Openwrt, Linux about node-radius HOT 6 CLOSED

The Access-Request packet in that pcap doesn't have a User-Password attribute in it. The packet does include an inner EAP-Message, but node-radius doesn't support that (see #29).

I'm not sure if the issue is that your router isn't actually configured to do TTLS/PAP or that TTLS/PAP doesn't set the User-Password attribute.

In any case the Access-Request payload will need to have the User-Password attribute set in order to do user auth via node-radius.

from node-radius.

I've not tried using TTLS+PAP before, but based on rfc5281 it sounds like it should work with node-radius.

The most obvious thing to check is to make sure the shared secret between the router and the node-radius instance is the same.

from node-radius.

I tried that again, I dont think it is the password. This is the content of packet.attributes, I guess I wouldn't come that far if the shared secret was wrong:

Packet Attributes: {"User-Name":"CORRECTUSERNAME","Called-Station-Id":"54-E6-FC-D2-54-36:TestSolutions","NAS-Port-Type":"Wireless-802.11","NAS-Port":1,"Calling-Station-Id":"18-5E-0F-DD-E5-D7","Connect-Info":"CONNECT 54Mbps 802.11g","Acct-Session-Id":"5AFC50BB-00000003","Framed-MTU":1400,"EAP-Message":{"type":"Buffer","data":[2,74,0,36,1,106,111,110,97,115,46,115,116,114,97,115,115,101,108,64,116,101,115,116,115,111,108,117,116,105,111,110,115,46,100,101]},"Message-Authenticator":{"type":"Buffer","data":[27,30,39,215,55,112,82,47,102,192,247,211,245,191,84,45]}}

from node-radius.

Can you provide a pcap of the Access-Request payload along with the shared secret?

from node-radius.

Here the config details from openwrts luci and my client pc.

The shared secret is "abc".
pcap.zip

from node-radius.

So I guess I need to get openwrt to NOT use EAP. At least the UI doesn't provide such an option afaik. Will ask there!

from node-radius.