Hostapd Test Results and Problem Areas

Jouni Malinen jkmaline
Sat Sep 20 08:26:31 PDT 2003 

On Thu, Sep 11, 2003 at 04:00:57PM -0000, SR Dasgupta wrote:

> Supplicant 	- WinXP without SP1

Which wlan card and which driver version are you using in the client?

> AP 		- MIPS platform with Hostapd running

Are you using MIPS in big or little endian mode? Are you still using
hostap version 0.0.3? Have you tested with the latest CVS snapshot
version?

> Successful Testings
> ===============
> 1. EAP-MD5 	- This works fine.
> 2. EAP-TLS 	- This works fine as well.

I assume this means that you were able to authenticate the station with
both EAP-MD5 and EAP-TLS when all WEP settings were disabled.

> 	wep_key_len_broadcast=5
> 	# wep_key_len_unicast=5
> 	# Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once)
> 	wep_rekey_period=0	
> 
>      Keep the 802.1x and RADIUS options disabled. The rotation is disabled 
> as evident

wep_key_len_broadcast/unicast are not supported without 802.1X.

> Repeat Case 2 but now enable key rotation ("wep_rekey_period=300"). In XP, 
> enable WEP and "The key is provided for me automatically" options.

Not supported without 802.1X.


> Case 4: (WEP & MD5)

> 	wep_key_len_broadcast=5
> 	# wep_key_len_unicast=5
> 	# Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once)
> 	wep_rekey_period=0	
> 
> 	Rekeying is 0 since as far as I know, MD5 doesnot support it.
> 
> 3. Enable IEEE 802.1x in hostapd.conf (ieee8021x=1). Configure RADIUS 
> setting correctly.

EAP-MD5 is not supported with wep_key_len_broadcast/unicast; it does not
provide master key for distributing the key material to the supplicant.


> Case 5: (WEP & TLS)
> Repeat Case 4 but for the following:
> 1. Configure RADIUS setting correctly, this time for Oddessy server.
> 2. Configure Oddessy Server correctly.
> 3. Use Oddessy Client on WinXP and configure correctly. Use WEP option and 
> specify the same key as on AP. Disable key rotation in the client.
> 
> Note: The above steps were carried out for successful EAP-TLS testing.

Getting closer, but you should still not configure the WEP keys
manually.


> Case 6: (WEP & TLS - key rotation)
> Repeat Case 4 but for the following:
> 1. Enable key rotation ("wep_rekey_period=300") in hostapd.conf. Keep 
> 802.1x option enabled (ieee8021x=1). Configure RADIUS setting correctly, 
> this time for Oddessy server.

Did you enable both broadcast and unicast keys in hostapd.conf?

Recommended configuration for EAP-TLS is:

ieee8021x=1
wep_key_len_broadcast=13
wep_key_len_unicast_5
wep_rekey_period=300
eapol_key_index_workaround=0
# and RADIUS auth. server configuration

if only broadcast keys are tested, following changes are needed

wep_key_len_unicast=0
eapol_key_index_workaround=1


If this does not work, please send hostapd debug log (output of
hostapd -ddd hostapd.conf) from a failed case. If you can get debug log
from the supplicant side, that would also be useful finding out why this
did not work.

-- 
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list