WPA_Supplicant Looping when authenticated (EAP_PEAP) & (EAP_TLS) IAS radius

Normax jtnormax
Wed Apr 28 03:36:12 PDT 2004 

Help please...

Authentication occurs fine with IAS with either EAP_TLS or EAP_PEAP(mschapv2). 
Then the problem starts. WPA_supplicant 0.2.0 with xsupplicant also 
WPA_supplicant (CVS with EAP_TLS, PEAP and mschapv2 compiled in) resets and 
the process starts over....and over. Infrequently the process completes and I 
then have a good working link. XP clients work exceptionally well with my 
setup and if I use WPA-PSK my SuSE 9 works nice too.


Equipment used:
Me: MSCE Linux beginner, sort of:) 
Win2K3 IAS server
Cheap Xterasys AP that appears to work great (WPA-PSK and WPA-EAP).
XP clients
Gateway Solo9300 laptop, SuSe 9 kernel 2.4.21-202-default, HostAP-0.2.0 
drivers... WPA_Supplicant-0.2.0,  XSupplicant-1.0pre2. Also compiled and 
tried CVS snaphots 22 APR 04 with same/similar results. 
USR 2415 pcmcia flashed to 
wifi0: NIC: id=0x8002 v1.0.0
wifi0: PRI: id=0x15 v0.3.0
wifi0: STA: id=0x1f v1.7.1

ONE repeat from sequence below

Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:e0:98:b7:13:d7
Association event - clear replay counter
Associated to a new BSS: BSSID=00:e0:98:b7:13:d7
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
RX EAPOL from 00:e0:98:b7:13:d7
RX EAPOL from 00:e0:98:b7:13:d7
RX EAPOL from 00:e0:98:b7:13:d7
IEEE 802.1X: version=1 type=0 length=132
RX EAPOL from 00:e0:98:b7:13:d7
RX EAPOL from 00:e0:98:b7:13:d7
RX EAPOL from 00:e0:98:b7:13:d7
IEEE 802.1X: version=1 type=3 length=95
  EAPOL-Key type=254
RX message 1 of 4-Way Handshake from 00:e0:98:b7:13:d7 (ver=1)
PMK - hexdump(len=32): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00
PTK - hexdump(len=64): 5a c5 db 2e 62 7c 34 06 f0 c6 37 34 7d 0b 95 c4 cb 8d 
9c ad d4 40 fa 85 3d 57 73 c8 c9 87 dd e2 ce 83 c8 ea a8 42 4a c3 b2 f7 28 5e 
aa b7 cb 20 c3 61 c9 69 9a 4d 9b bd f2 4d c6 f7 5f 44 5c a3
EAPOL-Key MIC - hexdump(len=16): 26 01 cd b2 2a b3 83 19 18 f8 93 6c 2c bb 0a 
69
Sending EAPOL-Key 2/4
Receive from dot1x (Xsupplicant) socket ==> 32
Master key (dot1x) - hexdump(len=32): 71 0d 5d 1b 23 a2 e7 11 92 52 e0 c8 30 
96 34 57 74 3f a3 f9 03 b2 8d af be 82 25 36 30 c6 19 be
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
Disconnect event - remove keys
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
Starting AP scan (broadcast SSID)
Signal 2 received - terminating
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0

