eap-tls, hostapd with XP client and linux client

[Jouni Malinen]

On Tue, May 25, 2004 at 05:25:36PM +0200, Ulf Jakobsson wrote:

> I have successfully authenticated a linux client (xsupplicant) with an
> ap running hostapd 0.2.1 that talks to a radius server ( FreeRADIUS
> 0.9.3 debian/unstable) with eap-tls.
> 
> I have also successfully authenticated an win XP client, but after some
> 30-60 seconds the win XP client seems to send a new request and the
> radius server accepts, then the radius server starts to clean up
> requests and the win XP client drops its connection and I need to
> "Connect" the client again.

What kind of certificate are you using in the authentication server? To
be more exact, does it include server authentication as one of the
options?

> Has anyone a clue whats going on?

I would assume that the IEEE 802.1X Supplicant in WinXP did not like
something about the connection. Either, it did not receive expected
keying material for WEP keys or something timed out in the
authentication. Probably the easiest way of debugging this would be to
enable EAPOL tracing in the Supplicant and go through the debug log.

You will need to set EnableFileTracing to 1 in WinXP registry
My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EAPOL

The log file will be written to %windir\tracing\eapol.log

If you cannot find out reason for the failure from the debug log, you
can send me the eapol.log file, preferably with a matching hostapd debug
log from the same attempt.

-- 
Jouni Malinen                                            PGP id EFC895FA