state AAA_IDLE >> >> 1431101867.883961: Encapsulating EAP message into a RADIUS packet >> >> 1431101867.883969: Copied RADIUS State Attribute >> >> 1431101867.883975: wlan0: RADIUS Sending RADIUS message to >> authentication server >> >> 1431101867.883995: wlan0: RADIUS Next RADIUS client retransmit in 3 >> seconds >> >> >> >> 1431101867.890371: wlan0: RADIUS Received 1068 bytes from RADIUS >> server >> >> 1431101867.890413: wlan0: RADIUS Received RADIUS message >> >> 1431101867.890427: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received >> RADIUS packet matched with a pending request, round trip time 0.00 sec >> >> 1431101867.890450: RADIUS packet matching with station >> 00:24:d7:6f:eb:c4 >> >> 1431101867.890461: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: >> decapsulated EAP packet (code=1 id=79 len=1004) from RADIUS server: >> EAP-Request-PEAP (25) >> >> 1431101867.890483: EAP: EAP entering state AAA_RESPONSE >> >> 1431101867.890486: EAP: getId: id=79 >> >> 1431101867.890489: EAP: EAP entering state SEND_REQUEST2 >> >> 1431101867.890491: EAP: EAP entering state IDLE2 >> >> 1431101867.890493: EAP: retransmit timeout 3 seconds (from dynamic >> back off; >> retransCount=0) >> >> 1431101867.890495: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state REQUEST >> >> 1431101867.890500: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending >> EAP Packet (identifier 79) >> >> 1431101867.892393: IEEE 802.1X: 10 bytes from 00:24:d7:6f:eb:c4 >> >> 1431101867.892408: IEEE 802.1X: version=1 type=0 length=6 >> >> 1431101867.892423: EAP: code=2 identifier=79 length=6 >> >> 1431101867.892426: (response) >> >> 1431101867.892430: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received >> EAP packet (code=2 id=79 len=6) from STA: EAP Response-PEAP (25) >> >> 1431101867.892450: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state RESPONSE >> >> 1431101867.892454: EAP: EAP entering state RECEIVED2 >> >> 1431101867.892456: EAP: parseEapResp: rxResp=1 respId=79 respMethod=25 >> respVendor=0 respVendorMethod=0 >> >> 1431101867.892459: EAP: EAP entering state AAA_REQUEST >> >> 1431101867.892461: EAP: EAP entering state AAA_IDLE >> >> 1431101867.892463: Encapsulating EAP message into a RADIUS packet >> >> 1431101867.892471: Copied RADIUS State Attribute >> >> 1431101867.892477: wlan0: RADIUS Sending RADIUS message to >> authentication server >> >> 1431101867.892496: wlan0: RADIUS Next RADIUS client retransmit in 3 >> seconds >> >> >> >> 1431101867.893138: wlan0: RADIUS Received 1064 bytes from RADIUS >> server >> >> 1431101867.893185: wlan0: RADIUS Received RADIUS message >> >> 1431101867.893204: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received >> RADIUS packet matched with a pending request, round trip time 0.00 sec >> >> 1431101867.893222: RADIUS packet matching with station >> 00:24:d7:6f:eb:c4 >> >> 1431101867.893229: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: >> decapsulated EAP packet (code=1 id=80 len=1000) from RADIUS server: >> EAP-Request-PEAP (25) >> >> 1431101867.893245: EAP: EAP entering state AAA_RESPONSE >> >> 1431101867.893249: EAP: getId: id=80 >> >> 1431101867.893251: EAP: EAP entering state SEND_REQUEST2 >> >> 1431101867.893253: EAP: EAP entering state IDLE2 >> >> 1431101867.893255: EAP: retransmit timeout 3 seconds (from dynamic >> back off; >> retransCount=0) >> >> 1431101867.893257: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state REQUEST >> >> 1431101867.893262: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending >> EAP Packet (identifier 80) >> >> 1431101867.894019: IEEE 802.1X: 10 bytes from 00:24:d7:6f:eb:c4 >> >> 1431101867.894043: IEEE 802.1X: version=1 type=0 length=6 >> >> 1431101867.894047: EAP: code=2 identifier=80 length=6 >> >> 1431101867.894049: (response) >> >> 1431101867.894054: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received >> EAP packet (code=2 id=80 len=6) from STA: EAP Response-PEAP (25) >> >> 1431101867.894074: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state RESPONSE >> >> 1431101867.894078: EAP: EAP entering state RECEIVED2 >> >> 1431101867.894080: EAP: parseEapResp: rxResp=1 respId=80 respMethod=25 >> respVendor=0 respVendorMethod=0 >> >> 1431101867.894083: EAP: EAP entering state AAA_REQUEST >> >> 1431101867.894085: EAP: EAP entering state AAA_IDLE >> >> 1431101867.894087: Encapsulating EAP message into a RADIUS packet >> >> 1431101867.894095: Copied RADIUS State Attribute >> >> 1431101867.894101: wlan0: RADIUS Sending RADIUS message to >> authentication server >> >> 1431101867.894121: wlan0: RADIUS Next RADIUS client retransmit in 3 >> seconds >> >> >> >> 1431101867.894735: wlan0: RADIUS Received 968 bytes from RADIUS server >> >> 1431101867.894777: wlan0: RADIUS Received RADIUS message >> >> 1431101867.894792: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received >> RADIUS packet matched with a pending request, round trip time 0.00 sec >> >> 1431101867.894814: RADIUS packet matching with station >> 00:24:d7:6f:eb:c4 >> >> 1431101867.894828: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: >> decapsulated EAP packet (code=1 id=81 len=904) from RADIUS server: >> EAP-Request-PEAP (25) >> >> 1431101867.894847: EAP: EAP entering state AAA_RESPONSE >> >> 1431101867.894851: EAP: getId: id=81 >> >> 1431101867.894853: EAP: EAP entering state SEND_REQUEST2 >> >> 1431101867.894855: EAP: EAP entering state IDLE2 >> >> 1431101867.894857: EAP: retransmit timeout 3 seconds (from dynamic >> back off; >> retransCount=0) >> >> 1431101867.894859: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state REQUEST >> >> 1431101867.894864: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending >> EAP Packet (identifier 81) >> >> 1431101867.902143: IEEE 802.1X: 212 bytes from 00:24:d7:6f:eb:c4 >> >> 1431101867.902157: IEEE 802.1X: version=1 type=0 length=208 >> >> 1431101867.902173: EAP: code=2 identifier=81 length=208 >> >> 1431101867.902175: (response) >> >> 1431101867.902180: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received >> EAP packet (code=2 id=81 len=208) from STA: EAP Response-PEAP (25) >> >> 1431101867.902198: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state RESPONSE >> >> 1431101867.902203: EAP: EAP entering state RECEIVED2 >> >> 1431101867.902205: EAP: parseEapResp: rxResp=1 respId=81 respMethod=25 >> respVendor=0 respVendorMethod=0 >> >> 1431101867.902207: EAP: EAP entering state AAA_REQUEST >> >> 1431101867.902209: EAP: EAP entering state AAA_IDLE >> >> 1431101867.902211: Encapsulating EAP message into a RADIUS packet >> >> 1431101867.902219: Copied RADIUS State Attribute >> >> 1431101867.902225: wlan0: RADIUS Sending RADIUS message to >> authentication server >> >> 1431101867.902244: wlan0: RADIUS Next RADIUS client retransmit in 3 >> seconds >> >> >> >> 1431101867.905030: wlan0: RADIUS Received 123 bytes from RADIUS server >> >> 1431101867.905067: wlan0: RADIUS Received RADIUS message >> >> 1431101867.905078: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received >> RADIUS packet matched with a pending request, round trip time 0.00 sec >> >> 1431101867.905090: RADIUS packet matching with station >> 00:24:d7:6f:eb:c4 >> >> 1431101867.905097: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: >> decapsulated EAP packet (code=1 id=82 len=65) from RADIUS server: >> EAP-Request-PEAP (25) >> >> 1431101867.905114: EAP: EAP entering state AAA_RESPONSE >> >> 1431101867.905118: EAP: getId: id=82 >> >> 1431101867.905120: EAP: EAP entering state SEND_REQUEST2 >> >> 1431101867.905122: EAP: EAP entering state IDLE2 >> >> 