Hi all
I am struggling is setting up a working WPA2-EAP authentication using wpad full and freeradius2.
The problem is that I really don't understand what it is happening.
I have setup the client and an user in freeradius config, if I start rediusd -XX I get no error at all and in the end I see that freeradius is listening for connection:
Tue May 2 19:17:02 2017 : Debug: radiusd: #### Opening IP addresses and Ports ####
Tue May 2 19:17:02 2017 : Debug: listen {
Tue May 2 19:17:02 2017 : Debug: type = "auth"
Tue May 2 19:17:02 2017 : Debug: ipaddr = *
Tue May 2 19:17:02 2017 : Debug: port = 1812
Tue May 2 19:17:02 2017 : Debug: }
Tue May 2 19:17:02 2017 : Debug: listen {
Tue May 2 19:17:02 2017 : Debug: type = "acct"
Tue May 2 19:17:02 2017 : Debug: ipaddr = *
Tue May 2 19:17:02 2017 : Debug: port = 1813
Tue May 2 19:17:02 2017 : Debug: }
Tue May 2 19:17:02 2017 : Debug: Listening on authentication interface br-lan address * port 1812
Tue May 2 19:17:02 2017 : Debug: Listening on accounting interface br-lan address * port 1813
Tue May 2 19:17:02 2017 : Info: Ready to process requests.
`
I set in Luci WPA2-EAP and both authentication and accounting server to 127.0.0.1 (yes the freeradius server is on the same access point), port 1812 and 1813 and the correct secret (so far only one).
The problem is that the wireless clients cannot authenticate and no event is detected by the radiusd logs (no connection attempt, nothing) and wpad logs this error:
Tue May 2 19:23:08 2017 daemon.notice hostapd: recv[RADIUS]: Connection refused
Tue May 2 19:23:11 2017 daemon.notice hostapd: recv[RADIUS]: Connection refused
Tue May 2 19:23:17 2017 daemon.notice hostapd: recv[RADIUS]: Connection refused
Tue May 2 19:23:23 2017 daemon.notice hostapd: wlan1: RADIUS No response from Authentication server 127.0.0.1:1812 - failover
Tue May 2 19:23:23 2017 daemon.info hostapd: wlan1: RADIUS Authentication server 127.0.0.1:1812
Tue May 2 19:23:23 2017 daemon.notice hostapd: recv[RADIUS]: Connection refused
Now, looking at the openwrt manual for EAP setup it seems that the section has been modified recently. Before there was only a "server", no I see authentication and accounting, so maybe the problem is here