hostapd authenticates but dhcpd doesn't give out address

Bob Beers bbeers
Thu Jun 17 16:03:15 PDT 2004


I'm trying to get a hostap station to authenticate with username
  and password via a hostap AP.

Derek Schuff wrote:

> What I'm about to show you is for WPA client configuration. For hostap-driven  
> clients, you use wpa_supplicant, which can be configured to use its own 
> internal supplicant, or to use xsupplicant. (I use the internal one). I'm not 
> sure if wpa_supplicant will do dynamic WEP, but xsupplicant might.
> You set the EAP method in wpa_supplicant's configuration file ( which can be 
> specified at the command line. there's a sample one called 
> wpa_supplicant.conf)
> mine looks something like this:
> network{
> 	ssid="mywpassid"
> 	#I use a hidden ssid, so I have to scan for it
> 	scan_ssid=1 
> 	proto=WPA
> 	key_mgmt=WPA-EAP
> 	pairwise=TKIP
> 	group=TKIP
> 	# I use EAP-PEAP/MSCHAPv2
> 	eap=PEAP
> 	identity="user"
> 	password="password"
> }
> PEAP uses a certificate to authenticate the server. if you leave out the 
> ca_cert option, the certificate will not be checked.
> 

I'm running hostap code 0.2.2 on both AP and station.
On the station I built wpa_supplicant with all options
  in .config:

CONFIG_DRIVER_HOSTAP=y
CONFIG_WIRELESS_EXTENSION=y
CONFIG_IEEE8021X_EAPOL=y
CONFIG_EAP_MD5=y
CONFIG_MSCHAPV2=y
CONFIG_EAP_TLS=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_GTC=y
CONFIG_EAP_SIM=y

My radius server is GNU radius 1.2 (for now, could change it
  if necessary, just trying to get something working)

On the hostap station I have in my wpa_supplicant.conf:
(borrowing heavily from above)

network={
         ssid="dugtrio"
         #I use a hidden ssid, so I have to scan for it
         #scan_ssid=1
         proto=WPA
         key_mgmt=WPA-EAP
         pairwise=TKIP
         group=TKIP
         # I use EAP-PEAP/MSCHAPv2
         eap=PEAP
         identity="user"
         password="password"
}

I added an entry to the RADIUS db with user:user and password:password.

On the hostap AP I have in hostapd.conf:

interface=wlan0
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
debug=2
dump_file=/tmp/hostapd.dump
daemonize=1
ssid=dugtrio
macaddr_acl=0
auth_algs=1
ieee8021x=1
eap_message=helloBob
eapol_key_index_workaround=0
own_ip_addr=172.16.1.201
auth_server_addr=172.16.1.200
auth_server_port=1812
auth_server_shared_secret=secret
acct_server_addr=172.16.1.200
acct_server_port=1813
acct_server_shared_secret=secret

My AP essid is "dugtrio", master mode, no wep.
My station essid is "dugtrio", managed mode, no wep.

I start hostapd -d /etc/hostapd.conf on the AP, and I get RADIUS messages
  back and forth:

