Powered by Jitbit .Net Forum free trial version. dismiss

HomeGeneral

General issues

iPSK configuration Messages in this topic - RSS

ag66
ag66
Posts: 4


11.02.2020
ag66
ag66
Posts: 4
Is it possible to use TekRADIUS for iPSK WiFi authentication?
On systems like FreeRADIUS or ISE you add the check attribute Tunnel-Password to the user (username is MAC address), but i seems in TEK this isn't enough

Thanks
0 link
Admin
Admin
Administrator
Posts: 4992


11.02.2020
Admin
Admin
Administrator
Posts: 4992
Hi,

You must add Tunnel-Password as a Success-Reply attribute on a Check attribute to the user or group profile for IPSK.

Best regards,

Yasin KAPLAN
0 link
ag66
ag66
Posts: 4


11.02.2020
ag66
ag66
Posts: 4
Hi Yasin, I did try to add Tunnel-Password value as a Success-Reply attribute, and as Check attribute. Netiher of them worked. When I added them I saw on a packet capture that the AP sends the RADIUS access-request 3 times to the server but the server doesn't reply.

For an SSID that is open and uses only MAC address validation, TekRADIUS is already working perectly. Any logs that might be helpful to troubleshoot the issue?

Thanks

Andres
0 link
Admin
Admin
Administrator
Posts: 4992


12.02.2020
Admin
Admin
Administrator
Posts: 4992
Hi,

I recommend you to get a Wireshark trace on TekRADIUS installed machine to see RADIUS access request packets arrive to TekRADIUS. Please also set Logging = Debug at Settings / Service Parameters in TekRADIUS Manager and check log file which is accessible through file menu of TekRADIUS Manager.

Best regards,

Yasin KAPLAN
0 link
ag66
ag66
Posts: 4


12.02.2020
ag66
ag66
Posts: 4
Thanks a lot. The capture helped me get the issue sorted out. So iPSK is working now fine for users (MAC addresses) in the database.

One final question, for users not in the database I want to allow connections (Auth-Type Accept) as long as the PSK is correct. To do this in iPSK you send a Success reply by default along with the Success-Reply attribute Tunnel-Password. Is there a way to configure this in TEK? Some RADIUS severs allow a DEFAULT user entry

Andres
0 link
Admin
Admin
Administrator
Posts: 4992


12.02.2020
Admin
Admin
Administrator
Posts: 4992
You can have a Default user profile in TekRADIUS. Just create a user profile named Default in Users tab and add Tunnel-Password value as a Success-Reply attribute.
0 link
ag66
ag66
Posts: 4


12.02.2020
ag66
ag66
Posts: 4
Thanks a lot. I can confirm that it is working exactly as expected.
0 link
Admin
Admin
Administrator
Posts: 4992


12.02.2020
Admin
Admin
Administrator
Posts: 4992
You welcome
0 link






Powered by Jitbit Forum 8.3.8.0 © 2006-2013 Jitbit Software