WPA-Radius and freeradius2d

  • Hi,

    I've installed the freeradius2 package in order to setup WPA-EAP authentification on an external wireless accesspoint, an Engenius ECB9500.  I've setup usernames, clients and a listening interface.  All EAP settings are default.

    While I've been testing with radtest, the username seems to work fine.  When the access point sends the query, I get an Authentication Refused.

    Here are the logs: http://pastebin.com/KyzuVCbF

    What have I done wrong?

    Thanks in advance,


  • Thanks for your help.

    I had actually followed steps from section "PEAP and MSCHAPv2".

    Also, the devices I tried authenticating were respectively using Ubuntu and Android.  I don't think this problem is related to what's described on the FreeRadius Wiki.

  • Hi,

    can you make sure that the server certificate for the RADIUS server is a "server" certificate and not a client certificate ?
    Where did you create the certificate?
    Did you select the CA and the server cert in freeradius –> EAP --> CERTIFICATES FOR TLS ?
    If you created the certificate/CA on pfsense then you need to empty the "Private Key Password".

    Sometimes it works after clicking a second time on the "Save" button on the freeradius --> EAP page.

    If your Linux/Android clients does not support PEAP + MSCHAPv2 then you should use some other mechanism than MSCHAPv5. Try with MD5. It's not a security problem because PEAP establishes a TLS tunnel and this is secure and it doesn't matter what is happening within the tunnel unless it is compatbile with your devices.

Log in to reply