Sequence from XSupplicant

Sending master key to wpa_supplicant.
[STATE] (global) -> AUTHENTICATED
Processing EAPoL-Key!
WPA EAPOL-Key - ignoring it
[CONFIG] MAC address changed!  Updating config!
[CONFIG] Working from config file /etc/xsrosum1.conf.
[CONFIG] MAC address changed!  Updating config!
[CONFIG] Working from config file /etc/xsrosum1.conf.
[STATE] AUTHENTICATED -> ACQUIRED
[STATE] Processing ACQUIRED state.
Connection established, authenticating...
[STATE] Sending EAPOL-Response-Identification
[STATE] ACQUIRED -> AUTHENTICATING)
[STATE] Processing AUTHENTICATING state.
[STATE] Sending EAPOL-Response-Authentication
[AUTH TYPE]      --- SSL : before/connect initialization
[AUTH TYPE]      --- SSL : before/connect initialization
[AUTH TYPE]      --- SSL : SSLv3 write client hello A
[AUTH TYPE]      --- SSL : SSLv3 read server hello A
[STATE] Processing AUTHENTICATING state.
[STATE] Sending EAPOL-Response-Authentication
[AUTH TYPE]      --- SSL : SSLv3 read server hello A
[AUTH TYPE]      --- SSL : SSLv3 read finished A
[AUTH TYPE]      --- SSL : SSLv3 write change cipher spec A
[AUTH TYPE]      --- SSL : SSLv3 write finished A
[AUTH TYPE]      --- SSL : SSLv3 flush data
[AUTH TYPE]      --- SSL : SSL negotiation finished successfully
[AUTH TYPE]      --- SSL : SSL negotiation finished successfully
[STATE] Processing AUTHENTICATING state.
[STATE] Sending EAPOL-Response-Authentication
[AUTH TYPE] Extracted common name of disa-1l.norman01.local
[AUTH TYPE] Certificate CN : disa-1l.norman01.local
[AUTH TYPE] Doing a CN Check!
[AUTH TYPE] Looking for an exact match!
[AUTH TYPE] Certificate CN matched!
[AUTH TYPE] Decrypted packet returned 11 byte(s)
[AUTH TYPE] Doing PEAP v0!
[AUTH TYPE] Inner packet :
01 9A 00 0B 21 80 03 00 - 02 00 01                ...!......
[AUTH TYPE] Got an EAP extension frame!
[AUTH TYPE] Unencrypted return frame :
02 9A 00 0B 21 80 03 00 - 02 00 01                ...!......
[AUTH TYPE] Encrypted return frame :
00 17 03 01 00 1B 93 9D - B7 87 1D 80 C5 ED 43 C0 ..............C.
4E D8 EF EB 93 08 D9 A4 - 01 53 B4 71 0D 77 63 43 N........S.q.wcC
18                                                .
Authenticated!
Sending master key to wpa_supplicant.
[STATE] (global) -> AUTHENTICATED
Processing EAPoL-Key!
WPA EAPOL-Key - ignoring it
[CONFIG] MAC address changed!  Updating config!
[CONFIG] Working from config file /etc/xsrosum1.conf.
[CONFIG] MAC address changed!  Updating config!
[CONFIG] Working from config file /etc/xsrosum1.conf.
[STATE] AUTHENTICATED -> ACQUIRED
[STATE] Processing ACQUIRED state.
Connection established, authenticating...
[STATE] Sending EAPOL-Response-Identification
[STATE] ACQUIRED -> AUTHENTICATING)
[STATE] Processing AUTHENTICATING state.
[STATE] Sending EAPOL-Response-Authentication
[AUTH TYPE]      --- SSL : before/connect initialization
[AUTH TYPE]      --- SSL : before/connect initialization
[AUTH TYPE]      --- SSL : SSLv3 write client hello A
[AUTH TYPE]      --- SSL : SSLv3 read server hello A
[STATE] Processing AUTHENTICATING state.
[STATE] Sending EAPOL-Response-Authentication
[AUTH TYPE]      --- SSL : SSLv3 read server hello A
[AUTH TYPE]      --- SSL : SSLv3 read finished A
[AUTH TYPE]      --- SSL : SSLv3 write change cipher spec A
[AUTH TYPE]      --- SSL : SSLv3 write finished A
[AUTH TYPE]      --- SSL : SSLv3 flush data
[AUTH TYPE]      --- SSL : SSL negotiation finished successfully
[AUTH TYPE]      --- SSL : SSL negotiation finished successfully
[STATE] Processing AUTHENTICATING state.
[STATE] Sending EAPOL-Response-Authentication
[AUTH TYPE] Extracted common name of disa-1l.norman01.local
[AUTH TYPE] Certificate CN : disa-1l.norman01.local
[AUTH TYPE] Doing a CN Check!
[AUTH TYPE] Looking for an exact match!
[AUTH TYPE] Certificate CN matched!
[AUTH TYPE] Decrypted packet returned 11 byte(s)
[AUTH TYPE] Doing PEAP v0!
[AUTH TYPE] Inner packet :
01 9C 00 0B 21 80 03 00 - 02 00 01                ...!......
[AUTH TYPE] Got an EAP extension frame!
[AUTH TYPE] Unencrypted return frame :
02 9C 00 0B 21 80 03 00 - 02 00 01                ...!......
[AUTH TYPE] Encrypted return frame :
00 17 03 01 00 1B 03 4A - 14 5D F7 98 3F B7 7D 34 .......J.]..?.}4
3D 9B 86 F5 F4 DC 02 04 - 0F 7C 23 7E 97 AB 6C 7F =........|#~..l.
8E                                                .
Authenticated!
Sending master key to wpa_supplicant.

And so on....

Thanks;
Normax

More information about the Hostap mailing list