Trouble with wpa2 enterprise ar750

Technical Support for Routers
1

cannot login to wpa2 enterprise with ar750 wierless repeater 3.104

setup
Backgound
freeraidus3 running on openwrt 19.07.3
peap and mschapv2
android devices and ios devices login fine.
windows 10 and apple ios fine.
Gli-net router fails authenticaion. (watching debug log running service from command line)

anyideas why?

(6) Received Access-Request Id 19 from 192.168.77.1:36520 to 192.168.77.1:1812 length 185
(6)   User-Name = "bob"
(6)   Called-Station-Id = "54-A0-50-xx-xx-xx:Bored_yet"
(6)   NAS-Port-Type = Wireless-802.11
(6)   Service-Type = Framed-User
(6)   NAS-Port = 1
(6)   Calling-Station-Id = "E4-95-6E-xx-xx-DC"
(6)   Connect-Info = "CONNECT 54Mbps 802.11g"
(6)   Acct-Session-Id = "8D37BB33456EDB1C"
(6)   Attr-186 = 0x000fac04
(6)   Attr-187 = 0x000fac04
(6)   Attr-188 = 0x000fac01
(6)   Framed-MTU = 1400
(6)   EAP-Message = 0x02da000801626f62
(6)   Message-Authenticator = 0x43d19e6f6f589d2283ae7b0f95ecc8e2
(6) # Executing section authorize from file /etc/freeradius3/sites-enabled/default
(6)   authorize {
(6)     policy filter_username {
(6)       if (&User-Name) {
(6)       if (&User-Name)  -> TRUE
(6)       if (&User-Name)  {
(6)         if (&User-Name =~ / /) {
(6)         if (&User-Name =~ / /)  -> FALSE
(6)         if (&User-Name =~ /@[^@]*@/ ) {
(6)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(6)         if (&User-Name =~ /\.\./ ) {
(6)         if (&User-Name =~ /\.\./ )  -> FALSE
(6)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(6)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(6)         if (&User-Name =~ /\.$/)  {
(6)         if (&User-Name =~ /\.$/)   -> FALSE
(6)         if (&User-Name =~ /@\./)  {
(6)         if (&User-Name =~ /@\./)   -> FALSE
(6)       } # if (&User-Name)  = notfound
(6)     } # policy filter_username = notfound
(6)     [preprocess] = ok
(6)     [chap] = noop
(6)     [mschap] = noop
(6)     [digest] = noop
(6) suffix: Checking for suffix after "@"
(6) suffix: No '@' in User-Name = "bob", looking up realm NULL
(6) suffix: No such realm "NULL"
(6)     [suffix] = noop
(6) eap: Peer sent EAP Response (code 2) ID 218 length 8
(6) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(6)     [eap] = ok
(6)   } # authorize = ok
(6) Found Auth-Type = eap
(6) # Executing group from file /etc/freeradius3/sites-enabled/default
(6)   authenticate {
(6) eap: Peer sent packet with method EAP Identity (1)
(6) eap: Calling submodule eap_md5 to process data
(6) eap_md5: Issuing MD5 Challenge
(6) eap: Sending EAP Request (code 1) ID 219 length 22
(6) eap: EAP session adding &reply:State = 0xacfbd477ac20d0ba
(6)     [eap] = handled
(6)   } # authenticate = handled
(6) Using Post-Auth-Type Challenge
(6) # Executing group from file /etc/freeradius3/sites-enabled/default
(6)   Challenge { ... } # empty sub-section is ignored
(6) Sent Access-Challenge Id 19 from 192.168.77.1:1812 to 192.168.77.1:36520 length 0
(6)   EAP-Message = 0x01db0016041021d53999db59c194361ba580d8f01a68
(6)   Message-Authenticator = 0x00000000000000000000000000000000
(6)   State = 0xacfbd477ac20d0baade9b311fc9f971b
(6) Finished request
3

I want to ask where did you get these log?

4

stop radisusd service and run from CLI
LD_LIBRARY_PATH=/usr/lib/freeradius3 radiusd -X
then tried logging in with gl-inet with wisp to enterpise server.

5

So you have another OpenWrt router as Radius server and create your EAP.

Then you want to connect to this EAP using AR750? And the log is obtained from your OpenWrt router (not AR750)?

6

correct.
Android, ios , win10, and mac os have no problem being authenticated also clean openwrt 19.07.3 wisp has no problem. just gl-inet os has issues