Oh wait, do you mean the NAS? Those are all Cisco Meraki MT24's running
OpenWRT
(hopefully once I get this sorted I'll be able to manage them with
openwisp). I've managed
to get a capture of one of the packets, I'm not seeing a User-Password
attribute at all.
22:42:45.609551 IP (tos 0x0, ttl 63, id 12096, offset 0, flags [none],
proto UDP (17), length 225)
10.141.99.51.41461 > 23684b3bc3a7.1812: [udp sum ok] RADIUS, length: 197
Access-Request (1), id: 0x88, Authenticator:
6841fe060f8f623bdc8c09250ccc73e8
User-Name Attribute (1), length: 10, Value: aleath56
0x0000: 616c 6561 7468 3536
Called-Station-Id Attribute (30), length: 31, Value:
8A-DC-96-07-AF-F5:GoodSamWifi
0x0000: 3841 2d44 432d 3936 2d30 372d 4146 2d46
0x0010: 353a 476f 6f64 5361 6d57 6966 69
NAS-Port-Type Attribute (61), length: 6, Value: Wireless - IEEE
802.11
0x0000: 0000 0013
Service-Type Attribute (6), length: 6, Value: Framed
0x0000: 0000 0002
NAS-Port Attribute (5), length: 6, Value: 1
0x0000: 0000 0001
Calling-Station-Id Attribute (31), length: 19, Value:
C0-EE-FB-5B-6A-1F
0x0000: 4330 2d45 452d 4642 2d35 422d 3641 2d31
0x0010: 46
Connect-Info Attribute (77), length: 24, Value: CONNECT 54Mbps
802.11a
0x0000: 434f 4e4e 4543 5420 3534 4d62 7073 2038
0x0010: 3032 2e31 3161
Acct-Session-Id Attribute (44), length: 18, Value:
3397D5BA38CC6B22
0x0000: 3333 3937 4435 4241 3338 4343 3642 3232
Unknown Attribute (186), length: 6, Value:
0x0000: 000f ac04
Unknown Attribute (187), length: 6, Value:
0x0000: 000f ac04
Unknown Attribute (188), length: 6, Value:
0x0000: 000f ac01
Framed-MTU Attribute (12), length: 6, Value: 1400
0x0000: 0000 0578
EAP-Message Attribute (79), length: 15, Value: ..
0x0000: 02e6 000d 0161 6c65 6174 6835 36
Message-Authenticator Attribute (80), length: 18, Value:
.....qV....Q...G
0x0000: aab7 b311 a071 5616 16cc ff51 e72e 0847
On Saturday, November 17, 2018 at 4:20:01 PM UTC-6, Marty Plummer wrote:
>
> Clients are varied, I've tried with android (running lineageos, relatively
> recent update) and
> windows 10 (yeah, I kinda expect that to be fucky). I also have some users
> using various
> mac hardware. The only thing that tests correctly is radtest and manual
> curl's.
>
> On Saturday, November 17, 2018 at 3:54:25 PM UTC-6, 2stacks wrote:
>>
>> Apologies if Im asking things you've already answered but what is the
>> client that should be sending the password? Have you tried capturing the
>> traffic to see if the password is being sent? Did you say if testing with
>> radtest works? Perhaps its not a freeradius config issue but something
>> wonky with the client.
>>
>> On Sat, Nov 17, 2018, 4:33 PM Marty Plummer <[email protected] wrote:
>>
>>> Even with using exactly and only what you have in the authorize...etc
>>> sections of
>>> sites-available/default, %{User-Password} still expands to empty. There
>>> has been
>>> no change to that regardless of what suggested changes I've made.
>>>
>>> On Saturday, November 17, 2018 at 1:42:08 PM UTC-6, Federico Capoano
>>> wrote:
>>>>
>>>> PS:
>>>>
>>>> On Saturday, November 17, 2018 at 8:28:29 PM UTC+1, Marty Plummer wrote:
>>>>>
>>>>> So is that authorize section the entire thing? as in, comment
>>>>> out/delete the defaults and
>>>>> replace it with that?
>>>>>
>>>>
>>>> Yes
>>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "OpenWISP" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
