Using freeradius, the system enters in an infinite loop

Ricardo1980 · September 10, 2017, 3:12pm

Hello,

I am using freeradius2 (not 3, because I want to use sql later), and it happens something really weird, an infinite loop when a user tries to connect from a wifi hotspot.

After installing freeradius, I only change 2 things:

Add:
ricardo Cleartext-Password := “testing”
to /etc/freeradius2/users

Comment out this

interface = br-lan

from /etc/freeradius2/radiusd.conf

I test the radius server using:
root@LEDE:/etc/freeradius2# echo "User-Name = ricardo, User-Password = testing" | radclient -x 127.0.0.1 auth testing123

And it works:
Sending Access-Request of id 28 to 127.0.0.1 port 1812
User-Name = "ricardo"
User-Password = "testing"
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=28, length=20

However, when I setup WPA Enterprise in the LEDE router (the same with freeradius server) and a user tries to connect, this infinite loop hapens:

No error or wanrning message message when runnning radiusd -XXX
Here the log:

I think it is not related with certificates, because I can see this in the log:
Sun Sep 10 14:07:31 2017 : Info: [peap] (other): SSL negotiation finished successfully

Apart from that, I have this package installed:
freeradius2-democerts

And in the iPhone, it says that the expiration date is next year.

It seems the user is being auth over and over again, but I don't understand the reason.

Do you have any idea or suggestion? Probably it is a small detail but I cannot see it.
Thanks a lot for your time.

EDIT:
It seems the problem is in hostapd. I see in the log that just after the connection, it's disconnected.
Sun Sep 10 16:34:28 2017 daemon.info hostapd: wlan0: STA c0:cc:f8:ec:55:f8 IEEE 802.11: associated
Sun Sep 10 16:34:28 2017 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-STARTED c0:cc:f8:ec:55:f8
Sun Sep 10 16:34:28 2017 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Sun Sep 10 16:34:28 2017 daemon.info hostapd: wlan0: STA c0:cc:f8:ec:55:f8 IEEE 802.11: disassociated
Sun Sep 10 16:34:28 2017 daemon.info hostapd: wlan0: STA c0:cc:f8:ec:55:f8 IEEE 802.11: disassociated
Sun Sep 10 16:34:29 2017 daemon.info hostapd: wlan0: STA c0:cc:f8:ec:55:f8 IEEE 802.11: associated
Sun Sep 10 16:34:29 2017 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-STARTED c0:cc:f8:ec:55:f8
Sun Sep 10 16:34:29 2017 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Sun Sep 10 16:34:29 2017 daemon.info hostapd: wlan0: STA c0:cc:f8:ec:55:f8 IEEE 802.11: disassociated
Sun Sep 10 16:34:29 2017 daemon.info hostapd: wlan0: STA c0:cc:f8:ec:55:f8 IEEE 802.11: disassociated
Sun Sep 10 16:34:29 2017 daemon.info hostapd: wlan0: STA c0:cc:f8:ec:55:f8 IEEE 802.11: associated
Sun Sep 10 16:34:29 2017 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-STARTED c0:cc:f8:ec:55:f8
Sun Sep 10 16:34:29 2017 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Sun Sep 10 16:34:30 2017 daemon.info hostapd: wlan0: STA c0:cc:f8:ec:55:f8 IEEE 802.11: disassociated
Sun Sep 10 16:34:30 2017 daemon.info hostapd: wlan0: STA c0:cc:f8:ec:55:f8 IEEE 802.11: disassociated

I followed the same steps with a MIKROTEK router I have, and everything is working perfectly.

Does the raspberry pi 3 hardware have the possibility to create an access point using wpa2 enterprise?
Thanks.