Have you tried reading this:
http://madwifi.org/wiki/UserDocs/WPA_PSK_on_Both_Ends
and this:
http://madwifi.org/wiki/UserDocs/HostAP
I never used them before, but hopefully those will help you ?
On 3/12/06, Pelusa Vali <pelusitavali@...> wrote:
>
> hi everybody, i use debian sarge, madwifi-ng-r1457, hostapd 0.4.8 and
> freeradius 1.1, i want to use eap-tls, is there any special configuration
> or patch should be applied to any of this programs to get them work? i tr=
ied
> configurations from madwifi users docs and many tutorials, but nothing
> works. simply clients cann't authenticate, always get: Access-Reject.
> these are my conf files:
>
> MADWIFI:
>
> modprobe ath_pci autocreate=3Dap
> wlanconfig ath0 create wlandev wifi0 wlanmode ap
> ifconfig ath0 up
> iwpriv ath0 mode 3
> iwconfig ath0 essid MYWLAN
> iwconfig ath0 channel 2
> iwconfig ath0 bitrate 54M
> iwconfig ath0 frag 512
> iwconfig ath0 rts 250
> iwpriv ath0 ar 1
> echo 1 > /proc/sys/net/ipv4/ip_forward
> /etc/init.d/networking restart
> IPTABLES=3D/sbin/iptables
> $IPTABLES -F -t nat
> $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE
> /etc/init.d/dhcp stop
> /etc/init.d/dhcp start
>
> DHCP:
> subnet 192.168.10.0 netmask 255.255.255.0 {
> range 192.168.10.2 192.168.10.30;
> option subnet-mask 255.255.255.0;
> option broadcast-address 192.168.10.255;
> default-lease-time 600;
> max-lease-time 7200;
> }
>
> HOSTAPD:
> interface=3Dath0
> driver=3Dmadwifi
> logger_syslog=3D-1
> logger_syslog_level=3D2
> logger_stdout=3D-1
> logger_stdout_level=3D2
> debug=3D4
> dump_file=3D/tmp/hostapd.dump
> ctrl_interface=3D/var/run/hostapd
> ctrl_interface_group=3D0
> ssid=3DMYWLAN
> macaddr_acl=3D0
> auth_algs=3D3
> ieee8021x=3D1
> eap_message=3Dhello
> eapol_key_index_workaround=3D0
> own_ip_addr=3D127.0.0.1
> nas_identifier=3Dwww.server.com
> auth_server_addr=3D127.0.0.1
> auth_server_port=3D1812
> auth_server_shared_secret=3Dwhatever
> acct_server_addr=3D127.0.0.1
> acct_server_port=3D1813
> acct_server_shared_secret=3Dwhatever
> wpa=3D1
> wpa_key_mgmt=3DWPA-EAP
> wpa_pairwise=3DTKIP
> wpa_strict_rekey=3D1
> wpa_gmk_rekey=3D86400
>
> DEFAULT HOSTAPD:
> #RUN_DAEMON=3Dyes
>
> RADIUS USERS:
> "pupis"
> DEFAULT Auth-Type =3D System
> Fall-Through =3D 1
>
> here i tried too: DEFAULT Auth-Type =3D EAP
> Fall-Through =3D 1
>
> each one alone, and together.
>
> RADIUS CLIENTS.CONF:
> client 127.0.0.1 {
> secret =3D whatever
> shortname =3D http://www.server.com
> }
>
> RADIUS EAP.CONF:
> default_eap_type =3D tls
> tls {
> certificate_file =3D ${raddbdir}/certs/cert-srv.pem
> CA_file =3D ${raddbdir}/certs/demoCA/cacert.pem
> dh_file =3D ${raddbdir}/certs/dh
> random_file =3D ${raddbdir}/certs/random
> }
>
> when i run, get this:
>
> hostapd logs:
> Sending RADIUS message to accounting server
> RADIUS message: code=3D4 (Accounting-Request) identifier=3D0 length=3D88
> Attribute 40 (Acct-Status-Type) length=3D6
> Value: 7
> Attribute 45 (Acct-Authentic) length=3D6
> Value: 1
> Attribute 4 (NAS-IP-Address) length=3D6
> Value: 127.0.0.1
> Attribute 32 (NAS-Identifier) length=3D14
> Value: 'www.server.com'
> Attribute 30 (Called-Station-Id) length=3D30
> Value: '00-0F-66-11-C1-97:MYWLAN'
> Attribute 49 (Acct-Terminate-Cause) length=3D6
> Value: 11
> Next RADIUS client retransmit in 3 seconds
> Flushing old station entries
>
> running locally radtest:
>
> radtest pupis whatever localhost 0 whatever
> Sending Access-Request of id 178 to 127.0.0.1 port 1812
> User-Name =3D "pupis"
> User-Password =3D "whatever"
> NAS-IP-Address =3D 255.255.255.255
> NAS-Port =3D 0
> rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=3D178, length=
=3D20
>
> by the way, i cann't run radclient or radeapclient, when use it, don't ge=
t
> any response.
>
> but now, winxp clients don't detect this wlan as activated with wpa, only
> wlan without security, and don't get any ip direction, even i'm using
> dhcp. if i don't run radius and hostapd then client do get ip direction =
and
> can use wlan.
>
> so, my question again is, what should i do to get eap-tls working?? i
> heard that may be this won't work with debian, could it be a possible
> explanation?? i'm really tired , i tried everything i think, and don't k=
now
> what more should do.
> thanks in advance for your patience.
>
>
> _______________________________________________________________
> Halloween Humour: What kind of girl does a mummy go out with?
>
> postmaster.co.uk
> http://www.postmaster.co.uk/cgi-bin/meme/quiz.pl?id=3D154
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting
> language
> that extends applications into web and mobile media. Attend the live
> webcast
> and join the prime developer group breaking into this new coding
> territory!
> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D110944&bid=3D241720&dat=
=3D121642
> _______________________________________________
> Madwifi-users mailing list
> Madwifi-users@...
> https://lists.sourceforge.net/lists/listinfo/madwifi-users
>
|