1431101867.905124: EAP: retransmit timeout 3 seconds (from dynamic >> back off; >> retransCount=0) >> >> 1431101867.905126: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state REQUEST >> >> 1431101867.905131: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending >> EAP Packet (identifier 82) >> >> 1431101867.905787: IEEE 802.1X: 10 bytes from 00:24:d7:6f:eb:c4 >> >> 1431101867.905794: IEEE 802.1X: version=1 type=0 length=6 >> >> 1431101867.905797: EAP: code=2 identifier=82 length=6 >> >> 1431101867.905799: (response) >> >> 1431101867.905804: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received >> EAP packet (code=2 id=82 len=6) from STA: EAP Response-PEAP (25) >> >> 1431101867.905822: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state RESPONSE >> >> 1431101867.905826: EAP: EAP entering state RECEIVED2 >> >> 1431101867.905828: EAP: parseEapResp: rxResp=1 respId=82 respMethod=25 >> respVendor=0 respVendorMethod=0 >> >> 1431101867.905831: EAP: EAP entering state AAA_REQUEST >> >> 1431101867.905833: EAP: EAP entering state AAA_IDLE >> >> 1431101867.905835: Encapsulating EAP message into a RADIUS packet >> >> 1431101867.905843: Copied RADIUS State Attribute >> >> 1431101867.905848: wlan0: RADIUS Sending RADIUS message to >> authentication server >> >> 1431101867.905867: wlan0: RADIUS Next RADIUS client retransmit in 3 >> seconds >> >> >> >> 1431101867.906465: wlan0: RADIUS Received 101 bytes from RADIUS server >> >> 1431101867.906501: wlan0: RADIUS Received RADIUS message >> >> 1431101867.906512: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received >> RADIUS packet matched with a pending request, round trip time 0.00 sec >> >> 1431101867.906523: RADIUS packet matching with station >> 00:24:d7:6f:eb:c4 >> >> 1431101867.906529: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: >> decapsulated EAP packet (code=1 id=83 len=43) from RADIUS server: >> EAP-Request-PEAP (25) >> >> 1431101867.906541: EAP: EAP entering state AAA_RESPONSE >> >> 1431101867.906544: EAP: getId: id=83 >> >> 1431101867.906546: EAP: EAP entering state SEND_REQUEST2 >> >> 1431101867.906548: EAP: EAP entering state IDLE2 >> >> 1431101867.906550: EAP: retransmit timeout 3 seconds (from dynamic >> back off; >> retransCount=0) >> >> 1431101867.906552: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state REQUEST >> >> 1431101867.906556: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending >> EAP Packet (identifier 83) >> >> 1431101867.907142: IEEE 802.1X: 84 bytes from 00:24:d7:6f:eb:c4 >> >> 1431101867.907155: IEEE 802.1X: version=1 type=0 length=80 >> >> 1431101867.907172: EAP: code=2 identifier=83 length=80 >> >> 1431101867.907174: (response) >> >> 1431101867.907179: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received >> EAP packet (code=2 id=83 len=80) from STA: EAP Response-PEAP (25) >> >> 1431101867.907196: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state RESPONSE >> >> 1431101867.907200: EAP: EAP entering state RECEIVED2 >> >> 1431101867.907202: EAP: parseEapResp: rxResp=1 respId=83 respMethod=25 >> respVendor=0 respVendorMethod=0 >> >> 1431101867.907204: EAP: EAP entering state AAA_REQUEST >> >> 1431101867.907206: EAP: EAP entering state AAA_IDLE >> >> 1431101867.907208: Encapsulating EAP message into a RADIUS packet >> >> 1431101867.907216: Copied RADIUS State Attribute >> >> 1431101867.907221: wlan0: RADIUS Sending RADIUS message to >> authentication server >> >> 1431101867.907240: wlan0: RADIUS Next RADIUS client retransmit in 3 >> seconds >> >> >> >> 1431101867.907972: wlan0: RADIUS Received 133 bytes from RADIUS server >> >> 1431101867.908012: wlan0: RADIUS Received RADIUS message >> >> 1431101867.908027: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received >> RADIUS packet matched with a pending