starred/esp8266-eduroam-joostd
1
0
Fork 0
mirror of https://github.com/joostd/esp8266-eduroam.git synced 2026-04-25 00:25:57 +03:00
Code Issues 5 Projects Releases Packages Wiki Activity
Page: Debugging
Pages
Debugging Home links
3 Debugging
Joost van Dijk edited this page 2017-01-10 23:22:12 +01:00
Table of Contents

Debugging 802.1X authentication problems can be really tricky, especially if you don't have access to the RADIUS server logs.

Here are some useful techniques.

Debugging using IronWifi

  • create an account at https://console.ironwifi.com/register
  • create a user 'john' with password 'secret'
  • create a network, which will allocate an IP address, a port number, and a secret.

Test with wpa_supplicant:

    eapol_test -c ./eapol_test_ironwifi.conf -a$IP -p$PORT -s$SECRET

The file eapol_test_ironwifi.conf has contents:

network={
	eap=PEAP
	eapol_flags=0
	key_mgmt=IEEE8021X
	identity="john"
	password="secret"
	anonymous_identity="anonymous@espressif.com"
	#ca_cert="ca.pem"
	phase2="auth=MSCHAPV2"
}

freeradius

on osx:

brew install freeradius-server

Edit the file /usr/local/etc/raddb/proxy.conf

home_server ironwifi {
        type = auth+acct
        ipaddr = IP
        port = PORT
        secret = SECRET
}
home_server_pool ironwifi_pool {
        home_server = ironwifi
}

And add a realm for espressif.com:

realm espressif.com {
        pool = ironwifi_pool
        nostrip
}

Start freeradius:

radiusd -X

In another window, use wpa_supplicant's eapol_test again to see if authentication works when proxying through freeradius:

eapol_test -c ./eapol_test_local.conf.peap -a127.0.0.1  -stesting123

Note that the default client configuration in /usr/local/etc/raddb/clients.conf already contains a localhost entry with secret testing123.

Now check the radius logs to see what RADIUS messages are sent back from ironwifi.

To help read freeradius log messages, use http://networkradius.com/freeradius-debugging/