WPA-Radius and freeradius2d
-
Hi,
I've installed the freeradius2 package in order to setup WPA-EAP authentification on an external wireless accesspoint, an Engenius ECB9500. I've setup usernames, clients and a listening interface. All EAP settings are default.
While I've been testing with radtest, the username seems to work fine. When the access point sends the query, I get an Authentication Refused.
Here are the logs: http://pastebin.com/KyzuVCbF
What have I done wrong?
Thanks in advance,
KarboN
-
-
Thanks for your help.
I had actually followed steps from section "PEAP and MSCHAPv2".
Also, the devices I tried authenticating were respectively using Ubuntu and Android. I don't think this problem is related to what's described on the FreeRadius Wiki.
-
Hi,
can you make sure that the server certificate for the RADIUS server is a "server" certificate and not a client certificate ?
Where did you create the certificate?
Did you select the CA and the server cert in freeradius –> EAP --> CERTIFICATES FOR TLS ?
If you created the certificate/CA on pfsense then you need to empty the "Private Key Password".Sometimes it works after clicking a second time on the "Save" button on the freeradius --> EAP page.
If your Linux/Android clients does not support PEAP + MSCHAPv2 then you should use some other mechanism than MSCHAPv5. Try with MD5. It's not a security problem because PEAP establishes a TLS tunnel and this is secure and it doesn't matter what is happening within the tunnel unless it is compatbile with your devices.