How does hostapd interact with an external RADIUS server?

Harshal Chhaya harshal at gmail.com
Sat Jul 23 15:54:19 EDT 2011


On Thu, Jul 14, 2011 at 12:16 PM, Jouni Malinen <j at w1.fi> wrote:
> On Thu, Jul 14, 2011 at 07:52:56AM -0500, Harshal Chhaya wrote:
>> My understanding is that the RADIUS server is used only during
>> authentication and then for re-keying but is out of the picture during
>> normal data transfer.
>
> Correct or well, not all re-keying cases require RADIUS authentication
> either.


Oh - this is good information. So hostapd handles some of the rekeying
internally?

If it helps, this is the relevant part of my 'hostapd.conf' file:

wpa=2
wpa_key_mgmt=WPA-EAP
wpa_pairwise=CCMP
wpa_group_rekey=600
wpa_strict_rekey=0
wpa_gmk_rekey=86400
ieee8021x=1
eapol_key_index_workaround=0
own_ip_addr=127.0.0.1
# RADIUS authentication server
auth_server_addr=127.0.0.1
auth_server_port=1812
auth_server_shared_secret=oursecret

>> I am curious what happens if the freeRADIUS server dies. Does hostapd
>> (somehow) disassociate all clients who then have to re-connect and
>> re-authenticate?
>
> hostapd does not even know that the RADIUS server died until there is a
> need for a new authentication.. No clients are disconnect or forced to
> re-authenticate in case of RADIUS issues.

That's what I figured. Thanks for clarifying it.


>> I am seeing clients dropping off the network around the same time the
>> freeRADIUS server is dying (still investigating that problem) and I am
>> curious about the connection between the two events.
>
> You should be able to find more details on what happened from the
> hostapd debug log, but unless you've configured the system to require
> frequent re-authentication with the RADIUS server, there should not
> really be any connection between these two events as far as clients that
> had already successfully connected to the network are concerned.


It turns out that the freeRADIUS server was crashing because the
underlying openSSL library was not compiled in a threadsafe manner. I
updated the makefile for openSSL and don't see freeRADIUS crashes any
more.

I still don't know why the two events (all clients dropping and
freeRADIUS crashing) were occurring around the same time but I am off
to looking at other issues now.

Thanks,
- Harshal


More information about the HostAP mailing list