hi list, well, finally my linux based ap works with wpa-eap, i use debian etch,
madwifi-ng-r1475, freeradius 1.1.0 and hostapd 0.5.2. my ap can authenticate
users and they can connect to wlan, everything ok. but now result they cann't
surf internet because connection is very slow, they cann't inclusive access
google or yahoo, connection is too slow and requests are never completed or
delays among 35-120 seconds. i'm just performing tests, so ap and clients are
in same room.
and when clients authenticating get lots of messages like this:
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 BE_AUTH entering state IDLE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
WPA: 00:0f:66:11:c1:96 WPA_PTK entering state INITPMK
WPA: PMK from EAPOL state machine (len=32)
WPA: 00:0f:66:11:c1:96 WPA_PTK entering state PTKSTART
ath0: STA 00:0f:66:11:c1:96 WPA: sending 1/4 msg of 4-Way Handshake
WPA: Send EAPOL(secure=0 mic=0 ack=1 install=0 pairwise=1 ie_len=0 gtk_len=0
key idx=0 encr=0)
TX EAPOL - hexdump(len=113): 00 0f 66 11 c1 96 00 0f 66 11 c1 97 88 8e 02 03 00
5f fe 00 89 00 20 00 00 00 00 00 00 00 01 bb a5 40 06 72 ff 43 57 37 d3 d3 67
f1 5c 13 3f 6c 48 d1 fb 14 5a 31 ce b2 ce 47 a9 96 20 a5 20 00 00 00 00 00 00
00 0 0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
and authentication delays 2 minutes, is it normal??
using ethereal to monitor wlan get a lot (but really many) of messages like
this:
SOURCE DESTINATION PROTOCOL INFO
Cisco-Li_11:c1:96 192.168.50.1 MDS HEADER [Malformed
Packet]
where 192.168.50.1 is ap's ip direction.
these are my configuration files:
MADWIFI:
rmmod ath_pci
modprobe ath_pci autocreate=ap
ifconfig ath0 up
iwpriv ath0 mode 3
iwconfig ath0 essid MYWLAN
iwconfig ath0 channel auto
iwconfig ath0 bitrate 54M
echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/init.d/networking restart
IPTABLES=/sbin/iptables
$IPTABLES -F -t nat
$IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE
/etc/init.d/dhcp restart
HOSTAPD:
interface=ath0
driver=madwifi
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=1
debug=4
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=MYWLAN
macaddr_acl=0
auth_algs=1
ieee8021x=1
eap_server=0
own_ip_addr=127.0.0.1
nas_identifier=www.srvw1.com
auth_server_addr=127.0.0.1
auth_server_port=1812
auth_server_shared_secret=mywlan
acct_server_addr=127.0.0.1
acct_server_port=1813
acct_server_shared_secret=mywlan
wpa=1
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP
wpa_group_rekey=300
wpa_gmk_rekey=640
I think it's behavior is related to freeradius because i tested using only
hostapd with psk and without securities and everything was right, speed
connection and everything fine, but activating freeradius speed connection is
very poor.
so is in freeradius any parameter i should activate or change to avoid this
problem??
these are freeradius configuration files:
USERS:
"User1"
DEFAULT Auth-Type = EAP
Fall-Through = 1
CLIENTS:
client 192.168.50.0/24 {
secret = mywlan
shortname = MYWLAN
}
EAP:
eap {
default_eap_type = tls
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
leap {
}
tls {
private_key_file = ${raddbdir}/certs/www.srvw1.com.pem
certificate_file = /home/admin/test/www.srvw1.com.pem
CA_file = /home/admin/test/cacert.pem
dh_file = /home/admin/test/dh
random_file = /home/admin/test/random
fragment_size = 1024
include_length = yes
}
}
RADDB:
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
}
authenticate {
eap
}
_______________________________________________________________
Where can you observe the highest tides in the world?
postmaster.co.uk
http://www.postmaster.co.uk/cgi-bin/meme/quiz.pl?id=158
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