Configuration file: /etc/hostapd.conf.terse
Opening raw packet socket for ifindex 13
Using interface wlan0ap with hwaddr 00:09:5b:41:10:b4 and ssid 'dugtrio'
wlan0: RADIUS Authentication server 172.16.1.200:1812
wlan0: RADIUS Accounting server 172.16.1.200:1813
Sending RADIUS message to accounting server
RADIUS message: code=4 (Accounting-Request) identifier=0 length=71
    Attribute 40 (Acct-Status-Type) length=6
       Value: 7
    Attribute 45 (Acct-Authentic) length=6
       Value: 1
    Attribute 4 (NAS-IP-Address) length=6
       Value: 172.16.1.201
    Attribute 30 (Called-Station-Id) length=27
       Value: '00-09-5B-41-10-B4:dugtrio'
    Attribute 49 (Acct-Terminate-Cause) length=6
       Value: 11
Flushing old station entries
Deauthenticate all stations
Received 146 bytes management frame
RX frame - hexdump(len=146): 08 00 46 97 b9 47 00 50 c2 0f f2 26 08 00 45 10 00 
84 1d 87 40 00 40 06 c1 29 ac 10 01 c9 ac 10 01 ca 00 16 80 03 ac 2d e9 4b 77 18 
d3 9f 80 18 1e e0 5f aa 00 00 01 01 08 0a 00 37 2e ec 00 0b 72 00 8e c7 a6 d1 3e 
1f 82 2a 6e 58 f2 8a 13 85 42 37 4a fe ba 18 09 c6 81 99 05 d4 68 2d 04 5d 7b 80 
49 c2 4a 91 79 12 ee 6a cb c6 ef b1 b9 12 3a 74 8e a0 c0 a7 0c 1a 57 8a 28 33 c4 
eb f3 e8 48 ec 60 2d b7 21 1d b7 56 b9 44 45 7c e5 7b ff 1f 3a
DATA
Not ToDS data frame (fc=0x0008)
Received 66 bytes management frame
RX frame - hexdump(len=66): 00 50 c2 0f f2 26 08 00 46 97 b9 47 08 00 45 10 00 
34 e2 71 40 00 40 06 fc 8e ac 10 01 ca ac 10 01 c9 80 03 00 16 77 18 d3 9f ac 2d 
e9 9b 80 10 81 60 97 dd 00 00 01 01 08 0a 00 0b 72 02 00 37 2e ec
MGMT
MGMT: BSSID=00:34:e2:71:40:00 not our address
Received 20 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=5 (Accounting-Response) identifier=0 length=20
Received 30 bytes management frame
RX frame - hexdump(len=30): b0 00 b7 89 00 09 5b 41 10 b4 00 06 25 0a a8 72 00 
09 5b 41 10 b4 f0 a7 00 00 01 00 00 00
MGMT
mgmt::auth
authentication: STA=00:06:25:0a:a8:72 auth_alg=0 auth_transaction=1 
status_code=0 wep=0
   New STA
wlan0: STA 00:06:25:0a:a8:72 IEEE 802.11: authentication OK (open system)
wlan0: STA 00:06:25:0a:a8:72 WPA: event 0 notification
authentication reply: STA=00:06:25:0a:a8:72 auth_alg=0 auth_transaction=2 resp=0
Received 30 bytes management frame
RX frame - hexdump(len=30): b2 00 02 01 00 06 25 0a a8 72 00 09 5b 41 10 b4 00 
09 5b 41 10 b4 60 f1 00 00 02 00 00 00
MGMT (TX callback) ACK
mgmt::auth cb
wlan0: STA 00:06:25:0a:a8:72 IEEE 802.11: authenticated
Received 43 bytes management frame
RX frame - hexdump(len=43): 00 00 68 e0 00 09 5b 41 10 b4 00 06 25 0a a8 72 00 
09 5b 41 10 b4 00 a8 01 00 01 00 00 07 64 75 67 74 72 69 6f 01 04 82 84 0b 16
MGMT
mgmt::assoc_req
association request: STA=00:06:25:0a:a8:72 capab_info=0x01 listen_interval=1
   new AID 1
wlan0: STA 00:06:25:0a:a8:72 IEEE 802.11: association OK (aid 1)
Received 36 bytes management frame
RX frame - hexdump(len=36): 12 00 68 e0 00 06 25 0a a8 72 00 09 5b 41 10 b4 00 
09 5b 41 10 b4 70 f1 01 00 00 00 01 c0 01 04 82 84 0b 16
MGMT (TX callback) ACK
mgmt::assoc_resp cb
wlan0: STA 00:06:25:0a:a8:72 IEEE 802.11: associated (aid 1)
wlan0: STA 00:06:25:0a:a8:72 WPA: event 1 notification
wlan0: STA 00:06:25:0a:a8:72 IEEE 802.1X: start authentication
IEEE 802.1X: 00:06:25:0a:a8:72 AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:06:25:0a:a8:72 BE_AUTH entering state INITIALIZE
IEEE 802.1X: 00:06:25:0a:a8:72 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:06:25:0a:a8:72 AUTH_KEY_TX entering state NO_KEY_TRANSMIT
IEEE 802.1X: 00:06:25:0a:a8:72 AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:06:25:0a:a8:72 BE_AUTH entering state IDLE
IEEE 802.1X: 00:06:25:0a:a8:72 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:06:25:0a:a8:72 AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:06:25:0a:a8:72 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:06:25:0a:a8:72 Port Timers TICK (timers: 0 0 3599 0)
IEEE 802.1X: 00:06:25:0a:a8:72 AUTH_PAE entering state DISCONNECTED
wlan0: STA 00:06:25:0a:a8:72 IEEE 802.1X: unauthorizing port

and so on.

Then I start wpa_supplicant on the station, and I get this:

bash-2.05b# ./wpa_supplicant -d -iwlan0 -c/etc/wpa_supplicant.conf
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
eapol_version=1
bind(PF_UNIX): Address already in use
Failed to initialize control interface '/var/run/wpa_supplicant'.
bash-2.05b#

I wasn't expecting that, :(

Is it wrong to start wpa_supplicant after bringing up the hostap station?
I see that there is an option:
   -w = wait for interface to be added, if needed
which implies that it could be started first.

Or is it something else?  I can supply more debug output if it
  would help.

Waiting for your generous assistance ...

-Bob

-- 
Bob Beers
MIEEE 2415966





More information about the Hostap mailing list