1

I've set my Raspberry Pi 4 to be an Access Point, but now I need it to authenticate in a freeRadius server that I set in my machine but it is not working. The problem is for sure in the hostapd.conf file in the RaspberryPi, because when I try to connect to the Access Point, it won't let me, and nothing shows up in the freeRADIUS server log. My hostapd.conf file is set like this:

   country_code=PT
   interface=wlan0
   ssid=AccessPointTest
   hw_mode=g
   channel=7
   # 2 --> for the use of and external RADIUS server
   macaddr_act=2

   auth_algs=1
   ignore_broadcast_ssid=0

   own_ip_address=127.0.0.1
   #RADIUS authentication server
   auth_server_addr=10.0.2.15
   auth_server_port=1812
   auth_server_shared_secret=radiuspass2020

   wpa=2

   wpa_key_mgmt=WPA-EAP
   #2 --> required; reject authentication if RADIUS server does not include Tunnel-Password
   wpa_psk_radius=2

UPDATE with info from a comment:
in my Radius server config I created a client with the IP address of the RasPi. and in the hostapd.conf file I pointed the "auth_server_addr=10.0.2.15" which is the Radius Server IP Address, do I need anything more than that to connect to the server?

Ingo
  • 40,606
  • 15
  • 76
  • 189
Tomás Vicente
  • 11
  • 1
  • 1
    Have you verified that the Pi can reach that IP address/port ? If you have nmap installed on the Pi the command to check would be: `nmap -n -p 1812 10.0.2.15`. The most basic check otherwise would be to ping the IP address and make sure it responds. – Kate Dec 06 '20 at 20:23
  • You have an access point on the RasPi and a Radius server on your machine. To authenticate the RasPi on the Radius server you need a connection to it. The AP does not connect to your machine. How do you connect to it? – Ingo Dec 07 '20 at 11:15
  • Ingo, in my Radius server config I created a client with the IP address of the RasPi. and in the hostapd.conf file I pointed the "auth_server_addr=10.0.2.15" which is the Radius Server IP Address, do I need anything more than that to connect to the server? – Tomás Vicente Dec 07 '20 at 23:11

1 Answers1

2

I haven't used hostapd with Radius as yet but for my understanding hostapd is only used to create an access point. It will not create a client connection to your machine with the Radius server only by specifying its ip address in hostapd.conf. That is only to know where the Radius server is located on the network. You have to ensure a connection from the RasPi to the Radius server.

If possible you can use a wired connection with an ethernet cable from the RasPi to the Radius server. This usually works out of the box and may only need some routing and/or ip forwarding setup on the RasPi.

If you must connect by WiFi to the Radius server then you can use the Access point as WiFi router/repeater. Don't setup the bridge. You don't need it. The setup also uses hostapd so you should be able to additional define the Radius server in its hostapd.conf.

Test the connection with ping from the RasPi. You must get replies, something like this:

rpi ~$ ping -c3 10.0.2.15
PING 10.0.2.15 (10.0.2.15) 56(84) bytes of data.
64 bytes from 10.0.2.15: icmp_seq=1 ttl=64 time=0.407 ms
64 bytes from 10.0.2.15: icmp_seq=2 ttl=64 time=0.436 ms
64 bytes from 10.0.2.15: icmp_seq=3 ttl=64 time=0.447 ms

--- 10.0.2.15 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 43ms
rtt min/avg/max/mdev = 0.407/0.430/0.447/0.016 ms

It may also be required to enable ip forwarding. If so then in /etc/sysctl.conf just

# Uncoment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1

and reboot.

Ingo
  • 40,606
  • 15
  • 76
  • 189
  • So, I've connected the RasPi to the Radius server with and ethernet cable, and it pings just fine, it shows like yours did. But when I try to connect to the AP in my computer or in my Mobile phone, it automatically pops up a notification saying that it is not possible to connect to that ... – Tomás Vicente Dec 10 '20 at 11:46
  • So I must think that the RasPi is not authenticating in the radius server, where there is a user and a client already configured. It does not show anything in the tail log, so it is not even trying to authenticate there... If it pings, the problem must be in the hostapd.conf file I bet... – Tomás Vicente Dec 10 '20 at 12:09
  • One thing that I noticed is that I can ping from the RasPi to the port of the server and to the server but I can't ping the AP from the Server... I can ping the port it is connected to (169.254.73.11) but can't ping the AP ip address, which is 192.168.4.1 – Tomás Vicente Dec 10 '20 at 12:28
  • @TomásVicente Seems you have enable ip forwarding. I have updated the answer at the end. Then you should be able to ping the APs ip address 192.168.4.1 from the Radius server. – Ingo Dec 10 '20 at 21:56