request, round trip time 0.00 sec >> >> 1431101867.908046: RADIUS packet matching with station >> 00:24:d7:6f:eb:c4 >> >> 1431101867.908057: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: >> decapsulated EAP packet (code=1 id=84 len=75) from RADIUS server: >> EAP-Request-PEAP (25) >> >> 1431101867.908077: EAP: EAP entering state AAA_RESPONSE >> >> 1431101867.908080: EAP: getId: id=84 >> >> 1431101867.908082: EAP: EAP entering state SEND_REQUEST2 >> >> 1431101867.908085: EAP: EAP entering state IDLE2 >> >> 1431101867.908086: EAP: retransmit timeout 3 seconds (from dynamic >> back off; >> retransCount=0) >> >> 1431101867.908089: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state REQUEST >> >> 1431101867.908094: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending >> EAP Packet (identifier 84) >> >> 1431101867.909646: IEEE 802.1X: 148 bytes from 00:24:d7:6f:eb:c4 >> >> 1431101867.909670: IEEE 802.1X: version=1 type=0 length=144 >> >> 1431101867.909674: EAP: code=2 identifier=84 length=144 >> >> 1431101867.909677: (response) >> >> 1431101867.909684: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received >> EAP packet (code=2 id=84 len=144) from STA: EAP Response-PEAP (25) >> >> 1431101867.909709: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state RESPONSE >> >> 1431101867.909716: EAP: EAP entering state RECEIVED2 >> >> 1431101867.909719: EAP: parseEapResp: rxResp=1 respId=84 respMethod=25 >> respVendor=0 respVendorMethod=0 >> >> 1431101867.909724: EAP: EAP entering state AAA_REQUEST >> >> 1431101867.909728: EAP: EAP entering state AAA_IDLE >> >> 1431101867.909732: Encapsulating EAP message into a RADIUS packet >> >> 1431101867.909743: Copied RADIUS State Attribute >> >> 1431101867.909753: wlan0: RADIUS Sending RADIUS message to >> authentication server >> >> 1431101867.909781: wlan0: RADIUS Next RADIUS client retransmit in 3 >> seconds >> >> >> >> 1431101867.920871: wlan0: RADIUS Received 149 bytes from RADIUS server >> >> 1431101867.920907: wlan0: RADIUS Received RADIUS message >> >> 1431101867.920923: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received >> RADIUS packet matched with a pending request, round trip time 0.01 sec >> >> 1431101867.920942: RADIUS packet matching with station >> 00:24:d7:6f:eb:c4 >> >> 1431101867.920952: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: >> decapsulated EAP packet (code=1 id=85 len=91) from RADIUS server: >> EAP-Request-PEAP (25) >> >> 1431101867.920972: EAP: EAP entering state AAA_RESPONSE >> >> 1431101867.920976: EAP: getId: id=85 >> >> 1431101867.920977: EAP: EAP entering state SEND_REQUEST2 >> >> 1431101867.920979: EAP: EAP entering state IDLE2 >> >> 1431101867.920981: EAP: retransmit timeout 3 seconds (from dynamic >> back off; >> retransCount=0) >> >> 1431101867.920984: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state REQUEST >> >> 1431101867.920988: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending >> EAP Packet (identifier 85) >> >> 1431101867.922767: IEEE 802.1X: 84 bytes from 00:24:d7:6f:eb:c4 >> >> 1431101867.922782: IEEE 802.1X: version=1 type=0 length=80 >> >> 1431101867.922798: EAP: code=2 identifier=85 length=80 >> >> 1431101867.922800: (response) >> >> 1431101867.922804: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received >> EAP packet (code=2 id=85 len=80) from STA: EAP Response-PEAP (25) >> >> 1431101867.922823: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state RESPONSE >> >> 1431101867.922827: EAP: EAP entering state RECEIVED2 >> >> 1431101867.922829: EAP: parseEapResp: rxResp=1 respId=85 respMethod=25 >> respVendor=0 respVendorMethod=0 >> >> 1431101867.922832: EAP: EAP entering state AAA_REQUEST >> >> 1431101867.922834: EAP: EAP entering state AAA_IDLE >> >> 1431101867.922837: Encapsulating EAP message into a