The radius server I tested with has all our company configs on it, so I
don't want to tarball it.
To do a basic freeradius test with local user, the following should work.
Integrating will LDAP is a little bit more work
pkg install freeradius
You only need to edit 3 files in /usr/local/etc/raddb
vi users -> add the following to the end of the file:
"wifi" Cleartext-Password := "test"
vi clients.conf -> add the following to the end of the file:
client radtest {
ipaddr = 146.64.5.0
netmask = 24
secret = test123
require_message_authenticator = no
nastype = other
shortname = 5net
}
vi proxy.conf -> add the following to the end of the file:
realm LOCAL {
}
realm NULL {
}
run freeradius in debug mode:
radiusd -X
An android phone is usually a good test - configure the following:
PEAP
MSCHAPv2
identity - wifi
password - test
FreeBSD with wpa_supplicant.conf
network={
ssid="testAP"
scan_ssid=1
key_mgmt=WPA-EAP
eap=PEAP
identity="wifi"
password="test"
phase2="auth=MSCHAPV2"
}
Johann
On 2015/05/21 08:03 PM, Adrian Chadd wrote:
HI,
Would you mind creating a tarball up with your radius and hostapd
configs? I'd like to repliate it at home ASAP.
Thanks!
-a
On 21 May 2015 at 10:17, Johann <[email protected]> wrote:
I've tried it this morning on 11.0-CURRENT #172 r280972: Thu Apr 2 and it
worked.
Here is my configs.
rc.conf
wlans_ath0="wlan0"
create_args_wlan0="wlanmode hostap country ZA"
ifconfig_wlan0="mode 11g channel 6"
hostapd_enable="YES"
cloned_interfaces="bridge0"
ifconfig_bridge0="addm vr0 addm wlan0 up"
ifconfig_vr0="146.64.5.5/24 up"
defaultrouter="146.64.5.1"
hostapd.conf
interface=wlan0
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=testAP
hw_mode=g
channel=6
wpa=2
ignore_broadcast_ssid=0
wpa_pairwise=CCMP TKIP
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP CCMP
rsn_pairwise=CCMP
ieee8021x=1
own_ip_addr=146.64.5.5
auth_server_addr=146.64.8.20
auth_server_port=1812
auth_server_shared_secret=test123
Regards
Johann
On 2015/05/21 06:47 PM, Adrian Chadd wrote:
That's the plan. Once I fix a couple other things I'm going to go see
why it currently isn't working.
-adrian
On 21 May 2015 at 01:39, Willem Offermans <[email protected]>
wrote:
Dear FreeBSD friends,
Sorry to interrupt here, but I got triggered by this e-mail thread.
Do I understand correctly that it is possible to connect hostapd with
FreeRadius and OpenLDAP? Would it be possible to do the authentication of
wireless access over the ldap server? If yes, do I need FreeRadius to
intermediate between hostapd and OpenLDAP?
Is there some documentation around to setup hostapd + OpenLDAP or hostapd
+
FreeRadius + OpenLDAP under FreeBSD?
Sorry, to interrp
On Wed, May 20, 2015 at 07:20:33PM +0200, Johann wrote:
On 2015/05/20 06:29 PM, Johann wrote:
On 2015/05/16 08:03 AM, Adrian Chadd wrote:
Hi,
Has this ever worked?
Yes.
I got it working in April 2012 on FreeBSD 8 and 9. I've used a
FreeRadius server and a FreeBSD client with wpa_supplicant to test
it.
At that stage you had to enable the eap_server when you compile hostapd
# echo HOSTAPD_CFLAGS+=-DEAP_SERVER >> /etc/src.conf
# cd /usr/src/usr.sbin/wpa/hostapd
# make
# make install
but Bernhard Schmidt fixed it so that EAP_SERVER was enabled by
default.
Here is the configs that I used:
rc.conf
hostname="AP-vlan"
wlans_ath0="wlan0"
create_args_wlan0="wlanmode hostap country ZA"
ifconfig_wlan0="146.64.5.5/24 mode 11g channel 6"
defaultrouter="146.64.5.1"
hostapd_enable="YES"
cloned_interfaces="bridge0"
ifconfig_bridge0="addm sis0 addm wlan0 up"
ifconfig_sis0="up"
hostapd.conf
interface=wlan0
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=testAP
hw_mode=g
channel=6
wpa=1
wpa_pairwise=CCMP TKIP
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP CCMP
rsn_pairwise=CCMP
Hope it helps
Regards
Johann
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to
"[email protected]"
Looks like this part of hostapd.conf got lost.
ieee8021x=1
own_ip_addr=146.64.5.5
auth_server_addr=146.64.8.25
auth_server_port=1812
auth_server_shared_secret=same-as-on-freeradius
Johann
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to
"[email protected]"
--
Met vriendelijke groeten,
With kind regards,
Mit freundlichen Gruessen,
De jrus wah,
Wiel
*************************************
W.K. Offermans
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to
"[email protected]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to "[email protected]"
