New to Cambium, PMP450 AP/SM and RADIUS auth

Hello rnelson, I am very late to this party but have been fighting with nearly this exact configuration without success. Are you available to help me out a bit?

Yes - what distro are you using? We are still on centos 7, planning to move to ubuntu sometime next year, so the configs could be a little different.

Thanks for getting back to me, much appreciated. I’ve tried CentOS 8 Stream with MariaDB/MySQL. Still have the VM up and running but couldn’t get that working. I am now trying Ubuntu with MariaDB/MySQL. From what I can see, the AP & SM are good and I see attempts in Freeradius but I am getting the " WARNING: !! EAP session for state 0x7eae4d757caa582c did not finish!" messages.

To confirm, is it using eapttls and mschapv2? Or some other protocol? Reason I ask is the reason might be different when one looks into the warning in the freeradius list archive - I would start there:
https://www.mail-archive.com/freeradius-users@lists.freeradius.org/
https://www.mail-archive.com/search?q=EAP+session+for+state+did+not+finish&l=freeradius-users%40lists.freeradius.org

Yes, eapttls and mschapv2. I have read thru most of those mailing list messages over the last several weeks but I will give them another perusal just in case I missed something.

Assuming the certs are generated and copied to the proper directory, from my notes:

  1. Configure EAP

In /etc/raddb/mods-enabled/eap:

In the tls section configure like so:

private_key_password = whatever (password from the txt file)

private_key_file = ${certdir}/server.key (aaasvr_key.pem)

certificate_file = ${certdir}/server.pem (aaasvr_cert.pem)

CA_file = ${cadir}/ca.pem (cacert_aaasvr.pem)

In the ttls section:

copy_request_to_tunnel = yes

use_tunneled_reply = yes

For reference, I’ve tried FreeRadius 2 & 3, I am trying to get 2 working right now as alot of what I came across indicated 3 FR3 wasn’t working for Cambium devices. At any rate, Certs seem to be working properly, at least I have no errors. My EAP configuration much the same as your notes based on information I’ve gleaned from the Interwebs. What cert did you put on your SM’s?