Hello everyone! I am Momtahina Karim. I am a web developer, programmer,
blogger from Bangladesh. This year I am working for Openwisp. Cause, I love
python and there are many cool tasks based on python by Openwisp. Hoping
for a good contribution. Thanks:)
--
You received this message because
I highly doubt the merik documentation is relevant; I'm not running stock
firmware (which requires licenses
of a pricy, reoccurring sort) but openwrt.
On Saturday, November 17, 2018 at 10:36:48 PM UTC-6, 2stacks wrote:
>
> Sounds like your AP is configured for eap by default. Would explain the
Sounds like your AP is configured for eap by default. Would explain the
output in the Freeradius debug output. Glad you got it working. Some
additional info.
https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise
Haha! I've got it working. I moved most of the stuff you guys wanted in
sites-enabled/default into
sites-enabled/inner-tunnel and it works. default decrypts/whatever the eap
stuff, and passes that
into inner tunnel, which does the api stuff to actually auth the user.
Still need to work out some
Hmm. Grab a wireshark capture of a request using radtest for comparison.
Ill have to do some research on the Meraki MT24's.
On Sat, Nov 17, 2018, 6:19 PM Marty Plummer Nothing in there that I can see that looks like that. Do you mean an md5
> hash like say 'echo -n PasswordGoesHere | md5sum' or
Nothing in there that I can see that looks like that. Do you mean an md5
hash like say 'echo -n PasswordGoesHere | md5sum' or one of those salted
ones?
On Saturday, November 17, 2018 at 5:14:15 PM UTC-6, 2stacks wrote:
>
> Yes, sorry I meant NAS. You should see an md5 hash of the password in the
Yes, sorry I meant NAS. You should see an md5 hash of the password in the
access request packet. Use wireshark to decode each packet type. That
always helps me.
https://wiki.freeradius.org/protocol/Access-Request
On Sat, Nov 17, 2018, 5:53 PM Marty Plummer Oh wait, do you mean the NAS? Those
Oh wait, do you mean the NAS? Those are all Cisco Meraki MT24's running
OpenWRT
(hopefully once I get this sorted I'll be able to manage them with
openwisp). I've managed
to get a capture of one of the packets, I'm not seeing a User-Password
attribute at all.
22:42:45.609551 IP (tos 0x0, ttl
Clients are varied, I've tried with android (running lineageos, relatively
recent update) and
windows 10 (yeah, I kinda expect that to be fucky). I also have some users
using various
mac hardware. The only thing that tests correctly is radtest and manual
curl's.
On Saturday, November 17, 2018
Apologies if Im asking things you've already answered but what is the
client that should be sending the password? Have you tried capturing the
traffic to see if the password is being sent? Did you say if testing with
radtest works? Perhaps its not a freeradius config issue but something
wonky
Even with using exactly and only what you have in the authorize...etc
sections of
sites-available/default, %{User-Password} still expands to empty. There has
been
no change to that regardless of what suggested changes I've made.
On Saturday, November 17, 2018 at 1:42:08 PM UTC-6, Federico
Yeah, it looks almost exactly like that, but it expands to
{"username":"user", "password":""} << blank password.
On Saturday, November 17, 2018 at 1:42:08 PM UTC-6, Federico Capoano wrote:
>
> PS:
>
> On Saturday, November 17, 2018 at 8:28:29 PM UTC+1, Marty Plummer wrote:
>>
>> So is that
PS:
On Saturday, November 17, 2018 at 8:28:29 PM UTC+1, Marty Plummer wrote:
>
> So is that authorize section the entire thing? as in, comment out/delete
> the defaults and
> replace it with that?
>
Yes
--
You received this message because you are subscribed to the Google Groups
"OpenWISP"
Hey Henrique,
I'm trying to replicate this issue but I can't.
does that show up in the preview? If not, what other steps can be done to
reproduce it?
Thanks
Federico
On Friday, November 16, 2018 at 5:49:06 PM UTC+1, henriqsc wrote:
>
> Hi, I'm trying to transfer a shell script to my devices
So is that authorize section the entire thing? as in, comment out/delete
the defaults and
replace it with that?
I don't think that's a bug per se, or maybe it is, but when I manually curl
that json up with
a filled password attribute it 'works', but the User-Password attribute
always expands
Matheus, I think you can try to do that with some scripting, although I
would expect that if you are using a load balanced cluster of OpenWISP
servers they have identical data in it so the AP doesn't need to register
again but only change its URL.
Fed
On Tuesday, November 13, 2018 at
The current django-freeradius docs show a full authorize section in the
sample configuration:
https://django-freeradius.readthedocs.io/en/latest/general/freeradius.html#configure-the-site
At the end of the page the docs also state:
*Customizing your configuration*
You can further customize your
Well therein lies the problem. This is a freeradius config problem that
arises from a lack of
documentation on the part of django-freeradius. Nowhere in the docs does it
say you should
disable eap, and the only explicit mention of pap is a link to the rlm_pap
documentation for
a list of
18 matches
Mail list logo
