First off: I'm trying to configure FreeRadius on a Qnap TS-239 Pro. I'm using ipkg to install freeradius. I've installed version 2.0.5-2 of freeradius. I'm attempting to set the system up so that users on the Qnap unit (The Radius Server) can use the same username and password to connect to wireless.
So this is what I've done. I went into the the "users" file and added the following lines at the end of the file: ------------------------------------------------------------------------------------ DEFAULT Group=="Wireless_Users",Auth-type :=System Fall-Through = Yes ------------------------------------------------------------------------------------ At the end of the client.conf file I've added: ------------------------------------------------------------------------------------ client 192.168.1.183/32{ shortname ="WAP" secret = sharedsecret require_message_authenticator = no nastype = other } ------------------------------------------------------------------------------------ I went through and made the changes to the eap.conf that are listed in Section 3.2 of http://tldp.org/HOWTO/8021X-HOWTO/freeradius.html . Anyway, when I attempt to connect to wireless with my iPhone, I'm getting rejected. I was running radiusd with "radiusd -X", and this is the output ------------------------------------------------------------------------------------ rad_recv: Access-Request packet from host 192.168.1.183 port 1053, id=55, length=158 User-Name = "testuser" NAS-IP-Address = 192.168.1.183 NAS-Port = 0 Called-Station-Id = "68-7F-74-23-A5-AC:test" Calling-Station-Id = "90-27-E4-50-B3-1C" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0200000d017465737475736572 Message-Authenticator = 0xb20d3523b73d726b86875844f6da1c8f +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 0 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated users: Matched entry DEFAULT at line 202 ++[files] returns ok rad_check_password: Found Auth-Type System auth: type "System" +- entering group authenticate rlm_unix: Attribute "User-Password" is required for authentication. ++[unix] returns invalid auth: Failed to validate the user. Sending Access-Reject of id 55 to 192.168.1.183 port 1053 Finished request 11. Going to the next request Waking up in 4.9 seconds. ------------------------------------------------------------------------------------ If I enter "radtest testuser 123testing456 localhost 0 testing123" from the command line I receive: ------------------------------------------------------------------------------------ Sending Access-Request of id 98 to 127.0.0.1 port 1812 User-Name = "testuser" User-Password = "123testing456" NAS-IP-Address = 192.168.3.1 NAS-Port = 0 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=98, length=20 Radius -X Debugging shows: rad_recv: Access-Request packet from host 127.0.0.1 port 36011, id=98, length=60 User-Name = "testuser" User-Password = "123testing456" NAS-IP-Address = 192.168.3.1 NAS-Port = 0 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop users: Matched entry DEFAULT at line 202 ++[files] returns ok rad_check_password: Found Auth-Type System auth: type "System" +- entering group authenticate ++[unix] returns ok Sending Access-Accept of id 98 to 127.0.0.1 port 36011 Finished request 12. Going to the next request ------------------------------------------------------------------------------------ I know that my iPhone is attempting to do EAP, and I see that it is rejecting the authentication attempt because it doesn't have a User-Password attribute set. I'm sure I've got this configured wrong somehow. Any help will be very much appreciated. Thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html