802.1x with WinXP
marcb at softhome.net
marcb
Fri Dec 6 01:12:33 PST 2002
I'm hoping someone can help me... I'm way out of my depth, and I've been
banging my head against a wall for quite some time now... but I think I'm
close.
I have a Linux box with a DWL-520 and a laptop running WinXP with a DWL-650.
I'm trying to set the linux box up with hostap as an access point using
802.1x, authenticating to freeRadius.
I've nearly got it all working... in that when the laptop transmits a
request to authenticate to the linux box... the request is correctly sent
by hostapd to the radius server, and I get an "ACCEPT-ACCEPT" from the
radius server back to hostapd.
I'm pretty sure the key is then sent to the laptop... as for a brief second
or two I get a "Authentication Successful" message on WinXP, but as soon as
the connection is authenticated it drops out and hostapd deauthenticates it.
I tried doing this whilst continually trying to ping the laptop and for the
brief few seconds that the laptop is authenticated I get responses... so I
am able to pass packets through.... I just don't understand why the laptop
is deauthenticated immediately after authenticating.
I've tried both hostap-2002-10-12 and the latest CVS, with no noticeable
difference in behaviour.
I've attached the output from hostapd below...
Thanks,
Marc
Opening raw packet socket for ifindex 4
Using interface wlan0ap with hwaddr 00:05:5d:5b:c4:1c and ssid 'test'
Default WEP key - hexdump(len=13): 67 8d 91 69 48 94 85 93 59 fb 48 a4 48
Flushing old station entries
Received 30 bytes management frame
MGMT
mgmt::auth
authentication: STA=00:40:05:ae:bd:2d auth_alg=0 auth_transaction=1
status_code=0
New STA
Station 00:40:05:ae:bd:2d authenticated (open system)
Received 40 bytes management frame
MGMT
mgmt::assoc_req
association request: STA=00:40:05:ae:bd:2d capab_info=0x01 listen_interval=1
new AID 1
Station 00:40:05:ae:bd:2d associated (aid 1)
IEEE 802.1X: Start authentication for new station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_KEY_TX entering state NO_KEY_TRANSMIT
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state DISCONNECTED
IEEE 802.1X: Unauthorizing station 00:40:05:ae:bd:2d
IEEE 802.1X: Sending canned EAP packet FAILURE to 00:40:05:ae:bd:2d
(identifier 0)
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state IDLE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:40:05:ae:bd:2d (identifier
1)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 37 bytes management frame
DATA
IEEE 802.1X: 5 bytes from 00:40:05:ae:bd:2d
IEEE 802.1X: version=1 type=1 length=0
ignoring 1 extra octets after IEEE 802.1X packet
EAPOL-Start
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:40:05:ae:bd:2d (identifier
1)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 26 bytes management frame
MGMT
MGMT: BSSID=32:33:38:3b:36:33 not our address
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 30 bytes management frame
MGMT
mgmt::auth
authentication: STA=00:40:05:ae:bd:2d auth_alg=0 auth_transaction=1
status_code=0
Station 00:40:05:ae:bd:2d authenticated (open system)
Received 40 bytes management frame
MGMT
mgmt::assoc_req
association request: STA=00:40:05:ae:bd:2d capab_info=0x11 listen_interval=1
old AID 1
Station 00:40:05:ae:bd:2d associated (aid 1)
Received 37 bytes management frame
DATA
IEEE 802.1X: 5 bytes from 00:40:05:ae:bd:2d
IEEE 802.1X: version=1 type=1 length=0
ignoring 1 extra octets after IEEE 802.1X packet
EAPOL-Start
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:40:05:ae:bd:2d (identifier
1)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state DISCONNECTED
IEEE 802.1X: Unauthorizing station 00:40:05:ae:bd:2d
IEEE 802.1X: Sending canned EAP packet FAILURE to 00:40:05:ae:bd:2d
(identifier 1)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:40:05:ae:bd:2d (identifier
2)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 51 bytes management frame
DATA
IEEE 802.1X: 19 bytes from 00:40:05:ae:bd:2d
IEEE 802.1X: version=1 type=0 length=15
EAP: code=2 identifier=1 length=15 (response)
EAP Identifier of the Response-Identity from 00:40:05:ae:bd:2d does not
match (was 1, expected 2)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 51 bytes management frame
DATA
IEEE 802.1X: 19 bytes from 00:40:05:ae:bd:2d
IEEE 802.1X: version=1 type=0 length=15
EAP: code=2 identifier=2 length=15 (response)
EAP Response-Identity
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state AUTHENTICATING
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 84 bytes from authentication server
Received RADIUS message
RADIUS packet matching with station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:ae:bd:2d (identifier 3)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 148 bytes management frame
DATA
IEEE 802.1X: 116 bytes from 00:40:05:ae:bd:2d
IEEE 802.1X: version=1 type=0 length=112
EAP: code=2 identifier=3 length=112 (response)
EAP Response-TLS
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 1120 bytes from authentication server
Received RADIUS message
RADIUS packet matching with station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:ae:bd:2d (identifier 4)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 42 bytes management frame
DATA
IEEE 802.1X: 10 bytes from 00:40:05:ae:bd:2d
IEEE 802.1X: version=1 type=0 length=6
EAP: code=2 identifier=4 length=6 (response)
EAP Response-TLS
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 980 bytes from authentication server
Received RADIUS message
