(moving to ports#, reply-to is set, although this is unlikely to be OpenBSD-specific)
On 2023/02/25 02:18, Mikhael Lialin wrote: > Trying to setup witi with radius eap-tls authentication. > > And getting time out while authenticated. > > Tried with custome setup, and default setup with generated > certificates within installation. > > in ktrace of rediusd something waiting: > > 28664 radiusd RET wait4 -1 errno 10 No child processes > > all configuration of freeradius are default after > installation, nothing were modified. > > Please help. > > Debug ant ktrace session attached. ktrace is too low-level to be useful here. freeradius won't work directly with default setup, you at least need to configure shared secrets between the APs and freeradius (in clients.conf and on the AP), and tell freeradius how to decide whether a user is allowed to authenticate. You say EAP-TLS, this uses certificates for authentication on bith the server *and* the client, so for that you'll also need to figure out how to get client certificates signed, etc. I strongly recommend ignoring this until you have the basics working with password based auth. Follow https://wiki.freeradius.org/guide/Basic-configuration-HOWTO first and make sure it works with radtest on the local machine. (Note if running it manually in debug mode as suggested in that guide, you will need the full path /usr/local/sbin/radiusd, there is a minimal radius daemon from the base OS in /usr/sbin/radiusd which does not support EAP/PEAP). If that fails, it needs fixing first before moving onto one of the EAP methods that you need for WPA-Enterprise (either on an AP directly or you can try eapol_test running on the freeradius server as shown in http://deployingradius.com/scripts/eapol_test/ - skip the "building eapol_test" section and pkg_add wpa_supplicant instead).
