On 01/09/2006, at 6:37 PM, Alan DeKok wrote:
Loukas Kalenderidis <[EMAIL PROTECTED]> wrote:
I've configured FreeRADIUS as best I can figure
from what I've found on the web, but I'm having no success with
getting WPA to work. I'm using a D-Link 2100AP access point, and a
Mac OS X 10.4 client. From what I can gather it seems that I might
have misconfigured FreeRADIUS, based on the error message below.
I've configured a test user as follows:
pants Auth-Type := Accept
That won't make WPA work. WPA requires a whole bunch of data
exchange before all the machines involved believe that net access has
been granted.
You have to configure users, passwords, and certificates for it
to work.
I've been trying to use an existing user that works with dialup
access, but kept having authorization rejected, so I decided to try
configuring that test user with Auth-Type:= Accept to simplify the
problem. Bad idea? I was under the impression I don't need
certificates unless I'm using TLS, is this incorrect?
The last 3 lines I found in a tutorial on the web, but I'm not sure
if they are necessary or not (and commenting them out makes no
difference).
They're for VLAN assignment. You don't need them.
Thanks.
Watching the traffic shows the Access-Accept packet being sent back
to the AP, but confusingly the AP sends an Access-Accept back to the
RADIUS server! (10.0.0.100 is the AP, 10.0.0.101 is the RADIUS
server):
That's what the debug log shows, too.
Is this what the following error is about?
Error: Authentication reply packet code 2 sent to a non-proxy reply
port from client testap:1025 - ID 0 : IGNORED
That makes more sense now.
Thanks,
Loukas
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
