The radius server I tested with has all our company configs on it, so I don't want to tarball it.

To do a basic freeradius test with local user, the following should work.
Integrating will LDAP is a little bit more work

pkg install freeradius
You only need to edit 3 files in /usr/local/etc/raddb

vi users -> add the following to the end of the file:
"wifi"                          Cleartext-Password := "test"

vi clients.conf -> add the following to the end of the file:
client radtest {
        ipaddr                          = 146.64.5.0
        netmask                         = 24
        secret                          = test123
        require_message_authenticator   = no
        nastype                         = other
        shortname                       = 5net
}

vi  proxy.conf -> add the following to the end of the file:
realm LOCAL {
}
realm NULL {
}

run freeradius in debug mode:
radiusd -X

An android phone is usually a good test - configure the following:
PEAP
MSCHAPv2
identity - wifi
password - test

FreeBSD with wpa_supplicant.conf

     network={
             ssid="testAP"
             scan_ssid=1
             key_mgmt=WPA-EAP
             eap=PEAP
             identity="wifi"
             password="test"
             phase2="auth=MSCHAPV2"
     }

Johann

On 2015/05/21 08:03 PM, Adrian Chadd wrote:
HI,

Would you mind creating a tarball up with your radius and hostapd
configs? I'd like to repliate it at home ASAP.

Thanks!


-a


On 21 May 2015 at 10:17, Johann <jhugo.mer...@gmail.com> wrote:
I've tried it this morning on 11.0-CURRENT #172 r280972: Thu Apr  2 and it
worked.

Here is my configs.
rc.conf
wlans_ath0="wlan0"
create_args_wlan0="wlanmode hostap country ZA"
ifconfig_wlan0="mode 11g channel 6"
hostapd_enable="YES"
cloned_interfaces="bridge0"
ifconfig_bridge0="addm vr0 addm wlan0 up"
ifconfig_vr0="146.64.5.5/24 up"
defaultrouter="146.64.5.1"


hostapd.conf
interface=wlan0
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=testAP
hw_mode=g
channel=6

wpa=2
ignore_broadcast_ssid=0
wpa_pairwise=CCMP TKIP
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP CCMP
rsn_pairwise=CCMP

ieee8021x=1
own_ip_addr=146.64.5.5
auth_server_addr=146.64.8.20
auth_server_port=1812
auth_server_shared_secret=test123

Regards
Johann


On 2015/05/21 06:47 PM, Adrian Chadd wrote:
That's the plan. Once I fix a couple other things I'm going to go see
why it currently isn't working.



-adrian

On 21 May 2015 at 01:39, Willem Offermans <wil...@offermans.rompen.nl>
wrote:
Dear FreeBSD friends,

Sorry to interrupt here, but I got triggered by this e-mail thread.

Do I understand correctly that it is possible to connect hostapd with
FreeRadius and OpenLDAP? Would it be possible to do the authentication of
wireless access over the ldap server? If yes, do I need FreeRadius to
intermediate between hostapd and OpenLDAP?

Is there some documentation around to setup hostapd + OpenLDAP or hostapd
+
FreeRadius + OpenLDAP under FreeBSD?

Sorry, to interrp

On Wed, May 20, 2015 at 07:20:33PM +0200, Johann wrote:
On 2015/05/20 06:29 PM, Johann wrote:
On 2015/05/16 08:03 AM, Adrian Chadd wrote:
Hi,
Has this ever worked?
Yes.

I got it working in April 2012 on FreeBSD 8 and 9. I've used a
FreeRadius server and a FreeBSD client with wpa_supplicant to test
it.

At that stage you had to enable the eap_server when you compile hostapd

# echo HOSTAPD_CFLAGS+=-DEAP_SERVER >> /etc/src.conf
# cd /usr/src/usr.sbin/wpa/hostapd
# make
# make install

but Bernhard Schmidt fixed it so that EAP_SERVER was enabled by
default.


Here is the configs that I used:

rc.conf
hostname="AP-vlan"
wlans_ath0="wlan0"
create_args_wlan0="wlanmode hostap country ZA"
ifconfig_wlan0="146.64.5.5/24 mode 11g channel 6"
defaultrouter="146.64.5.1"
hostapd_enable="YES"
cloned_interfaces="bridge0"
ifconfig_bridge0="addm sis0 addm wlan0 up"
ifconfig_sis0="up"


hostapd.conf
interface=wlan0
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=testAP
hw_mode=g
channel=6

wpa=1
wpa_pairwise=CCMP TKIP
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP CCMP
rsn_pairwise=CCMP

Hope it helps

Regards
Johann
_______________________________________________
freebsd-wireless@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to
"freebsd-wireless-unsubscr...@freebsd.org"

Looks like this part of hostapd.conf got lost.

ieee8021x=1
own_ip_addr=146.64.5.5
auth_server_addr=146.64.8.25
auth_server_port=1812
auth_server_shared_secret=same-as-on-freeradius

Johann

_______________________________________________
freebsd-wireless@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to
"freebsd-wireless-unsubscr...@freebsd.org"
--
Met vriendelijke groeten,
With kind regards,
Mit freundlichen Gruessen,
De jrus wah,

Wiel

*************************************
   W.K. Offermans
_______________________________________________
freebsd-wireless@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to
"freebsd-wireless-unsubscr...@freebsd.org"


_______________________________________________
freebsd-wireless@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to "freebsd-wireless-unsubscr...@freebsd.org"

Reply via email to