Re: Trying to run hostapd as solely a stand-alone Radius server
In article <0bee8c6432b826c8139af27b4e0c0...@mail.bigjar.com>, jmitchelwrote: >On 2018-01-13 22:06, chris...@zoulas.com wrote: >> On Jan 13, 9:43pm, jmitc...@bigjar.com (jmitchel) wrote: >> -- Subject: Re: Trying to run hostapd as solely a stand-alone Radius >> server >> >> | And if I run hostapd with driver=bsd and my ethernet interface, I >> lose >> | my SSH connection and can no longer ping the interface. The machine >> is >> | still up and hostapd exits. >> >> I committed this on HEAD; try rebuilding it with: >> >> christos >> >> Index: Makefile >> === >> RCS file: /cvsroot/src/external/bsd/wpa/bin/hostapd/Makefile,v >> retrieving revision 1.10 >> diff -u -u -r1.10 Makefile >> --- Makefile21 Nov 2016 20:15:16 - 1.10 >> +++ Makefile14 Jan 2018 03:04:54 - >> @@ -47,6 +47,8 @@ >> # drivers >> SRCS+= \ >> driver_bsd.c \ >> +driver_none.c \ >> +driver_wired.c \ >> driver_common.c \ >> drivers.c >> >> @@ -117,6 +119,9 @@ >> CPPFLAGS+= -DCONFIG_CTRL_IFACE >> CPPFLAGS+= -DCONFIG_CTRL_IFACE_UNIX >> CPPFLAGS+= -DCONFIG_DRIVER_BSD >> +CPPFLAGS+= -DCONFIG_DRIVER_NONE >> +CPPFLAGS+= -DCONFIG_DRIVER_WIRED >> +CPPFLAGS+= -DCONFIG_DRIVER_WPA >> .if ${MKINET6} != "no" >> CPPFLAGS+= -DCONFIG_IPV6 >> .endif > >Thanks! hostapd runs now. But there's one problem remaining. The Radius >server only seems to be looking for encapsulated EAP requests. When I >try from a regular radius client, I get this message from hostapd (with >debugging turned on) > >RADIUS SRV: Received 116 bytes from A.B.C.D:58059 >RADIUS SRV: Creating a new session >RADIUS SRV: Matching user entry found >EAP: Server state machine created >RADIUS SRV: New session 0x0 initialized >RADIUS SRV: No EAP-Message in RADIUS packet from A.B.C.D > >Is there any way to use the Radius server in hostapd without sending an >encapsulated EAP request? The relevant code is: if (eap == NULL && sess->macacl) { reply = radius_server_macacl(data, client, sess, msg); if (reply == NULL) return -1; goto send_reply; } if (eap == NULL) { RADIUS_DEBUG("No EAP-Message in RADIUS packet from %s", from_addr); data->counters.packets_dropped++; client->counters.packets_dropped++; return -1; // You could put goto send_reply; here // but we need to fill the the packet before? } So if the session does not have a macacl (whatever that means) and there is no eap data then we fail. Can you see how it gets macacl? christos
Re: Trying to run hostapd as solely a stand-alone Radius server
On 2018-01-13 22:06, chris...@zoulas.com wrote: On Jan 13, 9:43pm, jmitc...@bigjar.com (jmitchel) wrote: -- Subject: Re: Trying to run hostapd as solely a stand-alone Radius server | And if I run hostapd with driver=bsd and my ethernet interface, I lose | my SSH connection and can no longer ping the interface. The machine is | still up and hostapd exits. I committed this on HEAD; try rebuilding it with: christos Index: Makefile === RCS file: /cvsroot/src/external/bsd/wpa/bin/hostapd/Makefile,v retrieving revision 1.10 diff -u -u -r1.10 Makefile --- Makefile21 Nov 2016 20:15:16 - 1.10 +++ Makefile14 Jan 2018 03:04:54 - @@ -47,6 +47,8 @@ # drivers SRCS+= \ driver_bsd.c \ +driver_none.c \ +driver_wired.c \ driver_common.c \ drivers.c @@ -117,6 +119,9 @@ CPPFLAGS+= -DCONFIG_CTRL_IFACE CPPFLAGS+= -DCONFIG_CTRL_IFACE_UNIX CPPFLAGS+= -DCONFIG_DRIVER_BSD +CPPFLAGS+= -DCONFIG_DRIVER_NONE +CPPFLAGS+= -DCONFIG_DRIVER_WIRED +CPPFLAGS+= -DCONFIG_DRIVER_WPA .if ${MKINET6} != "no" CPPFLAGS+= -DCONFIG_IPV6 .endif Thanks! hostapd runs now. But there's one problem remaining. The Radius server only seems to be looking for encapsulated EAP requests. When I try from a regular radius client, I get this message from hostapd (with debugging turned on) RADIUS SRV: Received 116 bytes from A.B.C.D:58059 RADIUS SRV: Creating a new session RADIUS SRV: Matching user entry found EAP: Server state machine created RADIUS SRV: New session 0x0 initialized RADIUS SRV: No EAP-Message in RADIUS packet from A.B.C.D Is there any way to use the Radius server in hostapd without sending an encapsulated EAP request? Thanks, Jason M.
