1

I've set my Raspberry Pi 4 to be an Access Point, but now I need it to authenticate in a freeRadius server that I set in my machine but it is not working. The problem is for sure in the hostapd.conf file in the RaspberryPi, because when I try to connect to the Access Point, it won't let me, and nothing shows up in the freeRADIUS server log. My hostapd.conf file is set like this:

   country_code=PT
   interface=wlan0
   ssid=AccessPointTest
   hw_mode=g
   channel=7
   # 2 --> for the use of and external RADIUS server
   macaddr_act=2

auth_algs=1
   ignore_broadcast_ssid=0


own_ip_address=127.0.0.1
   #RADIUS authentication server
   auth_server_addr=10.0.2.15
   auth_server_port=1812
   auth_server_shared_secret=radiuspass2020


wpa=2


wpa_key_mgmt=WPA-EAP
   #2 --> required; reject authentication if RADIUS server does not include Tunnel-Password
   wpa_psk_radius=2

UPDATE with info from a comment:
in my Radius server config I created a client with the IP address of the RasPi. and in the hostapd.conf file I pointed the "auth_server_addr=10.0.2.15" which is the Radius Server IP Address, do I need anything more than that to connect to the server?

Ingo
  • 42,961
  • 20
  • 87
  • 207
Tomás Vicente
  • 11
  • 2

1 Answers1

2

I haven't used hostapd with Radius as yet but for my understanding hostapd is only used to create an access point. It will not create a client connection to your machine with the Radius server only by specifying its ip address in hostapd.conf. That is only to know where the Radius server is located on the network. You have to ensure a connection from the RasPi to the Radius server.

If possible you can use a wired connection with an ethernet cable from the RasPi to the Radius server. This usually works out of the box and may only need some routing and/or ip forwarding setup on the RasPi.

If you must connect by WiFi to the Radius server then you can use the Access point as WiFi router/repeater. Don't setup the bridge. You don't need it. The setup also uses hostapd so you should be able to additional define the Radius server in its hostapd.conf.

Test the connection with ping from the RasPi. You must get replies, something like this:

rpi ~$ ping -c3 10.0.2.15
PING 10.0.2.15 (10.0.2.15) 56(84) bytes of data.
64 bytes from 10.0.2.15: icmp_seq=1 ttl=64 time=0.407 ms
64 bytes from 10.0.2.15: icmp_seq=2 ttl=64 time=0.436 ms
64 bytes from 10.0.2.15: icmp_seq=3 ttl=64 time=0.447 ms

--- 10.0.2.15 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 43ms
rtt min/avg/max/mdev = 0.407/0.430/0.447/0.016 ms

It may also be required to enable ip forwarding. If so then in /etc/sysctl.conf just

# Uncoment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1

and reboot.

Ingo
  • 42,961
  • 20
  • 87
  • 207