-5.8 C
New York
Sunday, March 2, 2025
HomeComputer Networking
Computer Networking

radius – wpa_supplicant + hostapd + freeradius in a 3 VM topology for authentication vi EAP-TLS

By codesanitize
0
1
radius – wpa_supplicant + hostapd + freeradius in a 3 VM topology for authentication vi EAP-TLS


As a part of my thesis, I have to recreate a EAP-TLS topology (for an preliminary proof of idea), and I am utilizing Vagrant to set it up with the Authentication Server, the Authenticator and one Supplicant all being completely different VMs (see picture).

EAP-TLS Topology

This situation emulates and all wired topology, and I presently imagine to be configuring the freeRadius server accurately, however I am having points with hostapd and wpa_supplicant.

Hostapd

My present hostapd configuration is

interface=enp0s10
driver=wired
ctrl_interface=/var/run/hostapd
ctrl_interface_group=vagrant

logger_syslog=-1
logger_syslog_level=0

ieee8021x=1 
own_ip_addr=192.168.58.100

auth_server_addr=192.168.58.1
auth_server_port=1812
auth_server_shared_secret=smOYuqU0

And I am working by issuing the command: sudo ./hostapd -tvdd ./hostapd.conf

wpa_supplicant

My wpa_supplicant present configuration is

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=vagrant
eapol_version=2
ap_scan=0

community={
    ssid="wired"
    key_mgmt=IEEE8021X
    eap=TLS

    id="[email protected]"
    ca_cert="/certs/ca.pem"
    private_key="/certs/consumer.p12"
    private_key_passwd="smOYuqU0"

    eapol_flags=0
}

I am working it by issuing the next command: sudo wpa_supplicant -tKdd -ienp0s8 -Dwired -c./wpa_supplicant.conf

Notes

  • I’ve a synced folder between all of the VM’s to allow them to all entry the certificates generated by freeRadius, so I do know the certificates are appropriate
  • For this preliminary stage, the consumer secret and the certificates passwords are the identical: 123isbad
  • Though Vagrant wants an IP task in its script with a view to create a community interface, after that I am deleting the IP handle within the community interface of the supplicant so it leaves a clear interface.

Debug logs

hostapd

hostapd v2.12-devel-hostap_2_11-731-gf85a79cea
Consumer house daemon for IEEE 802.11 AP administration,
IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
Copyright (c) 2002-2024, Jouni Malinen <[email protected]> and contributors

Hostapd isn’t giving me something by way of debugging, which is one thing that worries me rather a lot.