RADIUS packet matching with station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:ae:bd:2d (identifier 5)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 1080 bytes management frame
DATA
IEEE 802.1X: 1048 bytes from 00:40:05:ae:bd:2d
IEEE 802.1X: version=1 type=0 length=1044
EAP: code=2 identifier=5 length=1044 (response)
EAP Response-TLS
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 131 bytes from authentication server
Received RADIUS message
RADIUS packet matching with station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:ae:bd:2d (identifier 6)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 42 bytes management frame
DATA
IEEE 802.1X: 10 bytes from 00:40:05:ae:bd:2d
IEEE 802.1X: version=1 type=0 length=6
EAP: code=2 identifier=6 length=6 (response)
EAP Response-TLS
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 160 bytes from authentication server
Received RADIUS message
RADIUS packet matching with station 00:40:05:ae:bd:2d
MS-MPPE-Send-Key (len=32): 2f 39 60 e6 50 da e9 d1 52 7d f8 ec 1f 94 d0 42
9d 16 2f 4c c0 8c 4f 7f 00 7c 82 d3 aa e0 4e ea
MS-MPPE-Recv-Key (len=32): ee 99 e6 57 2b 76 37 71 d0 f5 3c c7 a4 92 72 35
9c b0 9d fc e2 2a f4 78 a6 ed 81 15 2c 10 cb 7a
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state SUCCESS
IEEE 802.1X: Sending canned EAP packet SUCCESS to 00:40:05:ae:bd:2d
(identifier 6)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state AUTHENTICATED
IEEE 802.1X: Authorizing station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state IDLE
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_KEY_TX entering state KEY_TRANSMIT
IEEE 802.1X: Sending EAPOL-Key(s) to 00:40:05:ae:bd:2d (identifier 7)
IEEE 802.1X: Sending EAPOL-Key to 00:40:05:ae:bd:2d (broadcast index=0)
Received 37 bytes management frame
DATA
IEEE 802.1X: 5 bytes from 00:40:05:ae:bd:2d
IEEE 802.1X: version=1 type=1 length=0
ignoring 1 extra octets after IEEE 802.1X packet
EAPOL-Start
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:40:05:ae:bd:2d (identifier
7)
Received 51 bytes management frame
DATA
IEEE 802.1X: 19 bytes from 00:40:05:ae:bd:2d
IEEE 802.1X: version=1 type=0 length=15
EAP: code=2 identifier=7 length=15 (response)
EAP Response-Identity
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state AUTHENTICATING
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
Received 84 bytes from authentication server
Received RADIUS message
RADIUS packet matching with station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:ae:bd:2d (identifier 8)
Received 148 bytes management frame
DATA
IEEE 802.1X: 116 bytes from 00:40:05:ae:bd:2d
IEEE 802.1X: version=1 type=0 length=112
EAP: code=2 identifier=8 length=112 (response)
EAP Response-TLS
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
Received 1120 bytes from authentication server
Received RADIUS message
RADIUS packet matching with station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:ae:bd:2d (identifier 9)
Received 42 bytes management frame
DATA
IEEE 802.1X: 10 bytes from 00:40:05:ae:bd:2d
IEEE 802.1X: version=1 type=0 length=6
EAP: code=2 identifier=9 length=6 (response)
EAP Response-TLS
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
Received 980 bytes from authentication server
Received RADIUS message
RADIUS packet matching with station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:ae:bd:2d (identifier 10)
Received 1080 bytes management frame
DATA
IEEE 802.1X: 1048 bytes from 00:40:05:ae:bd:2d
IEEE 802.1X: version=1 type=0 length=1044
EAP: code=2 identifier=10 length=1044 (response)
EAP Response-TLS
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
Received 131 bytes from authentication server
Received RADIUS message
RADIUS packet matching with station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:ae:bd:2d (identifier 11)
Received 42 bytes management frame
DATA
IEEE 802.1X: 10 bytes from 00:40:05:ae:bd:2d
IEEE 802.1X: version=1 type=0 length=6
EAP: code=2 identifier=11 length=6 (response)
EAP Response-TLS
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
Received 160 bytes from authentication server
Received RADIUS message
RADIUS packet matching with station 00:40:05:ae:bd:2d
MS-MPPE-Send-Key (len=32): d8 fd e6 87 ce a6 7a a3 33 d2 c5 aa 61 7e ac 72
6c 4a cc 55 08 cf a6 87 c7 f2 3a 15 94 ee 09 ac
MS-MPPE-Recv-Key (len=32): b2 8c 32 62 41 bb 50 78 17 7b cc f5 17 8e 91 c1
b3 66 33 18 3c 01 dc e1 95 10 e4 72 89 d5 81 b0
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state SUCCESS
IEEE 802.1X: Sending canned EAP packet SUCCESS to 00:40:05:ae:bd:2d
(identifier 11)
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_KEY_TX entering state KEY_TRANSMIT
IEEE 802.1X: Sending EAPOL-Key(s) to 00:40:05:ae:bd:2d (identifier 11)
IEEE 802.1X: Sending EAPOL-Key to 00:40:05:ae:bd:2d (broadcast index=0)
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state AUTHENTICATED
IEEE 802.1X: Authorizing station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state IDLE
Received 26 bytes management frame
MGMT
MGMT: BSSID=32:33:38:3b:36:33 not our address
Received 26 bytes management frame
MGMT
mgmt::deauth
deauthentication: STA=00:40:05:ae:bd:2d reason_code=3
Station 00:40:05:ae:bd:2d deauthenticated
IEEE 802.1X: station 00:40:05:ae:bd:2d port disabled
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state INITIALIZE
Signal 2 received - terminating
Flushing old station entries
Deauthenticate all stations
More information about the Hostap
mailing list