Re: Trying to run hostapd as solely a stand-alone Radius server

To: netbsd-users%netbsd.org@localhost
Subject: Re: Trying to run hostapd as solely a stand-alone Radius server
From: christos%astron.com@localhost (Christos Zoulas)
Date: Fri, 19 Jan 2018 12:55:07 +0000 (UTC)

In article <0bee8c6432b826c8139af27b4e0c0582%mail.bigjar.com@localhost>,
jmitchel  <jmitchel%bigjar.com@localhost> wrote:
>On 2018-01-13 22:06, christos%zoulas.com@localhost wrote:
>> On Jan 13,  9:43pm, jmitchel%bigjar.com@localhost (jmitchel) wrote:
>> -- Subject: Re: Trying to run hostapd as solely a stand-alone Radius 
>> server
>> 
>> | And if I run hostapd with driver=bsd and my ethernet interface, I 
>> lose
>> | my SSH connection and can no longer ping the interface. The machine 
>> is
>> | still up and hostapd exits.
>> 
>> I committed this on HEAD; try rebuilding it with:
>> 
>> christos
>> 
>> Index: Makefile
>> ===================================================================
>> RCS file: /cvsroot/src/external/bsd/wpa/bin/hostapd/Makefile,v
>> retrieving revision 1.10
>> diff -u -u -r1.10 Makefile
>> --- Makefile    21 Nov 2016 20:15:16 -0000      1.10
>> +++ Makefile    14 Jan 2018 03:04:54 -0000
>> @@ -47,6 +47,8 @@
>>  # drivers
>>  SRCS+= \
>>  driver_bsd.c \
>> +driver_none.c \
>> +driver_wired.c \
>>  driver_common.c \
>>  drivers.c
>> 
>> @@ -117,6 +119,9 @@
>>  CPPFLAGS+= -DCONFIG_CTRL_IFACE
>>  CPPFLAGS+= -DCONFIG_CTRL_IFACE_UNIX
>>  CPPFLAGS+= -DCONFIG_DRIVER_BSD
>> +CPPFLAGS+= -DCONFIG_DRIVER_NONE
>> +CPPFLAGS+= -DCONFIG_DRIVER_WIRED
>> +CPPFLAGS+= -DCONFIG_DRIVER_WPA
>>  .if ${MKINET6} != "no"
>>  CPPFLAGS+= -DCONFIG_IPV6
>>  .endif
>
>Thanks! hostapd runs now. But there's one problem remaining. The Radius 
>server only seems to be looking for encapsulated EAP requests. When I 
>try from a regular radius client, I get this message from hostapd (with 
>debugging turned on)
>
>RADIUS SRV: Received 116 bytes from A.B.C.D:58059
>RADIUS SRV: Creating a new session
>RADIUS SRV: Matching user entry found
>EAP: Server state machine created
>RADIUS SRV: New session 0x0 initialized
>RADIUS SRV: No EAP-Message in RADIUS packet from A.B.C.D
>
>Is there any way to use the Radius server in hostapd without sending an 
>encapsulated EAP request?

The relevant code is:


        if (eap == NULL && sess->macacl) {
                reply = radius_server_macacl(data, client, sess, msg);
                if (reply == NULL)
                        return -1;
                goto send_reply;
        }       
        if (eap == NULL) {   
                RADIUS_DEBUG("No EAP-Message in RADIUS packet from %s",
                             from_addr);
                data->counters.packets_dropped++;  
                client->counters.packets_dropped++;
		return -1;	// You could put goto send_reply; here
				// but we need to fill the the packet before?
        }       


So if the session does not have a macacl (whatever that means) and there
is no eap data then we fail. Can you see how it gets macacl?

christos

References:
- Re: Trying to run hostapd as solely a stand-alone Radius server
  - From: Christos Zoulas
- Re: Trying to run hostapd as solely a stand-alone Radius server
  - From: jmitchel

Prev by Date: NetBSD/evbarm 7.1.1 (armv7.img) not able to load device mapper module
Next by Date: Re: NetBSD/evbarm 7.1.1 (armv7.img) not able to load device mapper module
Previous by Thread: Re: Trying to run hostapd as solely a stand-alone Radius server
Next by Thread: Doing the impossible, or porting NetBSD to the X5000
Indexes:

Home | Main Index | Thread Index | Old Index