wpa_supplicant

1740762735.128586: wpa_supplicant v2.10
1740762735.128836: random: getrandom() help accessible
1740762735.128886: Efficiently initialized wpa_supplicant
1740762735.128945: Initializing interface 'enp0s8' conf './wpa_supplicant.conf' driver 'wired' ctrl_interface 'N/A' bridge 'N/A'
1740762735.129000: Configuration file './wpa_supplicant.conf' -> '/dwelling/vagrant/./wpa_supplicant.conf'
1740762735.129051: Studying configuration file '/dwelling/vagrant/./wpa_supplicant.conf'
1740762735.129142: ctrl_interface="DIR=/var/run/wpa_supplicant GROUP=vagrant"
1740762735.129197: eapol_version=2
1740762735.129245: ap_scan=0
1740762735.129288: Line: 5 - begin of a brand new community block
1740762735.129331: ssid - hexdump_ascii(len=5):
     77 69 72 65 64                                    wired           
1740762735.129429: key_mgmt: 0x8
1740762735.129474: eap strategies - hexdump(len=16): 00 00 00 00 0d 00 00 00 00 00 00 00 00 00 00 00
1740762735.129518: id - hexdump_ascii(len=16):
     75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67   [email protected]
1740762735.129618: ca_cert - hexdump_ascii(len=13):
     2f 63 65 72 74 73 2f 63 61 2e 70 65 6d            /certs/ca.pem   
1740762735.129715: private_key - hexdump_ascii(len=17):
     2f 63 65 72 74 73 2f 63 6c 69 65 6e 74 2e 70 31   /certs/consumer.p1
     32                                                2               
1740762735.129843: private_key_passwd - hexdump_ascii(len=8):
     73 6d 4f 59 75 71 55 30                           smOYuqU0        
1740762735.129933: eapol_flags=0 (0x0)
1740762735.129981: Precedence group 0
1740762735.130024:    id=0 ssid='wired'
1740762735.130601: driver_wired_init_common: Added multicast membership with packet socket
1740762735.130681: Add interface enp0s8 to a brand new radio N/A
1740762735.130816: enp0s8: Personal MAC handle: 08:00:27:9c:77:0d
1740762735.130882: enp0s8: RSN: flushing PMKID checklist within the driver
1740762735.130940: enp0s8: Setting scan request: 0.100000 sec
1740762735.130995: TDLS: TDLS operation not supported by driver
1740762735.138985: TDLS: Driver makes use of inner hyperlink setup
1740762735.139079: TDLS: Driver doesn't help TDLS channel switching
1740762735.140454: enp0s8: WPS: UUID based mostly on MAC handle: d1654e20-780c-5bba-b9b1-c9c5530e5b3a
1740762735.143041: ENGINE: Loading builtin engines
1740762735.143369: ENGINE: Loading builtin engines
1740762735.143459: EAPOL: SUPP_PAE coming into state DISCONNECTED
1740762735.143526: EAPOL: Supplicant port standing: Unauthorized
1740762735.143580: EAPOL: KEY_RX coming into state NO_KEY_RECEIVE
1740762735.143642: EAPOL: SUPP_BE coming into state INITIALIZE
1740762735.143692: EAP: EAP coming into state DISABLED
1740762735.143853: ctrl_interface_group=1000 (from group identify 'vagrant')
1740762735.143935: MBO: Replace non-preferred channels, non_pref_chan=N/A
1740762735.143994: enp0s8: Added interface enp0s8
1740762735.144048: enp0s8: State: DISCONNECTED -> DISCONNECTED
1740762735.231132: EAPOL: Exterior notification - EAP success=0
1740762735.231280: EAPOL: Exterior notification - EAP fail=0
1740762735.231324: EAPOL: Exterior notification - portControl=Auto
1740762735.231370: enp0s8: Already related to a configured community - producing related occasion
1740762735.231422: enp0s8: Occasion ASSOC (0) obtained
1740762735.231465: enp0s8: Affiliation information occasion
1740762735.231518: enp0s8: State: DISCONNECTED -> ASSOCIATED
1740762735.231560: enp0s8: Related to a brand new BSS: BSSID=01:80:c2:00:00:03
1740762735.231602: enp0s8: Choose community based mostly on affiliation data
1740762735.231641: enp0s8: Community configuration discovered for the present AP
1740762735.231681: enp0s8: WPA: clearing AP WPA IE
1740762735.231723: enp0s8: WPA: clearing AP RSN IE
1740762735.231763: enp0s8: WPA: clearing AP RSNXE
1740762735.231802: enp0s8: WPA: clearing personal WPA/RSN IE
1740762735.231904: enp0s8: RSN: clearing personal RSNXE
1740762735.231945: enp0s8: Didn't get scan outcomes
1740762735.231984: EAPOL: Exterior notification - EAP success=0
1740762735.232024: EAPOL: Exterior notification - EAP fail=0
1740762735.232061: EAPOL: Exterior notification - portControl=Auto
1740762735.232104: enp0s8: Related to 01:80:c2:00:00:03
1740762735.232149: enp0s8: WPA: Affiliation occasion - clear replay counter
1740762735.232188: enp0s8: WPA: Clear previous PTK
1740762735.232226: TDLS: Take away friends on affiliation
1740762735.232267: EAPOL: Exterior notification - portEnabled=0
1740762735.232305: EAPOL: Exterior notification - portValid=0
1740762735.232349: EAPOL: Exterior notification - portEnabled=1
1740762735.232395: EAPOL: SUPP_PAE coming into state CONNECTING
1740762735.232438: EAPOL: SUPP_BE coming into state IDLE
1740762735.232480: EAP: EAP coming into state INITIALIZE
1740762735.232522: EAP: EAP coming into state IDLE
1740762735.232565: enp0s8: Cancelling scan request
1740762735.232610: enp0s8: CTRL-EVENT-SUBNET-STATUS-UPDATE standing=0
1740762737.147135: EAPOL: startWhen --> 0
1740762737.147300: EAPOL: SUPP_PAE coming into state CONNECTING
1740762737.147358: EAPOL: txStart
1740762737.147404: TX EAPOL: dst=01:80:c2:00:00:03
1740762737.147473: TX EAPOL - hexdump(len=4): 02 01 00 00
1740762767.174285: EAPOL: startWhen --> 0
1740762767.174450: EAPOL: SUPP_PAE coming into state CONNECTING
1740762767.174507: EAPOL: txStart
1740762767.174561: TX EAPOL: dst=01:80:c2:00:00:03
1740762767.174616: TX EAPOL - hexdump(len=4): 02 01 00 00
1740762795.199331: EAPOL: idleWhile --> 0
1740762795.199472: EAP: EAP coming into state FAILURE
1740762795.199519: enp0s8: CTRL-EVENT-EAP-FAILURE EAP authentication failed
1740762795.199569: EAPOL: SUPP_PAE coming into state AUTHENTICATING
1740762795.199609: EAPOL: SUPP_BE coming into state FAIL
1740762795.199651: EAPOL: SUPP_PAE coming into state HELD
1740762795.199692: EAPOL: Supplicant port standing: Unauthorized
1740762795.199733: EAPOL: SUPP_BE coming into state IDLE
1740762795.199773: EAPOL authentication accomplished - consequence=FAILURE

So yeah, I might by no means used this instruments earlier than, and there’s little or no documentation concerning them, I’ve learn the unique detailed instance configuration information supplied by the builders of each of them, tried dozens of various configs, however I am nonetheless not in a position to determine this out.

If somebody was in a position to assist me with these configurations and the way I could make the supplicant be capable of join, I might actually admire with the ability to sleep once more!

Previous articleThe Position of AI in Gene Enhancing
Next articlePower Dominance Will Make Individuals Sick
codesanitizehttps://codesanitize.com

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

Load more

ABOUT US

Welcome to CodeSanitize, your number one source for all things coding and technology. We’re dedicated to providing you the very best of software development tutorials, tips, and resources, with a focus on clarity, practical examples, and up-to-date content.

© Copyright 2024 - codesanitize.com. All rights reserved