Hello everyone.
I'm trying to figure out whether I'm doing something wrong or the behavior of hostapd itself is confusing (or perhaps the manual is?).
I'm using hostapd to forward requests to FreeRADIUS server for EAP-TLS authentication. So I don't use hostapd's builtin RADIUS server.
Therefore, my /etc/hostapd.conf looks like this:
Now as per man pages, you can use two sets of auth_server_{addr,port,secret} entries to define one additional (backup) external RADIUS server:
However, this doesn't seem to work. As seen above, my config has this defined twice, but when the first auth_server_addr is not reachable (VPN is down) hostapd doesn't use the second auth_server_{addr,port,secret} configuration at all. It then sends packets somewhere and they never reach the local FreeRADIUS.
So I want to make sure whether this is a mistake in the man page or those options must be somehow put in a different manner to make it work. BTW, don't seem to find hostapd in /usr/src/usr.sbin... or elsewhere.
For that matter, README file located on the developer's own page doesn't mention the possibility to use two sets of external RADIUS addr/port/secret. So maybe this just doesn't work in the version distributed with FreeBSD?? If so, FreeBSD man page must be fixed accordingly... Other than that, I'm quite satisfied with this hostapd
I'm trying to figure out whether I'm doing something wrong or the behavior of hostapd itself is confusing (or perhaps the manual is?).
I'm using hostapd to forward requests to FreeRADIUS server for EAP-TLS authentication. So I don't use hostapd's builtin RADIUS server.
Therefore, my /etc/hostapd.conf looks like this:
Code:
interface=wlan0
driver=bsd
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
ssid=My-LOCAL-SSID
auth_server_addr=10.4.0.25 ##(remote)
auth_server_port=1812
auth_server_shared_secret={my_secret}
auth_server_addr=127.0.0.1
auth_server_port=1812
auth_server_shared_secret={my_other_secret}
ieee8021x=1
auth_algs=1
eapol_key_index_workaround=0
wpa=2
wpa_key_mgmt=WPA-EAP
rsn_pairwise=CCMP
openssl_ecdh_curves=P-521:P-384:P-256
Code:
auth_server_addr, auth_server_port, auth_server_shared_secret
RADIUS authentication server parameters. Can be defined twice
for secondary servers to be used if primary one does not reply to
RADIUS packets.
So I want to make sure whether this is a mistake in the man page or those options must be somehow put in a different manner to make it work. BTW, don't seem to find hostapd in /usr/src/usr.sbin... or elsewhere.
For that matter, README file located on the developer's own page doesn't mention the possibility to use two sets of external RADIUS addr/port/secret. So maybe this just doesn't work in the version distributed with FreeBSD?? If so, FreeBSD man page must be fixed accordingly... Other than that, I'm quite satisfied with this hostapd