First a bit of background: I've been tinkering with this on and off for a few days and it's getting frustrating. I've got a NetGear r6300 loaded up with DD-WRT v24/SP2 Giga and I've configured SSH to log into the console.
I'm trying (and failing) to set up WPA2 Enterprise Wi-Fi for which I'm using the built in version of FreeRadius. I've got Ubuntu 13.04 on my local computer.
- I've configured FreeRadius, the Radius and Wireless Security information via the GUI on the router.
- I've successfully tested user authentication with radtest from the SSH console
- I've downloaded the ca.pem certificate from the /etc/freeradius/certs folder
- I've downloaded the TestUser-cert.P12, TestUser-cert.pem, TestUser-key.pem, TestUser-req.pem certificates from the /etc/freeradius/certs/clients folder
Here are my router settings:
Services/FreeRadius
Server Certificate:
- Country Code: CA
- State or Province: Ontario
- Locality: Toronto
- Organization / Company: Test Company
- Email Address: info@testcompany.com
- Common Certificate Name: Test Radius Certificate
- Expires: 365 days
- Passphrase: TestCertificatePassphrase
Settings
- Radius Port: 1812
Clients:
- 127.0.0.1 TestRadiusSharedSecret
- 192.168.1.0 TestRadiusSharedSecret
Users:
- User 1
- Username: TestUser1
- Password: TestPassword
- Downspeed: 9999999
- Upseed: 9999999
- Expires (Days): 365
- Enabled: Checked
Wireless/Wireless Security
- Security Mode: WPA2 Enterprise
- WPA Algorithms: TKIP+AES
- Radius Server Address: 127.0.0.1
- Radius Auth Port: 1812
- Radius Shared Secret: TestRadiusSharedSecret
- Key Renewal: 3600
Wireless/Radius
- MAC Radius Client: Enable
- MAC Format: aabbccddeeff
- Radius Auth Server Address: 127.0.0.1
- Radius Auth Server Port: 1812
- Maximum Unauthenticated Users: 0
- Password Format: Shared Key
- Radius Auth Shared Secret: TestRadiusSharedSecret
From the SSH console I get the following output from RadTest:
$radtest TestUser1 TestPassword 127.0.0.1 0 TestRadiusSharedSecret
Sending Access-Request of id 231 to 127.0.0.1 port 1812
User-Name = "TestUser1"
User-Password = "TestPassword"
NAS-IP-Address = 192.168.1.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=231, length=68
WISPr-Bandwidth-Max-Down = 1650064384
RP-Downstream-Speed-Limit = 9999999
WISPr-Bandwidth-Max-Up = 1650064384
RP-Upstream-Speed-Limit = 9999999
When I run radiusd -d /jffs/etc/freeradius -X from the console and attempt to connect my machine to the Wi-Fi with the following settings:
the connection fails...
From the exerpt from the log, I glean that it's something relating to the SharedSecret between my Radius client and FreeRadius, but I can't figure out what or why because the shared secret is the same in the Radius client and the FreeRadius configurations...
rad_recv: Access-Request packet from host 127.0.0.1 port 37619, id=6, length=80
User-Name = "c48508cf0a6c"
NAS-Port = 1
NAS-Port-Type = Wireless-802.11
User-Password = "TestRadiusSharedSecret"
# Executing section authorize from file /jffs/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[mschap] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
Login incorrect: [c48508cf0a6c/TestRadiusSharedSecret] (from client DD-WRT-RADIUS port 1)
Using Post-Auth-Type REJECT
WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action.
Delaying reject of request 3 for 1 seconds
Going to the next request
Here is the full Radius log for the wi-fi connection attempt
It seems like I'm missing something, but I'm unsure what that could be. Can anyone see what I might be missing?
