Hello,
now I'm trying to reach the next level after getting CAPsMAN working without any strange behaviours.
I try to switch from WPA2-PSK to WPA2-EAP. But at the moment it seems that no authentication request is reaching reach the User-Manager. But at the beginning some informations what I have done.
As I already mentioned I have CAPsMAN with 3 CAPs. Everything is up and running, authentication is WPA2-PSK.
Now I installed the package "User-Manager" on the hEX which is my CAPsMAN (IP: 192.168.x.y) and configured it. That means I advised a new password to the default user. Then I configured my CAPsMAN at the "Router" chapter in "User-Manager". I gave the Router a name, gave it the IP 192.168.x.y and the secret "test123".
After this I configured different users with the MAC address of my clients as username with different password or with MAC address also as password. I configured different users with real names and passwords. All for testing different configurations. I configured a profile for this user without any limitations and a duration of "999w". This has been saved and if I advise this profile to the users I can see the countdown running.
For me everything seems fine.
The next step was to configure "IP - Raduis" as enabled. Than I gave it the IP of the CAPsMAN / User-Manager (192.168.x.y), told it the secret of "User-Manager" (test123) and activated it for "wireless".
After this I tried to configure my configuration profiles with WPA2-EAP, set "encryption" and "group encryption" to "aes-ccm" and set the "EAP method" to "passthrough". Connecting again I will be asked for username and password but no combination seems to be correct. I also tried to configure "CAPsMAN - AAA" with "as username" or "as username and password" but no success with authentication. I tried to activate "WPA-PSK" again, changed CAPsMAN configuration sets in different ways about encryption and EAP method and so on and so on.
Everything without success, I cannot connect to the wireless lan and I get "Wrong username or password" or "Connect connect to ...".
If I take a look at the statistics of "User-Manager" at "Log" nothing is written ... empty. If I take a look at the router statistics for authentication tries, failures etc. everything is 0.
It seems that the authentication requests doesn't reach the "User-Manger" or am I wrong?
I also set a "Access List" at CAPsMAN with "action=query-radius" but without success.
If I take a look at the log at my hex ("/log print") the is the following messages overtime I try to authenticate:
"..... disconnected, max key exchange retries"
Do I misunderstand the meaning of "IP- Radius" / "User-Manager"? Do I miss something? Am I doing completely wrong?
Does anybody of you has a configuration for this use-case up and running or know what to do?
Or maybe you can explain me what are the exact steps to do to get such a authentication running? I don't know what is going at my environment at the moment...
Regards,
Jens