Hello,
I am using freeradius2 (not 3, because I want to use sql later), and it happens something really weird, an infinite loop when a user tries to connect from a wifi hotspot.
After installing freeradius, I only change 2 things:
Add:
ricardo Cleartext-Password := “testing”
to /etc/freeradius2/users
Comment out this
interface = br-lan
from /etc/freeradius2/radiusd.conf
I test the radius server using:
root@LEDE:/etc/freeradius2# echo "User-Name = ricardo, User-Password = testing" | radclient -x 127.0.0.1 auth testing123
And it works:
Sending Access-Request of id 28 to 127.0.0.1 port 1812
User-Name = "ricardo"
User-Password = "testing"
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=28, length=20
However, when I setup WPA Enterprise in the LEDE router (the same with freeradius server) and a user tries to connect, this infinite loop hapens:
No error or wanrning message message when runnning radiusd -XXX
Here the log:
I think it is not related with certificates, because I can see this in the log:
Sun Sep 10 14:07:31 2017 : Info: [peap] (other): SSL negotiation finished successfully
Apart from that, I have this package installed:
freeradius2-democerts
And in the iPhone, it says that the expiration date is next year.
It seems the user is being auth over and over again, but I don't understand the reason.
Do you have any idea or suggestion? Probably it is a small detail but I cannot see it.
Thanks a lot for your time.
EDIT:
It seems the problem is in hostapd. I see in the log that just after the connection, it's disconnected.
Sun Sep 10 16:34:28 2017 daemon.info hostapd: wlan0: STA c0:cc:f8:ec:55:f8 IEEE 802.11: associated
Sun Sep 10 16:34:28 2017 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-STARTED c0:cc:f8:ec:55:f8
Sun Sep 10 16:34:28 2017 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Sun Sep 10 16:34:28 2017 daemon.info hostapd: wlan0: STA c0:cc:f8:ec:55:f8 IEEE 802.11: disassociated
Sun Sep 10 16:34:28 2017 daemon.info hostapd: wlan0: STA c0:cc:f8:ec:55:f8 IEEE 802.11: disassociated
Sun Sep 10 16:34:29 2017 daemon.info hostapd: wlan0: STA c0:cc:f8:ec:55:f8 IEEE 802.11: associated
Sun Sep 10 16:34:29 2017 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-STARTED c0:cc:f8:ec:55:f8
Sun Sep 10 16:34:29 2017 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Sun Sep 10 16:34:29 2017 daemon.info hostapd: wlan0: STA c0:cc:f8:ec:55:f8 IEEE 802.11: disassociated
Sun Sep 10 16:34:29 2017 daemon.info hostapd: wlan0: STA c0:cc:f8:ec:55:f8 IEEE 802.11: disassociated
Sun Sep 10 16:34:29 2017 daemon.info hostapd: wlan0: STA c0:cc:f8:ec:55:f8 IEEE 802.11: associated
Sun Sep 10 16:34:29 2017 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-STARTED c0:cc:f8:ec:55:f8
Sun Sep 10 16:34:29 2017 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Sun Sep 10 16:34:30 2017 daemon.info hostapd: wlan0: STA c0:cc:f8:ec:55:f8 IEEE 802.11: disassociated
Sun Sep 10 16:34:30 2017 daemon.info hostapd: wlan0: STA c0:cc:f8:ec:55:f8 IEEE 802.11: disassociated
I followed the same steps with a MIKROTEK router I have, and everything is working perfectly.
Does the raspberry pi 3 hardware have the possibility to create an access point using wpa2 enterprise?
Thanks.