RADIUS packet >> >> 1431101867.922844: Copied RADIUS State Attribute >> >> 1431101867.922850: wlan0: RADIUS Sending RADIUS message to >> authentication server >> >> 1431101867.922869: wlan0: RADIUS Next RADIUS client retransmit in 3 >> seconds >> >> >> >> 1431101867.962095: wlan0: RADIUS Received 101 bytes from RADIUS server >> >> 1431101867.962130: wlan0: RADIUS Received RADIUS message >> >> 1431101867.962140: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received >> RADIUS packet matched with a pending request, round trip time 0.03 sec >> >> 1431101867.962152: RADIUS packet matching with station >> 00:24:d7:6f:eb:c4 >> >> 1431101867.962158: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: >> decapsulated EAP packet (code=1 id=86 len=43) from RADIUS server: >> EAP-Request-PEAP (25) >> >> 1431101867.962171: EAP: EAP entering state AAA_RESPONSE >> >> 1431101867.962174: EAP: getId: id=86 >> >> 1431101867.962176: EAP: EAP entering state SEND_REQUEST2 >> >> 1431101867.962178: EAP: EAP entering state IDLE2 >> >> 1431101867.962179: EAP: retransmit timeout 3 seconds (from dynamic >> back off; >> retransCount=0) >> >> 1431101867.962182: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state REQUEST >> >> 1431101867.962186: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending >> EAP Packet (identifier 86) >> >> 1431101867.970388: IEEE 802.1X: 84 bytes from 00:24:d7:6f:eb:c4 >> >> 1431101867.970403: IEEE 802.1X: version=1 type=0 length=80 >> >> 1431101867.970419: EAP: code=2 identifier=86 length=80 >> >> 1431101867.970421: (response) >> >> 1431101867.970426: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: received >> EAP packet (code=2 id=86 len=80) from STA: EAP Response-PEAP (25) >> >> 1431101867.970446: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state RESPONSE >> >> 1431101867.970450: EAP: EAP entering state RECEIVED2 >> >> 1431101867.970452: EAP: parseEapResp: rxResp=1 respId=86 respMethod=25 >> respVendor=0 respVendorMethod=0 >> >> 1431101867.970455: EAP: EAP entering state AAA_REQUEST >> >> 1431101867.970457: EAP: EAP entering state AAA_IDLE >> >> 1431101867.970459: Encapsulating EAP message into a RADIUS packet >> >> 1431101867.970467: Copied RADIUS State Attribute >> >> 1431101867.970473: wlan0: RADIUS Sending RADIUS message to >> authentication server >> >> 1431101867.970492: wlan0: RADIUS Next RADIUS client retransmit in 3 >> seconds >> >> >> >> 1431101867.971435: wlan0: RADIUS Received 167 bytes from RADIUS server >> >> 1431101867.971473: wlan0: RADIUS Received RADIUS message >> >> 1431101867.971489: wlan0: STA 00:24:d7:6f:eb:c4 RADIUS: Received >> RADIUS packet matched with a pending request, round trip time 0.00 sec >> >> 1431101867.971507: RADIUS packet matching with station >> 00:24:d7:6f:eb:c4 >> >> 1431101867.971520: MS-MPPE-Send-Key - hexdump(len=32): [REMOVED] >> >> 1431101867.971524: MS-MPPE-Recv-Key - hexdump(len=32): [REMOVED] >> >> 1431101867.971529: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: old >> identity 'zenon' updated with User-Name from Access-Accept 'zenon' >> >> 1431101867.971545: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: >> decapsulated EAP packet (code=3 id=86 len=4) from RADIUS server: EAP >> Success >> >> 1431101867.971558: EAP: EAP entering state SUCCESS2 >> >> 1431101867.971561: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state SUCCESS >> >> 1431101867.971566: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.1X: Sending >> EAP Packet (identifier 86) >> >> 1431101867.971586: IEEE 802.1X: 00:24:d7:6f:eb:c4 BE_AUTH entering >> state IDLE >> >> 1431101867.971597: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state >> INITPMK >> >> 1431101867.971600: WPA: PMK from EAPOL state machine (len=64) >> >> 1431101867.971603: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state >> PTKSTART >> >> 1431101867.971607: wlan0: STA 00:24:d7:6f:eb:c4 WPA: sending 1/4 msg >> of 4-Way Handshake >> >> 1431101867.971618: WPA: Send EAPOL(version=1 secure=0 mic=0 ack=1 >> install=0 >> pairwise=8 kde_len=0 keyidx=0 encr=0) >> >> 1431101867.986144: IEEE 802.1X: 123 bytes from 00:24:d7:6f:eb:c4 >> >> 1431101867.986164: IEEE 802.1X: version=1 type=3 length=119 >> >> 1431101867.986174: wlan0: STA 00:24:d7:6f:eb:c4 WPA: received >> EAPOL-Key frame (2/4 Pairwise) >> >> 1431101867.986192: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state >> PTKCALCNEGOTIATING >> >> 1431101867.986213: WPA: PTK derivation - A1=00:0e:2e:c4:2f:e7 >> A2=00:24:d7:6f:eb:c4 >> >> 1431101867.986220: WPA: PMK - hexdump(len=32): [REMOVED] >> >> 1431101867.986224: WPA: PTK - hexdump(len=64): [REMOVED] >> >> 1431101867.986232: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state >> PTKCALCNEGOTIATING2 >> >> 1431101867.986237: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state >> PTKINITNEGOTIATING >> >> 1431101867.986243: bsd_get_seqnum: addr=00:00:00:00:00:00 idx=1 >> >> 1431101867.986255: wlan0: STA 00:24:d7:6f:eb:c4 WPA: sending 3/4 msg >> of 4-Way Handshake >> >> 1431101867.986272: WPA: Send EAPOL(version=1 secure=0 mic=1 ack=1 >> install=1 >> pairwise=8 kde_len=24 keyidx=0 encr=0) >> >> 1431101867.986765: IEEE 802.1X: 99 bytes from 00:24:d7:6f:eb:c4 >> >> 1431101867.986779: IEEE 802.1X: version=1 type=3 length=95 >> >> 1431101867.986797: wlan0: STA 00:24:d7:6f:eb:c4 WPA: received >> EAPOL-Key frame (4/4 Pairwise) >> >> 1431101867.986814: WPA: 00:24:d7:6f:eb:c4 WPA_PTK entering state >> PTKINITDONE >> >> 1431101867.986818: bsd_set_key: alg=2 addr=0x8014908d0 key_idx=0 >> set_tx=1 >> seq_len=0 key_len=32 >> >> 1431101867.986868: ioctl[SIOCS80211, op=19, val=0, arg_len=64]: Device >> not configured >> >> 1431101867.986874: hostapd_wpa_auth_disconnect: WPA authenticator >> requests >> disconnect: STA 00:24:d7:6f:eb:c4 reason 2 >> >> 1431101867.986901: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.11: >> deauthenticated due to local deauth request >> >> 1431101867.986919: EAP: Server state machine removed >> >> 1431101867.986928: wlan0: STA 00:24:d7:6f:eb:c4 IEEE 802.11: >> disassociated >> >> 1431101867.986936: Disassociation notification for unknown STA >> 00:24:d7:6f:eb:c4 >> >> ^C1431101872.085020: Signal 2 received - terminating >> >> 1431101872.085031: Flushing old station entries >> >> 1431101872.085040: Deauthenticate all stations >> >> 1431101872.085121: wlan0: RADIUS Sending RADIUS message to accounting >> server >> >> 1431101872.085149: bsd_set_privacy: enabled=0 >> >> 1431101872.085156: bsd_set_opt_ie: set WPA+RSN ie (len 0) >> >> 1431101872.085166: bsd_set_ieee8021x: enabled=0 >> >> >> >> hostapd.conf: >> >> interface=wlan0 >> >> driver=bsd >> >> logger_syslog=-1 >> >> logger_syslog_level=0 >> >> debug=2 >> >> dump_file=/tmp/hostapd.dump >> >> ctrl_interface=/var/run/hostapd >> >> ctrl_interface_group=0 >> >> ssid=RADIUS >> >> hw_mode=g >> >> own_ip_addr=127.0.0.1 >> >> ieee8021x=1 >> >> nas_identifier=app-k7 >> >> auth_server_addr=10.146.20.137 >> >> auth_server_port=1812 >> >> auth_server_shared_secret=azxswqtgbnhyt >> >> acct_server_addr=10.146.20.137 >> >> acct_server_port=1813 >> >> acct_server_shared_secret=azxswqtgbnhyt >> >> radius_retry_primary_interval=600 >> >> radius_acct_interim_interval=900 >> >> wpa=1 >> >> wpa_key_mgmt=WPA-EAP >> >> >> >> Best regards >> >> Marcin Michta >> >> _______________________________________________ >> [email protected] mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-wireless >> To unsubscribe, send any mail to "[email protected]" > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-wireless To unsubscribe, send any mail to "[email protected]"
