802.1x with WinXP

Jouni Malinen jkmaline
Fri Dec 6 19:20:45 PST 2002


On Fri, Dec 06, 2002 at 02:12:33AM -0700, marcb at softhome.net wrote:

> I'm pretty sure the key is then sent to the laptop... as for a brief second 
> or two I get a "Authentication Successful" message on WinXP, but as soon as 
> the connection is authenticated it drops out and hostapd deauthenticates 
> it. 
> I tried doing this whilst continually trying to ping the laptop and for the 
> brief few seconds that the laptop is authenticated I get responses... so I 
> am able to pass packets through....   I just don't understand why the 
> laptop is deauthenticated immediately after authenticating. 

I have the same problem with WinXP SP1. WEP key exchanges clearly works
since I can also ping the station for couple of seconds, but after that,
WinXP decides to deauthenticate for some unknown reason. In other words,
it is not hostapd, but Supplicant in WinXP doing the deauthentication.

> IEEE 802.1X: Authorizing station 00:40:05:ae:bd:2d

Auth. server and hostapd were happy with the station, and it was
authorized.

> IEEE 802.1X: Sending EAPOL-Key(s) to 00:40:05:ae:bd:2d (identifier 7)
> IEEE 802.1X: Sending EAPOL-Key to 00:40:05:ae:bd:2d (broadcast index=0)

Here goes the WEP keys and after this point, I was able to ping the
station.

>  EAPOL-Start

Station seems to start another .1x round here. However, I don't know
why..

> IEEE 802.1X: Authorizing station 00:40:05:ae:bd:2d

.. and it also successful (as far as hostapd and freeradius are
concerned), but..

> deauthentication: STA=00:40:05:ae:bd:2d reason_code=3
> Station 00:40:05:ae:bd:2d deauthenticated
> IEEE 802.1X: station 00:40:05:ae:bd:2d port disabled

For some reason, Supplicant was not happy with something and
deauthenticated itself.


I have finally managed to get my .1x testing setup working again, so I
will be debugging this in the near future. I think I will go through the
changes made to IEEE 802.1x in the latest draft version of IEEE 802.1aa.
There seemed to be couple of changes to the state machines that might
have something to do with the problems. I don't think I have changed
anything in my code related to this.. I was able to get the same setup
working previously with WinXP (without SP1) and using exactly same
certificates, so it would seem that something has changed in the
Supplicant.

-- 
Jouni Malinen                                            PGP id EFC895FA




More information about the Hostap mailing list