Re: Trying to run hostapd as solely a stand-alone Radius server
On Jan 13, 9:43pm, jmitc...@bigjar.com (jmitchel) wrote: -- Subject: Re: Trying to run hostapd as solely a stand-alone Radius server | And if I run hostapd with driver=bsd and my ethernet interface, I lose | my SSH connection and can no longer ping the interface. The machine is | still up and hostapd exits. I committed this on HEAD; try rebuilding it with: christos Index: Makefile === RCS file: /cvsroot/src/external/bsd/wpa/bin/hostapd/Makefile,v retrieving revision 1.10 diff -u -u -r1.10 Makefile --- Makefile21 Nov 2016 20:15:16 - 1.10 +++ Makefile14 Jan 2018 03:04:54 - @@ -47,6 +47,8 @@ # drivers SRCS+= \ driver_bsd.c \ +driver_none.c \ +driver_wired.c \ driver_common.c \ drivers.c @@ -117,6 +119,9 @@ CPPFLAGS+= -DCONFIG_CTRL_IFACE CPPFLAGS+= -DCONFIG_CTRL_IFACE_UNIX CPPFLAGS+= -DCONFIG_DRIVER_BSD +CPPFLAGS+= -DCONFIG_DRIVER_NONE +CPPFLAGS+= -DCONFIG_DRIVER_WIRED +CPPFLAGS+= -DCONFIG_DRIVER_WPA .if ${MKINET6} != "no" CPPFLAGS+= -DCONFIG_IPV6 .endif
Re: Trying to run hostapd as solely a stand-alone Radius server
On 2018-01-13 07:21, chris...@astron.com wrote: In article <7c6a79ab05e9fdd22e449d63d7cb1...@mail.bigjar.com>, jmitchelwrote: Hello, I'm trying to run hostapd as a standalone Radius server without any of the wireless functionality. /usr/src/external/bsd/wpa/dist/hostapd/hostapd.conf has the following: # Driver interface type (hostap/wired/madwifi/test/none/nl80211/bsd); # default: hostap). nl80211 is used with all Linux mac80211 drivers. # Use driver=none if building hostapd as a standalone RADIUS server that does # not control any wireless/wired driver. # driver=hostap But the only option for driver that doesn't cause hostapd to generate an error on startup is bsd, and you have to supply a physical interface (not lo0) which stops working when you run hostapd. I'm running NetBSD 6.1.5 on port-i386. As a test I'm running on a full installation of NetBSD, but the target is an embedded appliance. Is there a way to disable the wireless portion of things and still have a functioning radius server? Sorry if this is the wrong group. If so, please let me know where I should send this to. Thanks, Jason M. P.S. Please copy me on any replies, I'm not subscribed to netbsd-users. Thanks again! Have you tried driver=test? christos Yes, I tried them all. The only one that doesn't cause hostapd to exit with an error is bsd. quantumleap:/home/jmitchel/temp# hostapd /home/jmitchel/temp/hostapd.conf Configuration file: /home/jmitchel/temp/hostapd.conf Line 9: invalid/unknown driver 'test' 1 errors found in configuration file '/home/jmitchel/temp/hostapd.conf' quantumleap:/home/jmitchel/temp# hostapd /home/jmitchel/temp/hostapd.conf Configuration file: /home/jmitchel/temp/hostapd.conf Line 9: invalid/unknown driver 'none' 1 errors found in configuration file '/home/jmitchel/temp/hostapd.conf' quantumleap:/home/jmitchel/temp# hostapd /home/jmitchel/temp/hostapd.conf Configuration file: /home/jmitchel/temp/hostapd.conf Line 9: invalid/unknown driver 'hostap' 1 errors found in configuration file '/home/jmitchel/temp/hostapd.conf' quantumleap:/home/jmitchel/temp# hostapd /home/jmitchel/temp/hostapd.conf Configuration file: /home/jmitchel/temp/hostapd.conf Line 9: invalid/unknown driver 'wired' 1 errors found in configuration file '/home/jmitchel/temp/hostapd.conf' quantumleap:/home/jmitchel/temp# hostapd /home/jmitchel/temp/hostapd.conf Configuration file: /home/jmitchel/temp/hostapd.conf Line 9: invalid/unknown driver 'madwifi' 1 errors found in configuration file '/home/jmitchel/temp/hostapd.conf' quantumleap:/home/jmitchel/temp# hostapd /home/jmitchel/temp/hostapd.conf Configuration file: /home/jmitchel/temp/hostapd.conf Line 9: invalid/unknown driver 'nl80211' 1 errors found in configuration file '/home/jmitchel/temp/hostapd.conf' And if I run hostapd with driver=bsd and my ethernet interface, I lose my SSH connection and can no longer ping the interface. The machine is still up and hostapd exits. Thanks, Jason M.
Re: Trying to run hostapd as solely a stand-alone Radius server
In article <7c6a79ab05e9fdd22e449d63d7cb1...@mail.bigjar.com>, jmitchelwrote: >Hello, > >I'm trying to run hostapd as a standalone Radius server without any of >the wireless functionality. >/usr/src/external/bsd/wpa/dist/hostapd/hostapd.conf has the following: > ># Driver interface type (hostap/wired/madwifi/test/none/nl80211/bsd); ># default: hostap). nl80211 is used with all Linux mac80211 drivers. ># Use driver=none if building hostapd as a standalone RADIUS server that >does ># not control any wireless/wired driver. ># driver=hostap > >But the only option for driver that doesn't cause hostapd to generate an >error on startup is bsd, and you have to supply a physical interface >(not lo0) which stops working when you run hostapd. > >I'm running NetBSD 6.1.5 on port-i386. As a test I'm running on a full >installation of NetBSD, but the target is an embedded appliance. > >Is there a way to disable the wireless portion of things and still have >a functioning radius server? Sorry if this is the wrong group. If so, >please let me know where I should send this to. > >Thanks, > >Jason M. > >P.S. Please copy me on any replies, I'm not subscribed to netbsd-users. >Thanks again! Have you tried driver=test? christos
Trying to run hostapd as solely a stand-alone Radius server
Hello, I'm trying to run hostapd as a standalone Radius server without any of the wireless functionality. /usr/src/external/bsd/wpa/dist/hostapd/hostapd.conf has the following: # Driver interface type (hostap/wired/madwifi/test/none/nl80211/bsd); # default: hostap). nl80211 is used with all Linux mac80211 drivers. # Use driver=none if building hostapd as a standalone RADIUS server that does # not control any wireless/wired driver. # driver=hostap But the only option for driver that doesn't cause hostapd to generate an error on startup is bsd, and you have to supply a physical interface (not lo0) which stops working when you run hostapd. I'm running NetBSD 6.1.5 on port-i386. As a test I'm running on a full installation of NetBSD, but the target is an embedded appliance. Is there a way to disable the wireless portion of things and still have a functioning radius server? Sorry if this is the wrong group. If so, please let me know where I should send this to. Thanks, Jason M. P.S. Please copy me on any replies, I'm not subscribed to netbsd-users. Thanks again!