802.1x: EAP/TLS - xsupplicant and hostap wep enabled
pof
pau
Fri Nov 28 17:35:51 PST 2003
Hello,
I have a prism2 card and I use hostap-driver 0.1.2 in "Managed" mode.
I want to authenticate to another computer running hostap-driver 0.1.2
in "Master" mode with 802.1x enabled using EAP/TLS and a FreeRADIUS
server (today's CVS snapshot) running in the same host.
I have read the docs, and set-up openssl certs, xsupplicant config,
hostapd config and FreeRADIUS config accordingly.
I have succeeded with EAP/MD5 and EAP/TLS always with wep disabled.
Now I want to test with EAP/TLS and wep enabled:
No matter if I set up client and AP with static wep or with rekeying, I
always get the same unsuccessful result.
I use the same config files that work without wep, then I just enable
wep in both client and AP host using iwconfig wlan0 enc "s:mykey". These
are the results:
CLIENT
------
# xsupplicant -i wlan0 -m TLS -n pofHQ
Couldn't get information for interface wlan0!
Calling do_eapol, with device wlan0
Setup on device wlan0 complete
Done with init.
Sending EAPOL-Start #1
Sending EAPOL-Start #2
No authenticator found! Assuming the port is authorized!
AP HOST
-------
hostap log:
Nov 29 02:20:30 nimble kernel: wlan0: RX: IEEE 802.1X frame
Nov 29 02:20:30 nimble hostapd: wlan0: STA 00:90:d1:06:5b:9f IEEE
802.1X: received EAPOL-Start from STA
Nov 29 02:21:00 nimble kernel: wlan0: RX: IEEE 802.1X frame
Nov 29 02:21:00 nimble hostapd: wlan0: STA 00:90:d1:06:5b:9f IEEE
802.1X: received EAPOL-Start from STA
Nov 29 02:21:00 nimble hostapd: wlan0: STA 00:90:d1:06:5b:9f IEEE
802.1X: unauthorizing port
Nov 29 02:22:02 nimble hostapd: wlan0: STA 00:90:d1:06:5b:9f IEEE
802.1X: unauthorizing port
Nov 29 02:23:03 nimble hostapd: wlan0: STA 00:90:d1:06:5b:9f IEEE
802.1X: unauthorizing port
Nov 29 02:23:22 nimble kernel: wlan0: dropped frame from unauthorized
port (IEEE 802.1X): ethertype=0x0806
[...]
freeradius log:
rad_recv: Accounting-Request packet from host 127.0.0.1:40081, id=17,
length=172
Acct-Session-Id = "3FC7EF72-00000000"
Acct-Status-Type = Alive
Acct-Authentic = RADIUS
User-Name = "Pau"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "00-90-D1-08-1A-25:pofHQ"
Calling-Station-Id = "00-90-D1-06-5B-9F"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
Acct-Session-Time = 822
Acct-Input-Packets = 40
Acct-Output-Packets = 92
Acct-Input-Octets = 7461
Acct-Output-Octets = 9066
modcall: entering group preacct for request 2
modcall[preacct]: module "preprocess" returns noop for request 2
rlm_realm: No '@' in User-Name = "Pau", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[preacct]: module "suffix" returns noop for request 2
modcall[preacct]: module "files" returns noop for request 2
modcall: group preacct returns noop for request 2
modcall: entering group accounting for request 2
rlm_acct_unique: WARNING: Attribute NAS-Port-Id was not found in
request, unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address = 127.0.0.1,NAS-IP-Address
= 127.0.0.1,Acct-Session-Id = "3FC7EF72-00000000",User-Name = "Pau"'
rlm_acct_unique: Acct-Unique-Session-ID = "425620f0a7d157a3".
modcall[accounting]: module "acct_unique" returns ok for request 2
radius_xlat: '/var/log/radius/radacct/127.0.0.1/detail-20031129'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/radius/radacct/127.0.0.1/detail-20031129
modcall[accounting]: module "detail" returns ok for request 2
radius_xlat: '/var/log/radius/radutmp'
radius_xlat: 'Pau'
modcall[accounting]: module "radutmp" returns ok for request 2
modcall: group accounting returns ok for request 2
Sending Accounting-Response of id 17 to 127.0.0.1:40081
Finished request 2
Going to the next request
--- Walking the entire request list ---
Cleaning up request 2 ID 17 with timestamp 3fc7f45d
Nothing to do. Sleeping until we see a request.
Can someone point me in the right direction to successfully authenticate
when WEP is enabled. I am stuck and I don't know if I am missing
something that may be obvious for you here.
Regards,
Pau Oliva.
--
.----------------------------------------------.
| Pau Oliva Fora http://pof.eslack.org |
| KeyID: 665D05B533539E02 available at keyserv |
`----------------------------------------------'
In Googlis non est, ergo non est.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20031129/9653b26e/attachment.pgp
More information about the Hostap
mailing list