hi everybody, i use debian sarge, madwifi-ng-r1457, hostapd 0.4.8 and freeradius 1.1, i want to use eap-tls, is there any special configuration or patch should be applied to any of this programs to get them work? i tried configurations from madwifi users docs and many tutorials, but nothing works. simply clients cann't authenticate, always get: Access-Reject. these are my conf files:
MADWIFI: modprobe ath_pci autocreate=ap wlanconfig ath0 create wlandev wifi0 wlanmode ap ifconfig ath0 up iwpriv ath0 mode 3 iwconfig ath0 essid MYWLAN iwconfig ath0 channel 2 iwconfig ath0 bitrate 54M iwconfig ath0 frag 512 iwconfig ath0 rts 250 iwpriv ath0 ar 1 echo 1 > /proc/sys/net/ipv4/ip_forward /etc/init.d/networking restart IPTABLES=/sbin/iptables $IPTABLES -F -t nat $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE /etc/init.d/dhcp stop /etc/init.d/dhcp start DHCP: subnet 192.168.10.0 netmask 255.255.255.0 { range 192.168.10.2 192.168.10.30; option subnet-mask 255.255.255.0; option broadcast-address 192.168.10.255; default-lease-time 600; max-lease-time 7200; } HOSTAPD: interface=ath0 driver=madwifi logger_syslog=-1 logger_syslog_level=2 logger_stdout=-1 logger_stdout_level=2 debug=4 dump_file=/tmp/hostapd.dump ctrl_interface=/var/run/hostapd ctrl_interface_group=0 ssid=MYWLAN macaddr_acl=0 auth_algs=3 ieee8021x=1 eap_message=hello eapol_key_index_workaround=0 own_ip_addr=127.0.0.1 nas_identifier=www.server.com auth_server_addr=127.0.0.1 auth_server_port=1812 auth_server_shared_secret=whatever acct_server_addr=127.0.0.1 acct_server_port=1813 acct_server_shared_secret=whatever wpa=1 wpa_key_mgmt=WPA-EAP wpa_pairwise=TKIP wpa_strict_rekey=1 wpa_gmk_rekey=86400 DEFAULT HOSTAPD: #RUN_DAEMON=yes RADIUS USERS: "pupis" DEFAULT Auth-Type = System Fall-Through = 1 here i tried too: DEFAULT Auth-Type = EAP Fall-Through = 1 each one alone, and together. RADIUS CLIENTS.CONF: client 127.0.0.1 { secret = whatever shortname = www.server.com } RADIUS EAP.CONF: default_eap_type = tls tls { certificate_file = ${raddbdir}/certs/cert-srv.pem CA_file = ${raddbdir}/certs/demoCA/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random } when i run, get this: hostapd logs: Sending RADIUS message to accounting server RADIUS message: code=4 (Accounting-Request) identifier=0 length=88 Attribute 40 (Acct-Status-Type) length=6 Value: 7 Attribute 45 (Acct-Authentic) length=6 Value: 1 Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 32 (NAS-Identifier) length=14 Value: 'www.server.com' Attribute 30 (Called-Station-Id) length=30 Value: '00-0F-66-11-C1-97:MYWLAN' Attribute 49 (Acct-Terminate-Cause) length=6 Value: 11 Next RADIUS client retransmit in 3 seconds Flushing old station entries running locally radtest: radtest pupis whatever localhost 0 whatever Sending Access-Request of id 178 to 127.0.0.1 port 1812 User-Name = "pupis" User-Password = "whatever" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=178, length=20 by the way, i cann't run radclient or radeapclient, when use it, don't get any response. but now, winxp clients don't detect this wlan as activated with wpa, only wlan without security, and don't get any ip direction, even i'm using dhcp. if i don't run radius and hostapd then client do get ip direction and can use wlan. so, my question again is, what should i do to get eap-tls working?? i heard that may be this won't work with debian, could it be a possible explanation?? i'm really tired , i tried everything i think, and don't know what more should do. thanks in advance for your patience. _______________________________________________________________ Halloween Humour: What kind of girl does a mummy go out with? postmaster.co.uk http://www.postmaster.co.uk/cgi-bin/meme/quiz.pl?id=154 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html