802.1x auth with wpa_supp?

Morgan Read mstuff
Fri Sep 17 01:43:09 PDT 2004


Hi Jouni
Progress!

With that little correction I now seem to be getting though the first
phase of the process?!:-)  (See debug below).

But, I'm getting stuck with my private key?  I've included what
seemed to be one cycle of the debug below, plus a couple of extra
error examples which are a little different (first).

Here's the command I used to generate the private key; the instructions 
I followed are from a v basic howto for xsupplicant at my uni:
<http://www.ece.auckland.ac.nz/%7Etcol036/wireless/wireless.html> -

"openssl genrsa -out client.key 1024"

All help very much appreciated!
Regards,
Morgan.

****************************************
EAP-PEAP: Phase2 type: MSCHAPV2
SSL: Trusted root certificate(s) loaded
SSL: Private key failed verification: error:140CB07C:SSL
routines:SSL_use_PrivateKey_file:bad ssl filetype
SSL - SSL error: error:140A30B1:SSL routines:SSL_check_private_key:no
certificate assigned
EAP-PEAP: Failed to initialize SSL.

###################################

EAP-PEAP: Phase2 type: MSCHAPV2
SSL: Trusted root certificate(s) loaded
SSL: Private key failed verification: error:0B07C065:x509 certificate
routines:X509_STORE_add_cert:cert already in hash table
SSL - SSL error: error:140CB07C:SSL routines:SSL_use_PrivateKey_file:bad
ssl filetype
SSL - SSL error: error:140A30B1:SSL routines:SSL_check_private_key:no
certificate assigned
EAP-PEAP: Failed to initialize SSL.

####################################

Setting scan request: 0 sec 0 usec
Starting AP scan (specific SSID)
Scan SSID - hexdump_ascii(len=3):
      75 6f 61                                          uoa
Wireless event: cmd=0x8b19 len=12
Received 158 bytes of scan results (1 BSSes)
Scan results: 1
Selecting BSS from priority group 0
0: 00:0d:ed:99:37:c0 ssid='uoa' wpa_ie_len=0 rsn_ie_len=0
    skip - no WPA/RSN IE
    selected non-WPA AP 00:0d:ed:99:37:c0 ssid='uoa'
Trying to associate with 00:0d:ed:99:37:c0 (SSID='uoa' freq=2437 MHz)
Cancelling scan request
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_drop_unencrypted: enabled=1
wpa_driver_hostap_associate
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
Wireless event: cmd=0x8b04 len=12
Wireless event: cmd=0x8b1a len=15
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
RX EAPOL from 00:0d:ed:99:37:c0
EAPOL frame received in disassociated state - dropped
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:0d:ed:99:37:c0
Association event - clear replay counter
Associated to a new BSS: BSSID=00:0d:ed:99:37:c0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
RTM_NEWLINK, IFLA_IFNAME: Interface 'wifi0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
RX EAPOL from 00:0d:ed:99:37:c0
Setting authentication timeout: 10 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=2
EAP: EAP entering state IDENTITY
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=10):
      45 43 5c 6d 72 65 61 30 30 35                     EC\mrea005
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 46, expecting at least 99
RX EAPOL from 00:0d:ed:99:37:c0
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=25 id=3
EAP: EAP entering state GET_METHOD
EAP-PEAP: Phase2 type: MSCHAPV2
SSL: Trusted root certificate(s) loaded
SSL: Private key failed verification: error:0B07C065:x509 certificate
routines:X509_STORE_add_cert:cert already in hash table
SSL - SSL error: error:140CB07C:SSL routines:SSL_use_PrivateKey_file:bad
ssl filetype
SSL - SSL error: error:140A30B1:SSL routines:SSL_check_private_key:no
certificate assigned
EAP-PEAP: Failed to initialize SSL.
EAP: Failed to initialize EAP method 25
EAP: EAP entering state METHOD
EAP::METHOD - method not selected
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: txSuppRsp - EAP response data not available
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 46, expecting at least 99
Authentication with 00:0d:ed:99:37:c0 timed out.
Setting scan request: 0 sec 0 usec
****************************************

Jouni Malinen wrote:
> On Tue, Sep 07, 2004 at 10:25:30PM +1200, Morgan Read wrote:
> 
> 
>>Well that was much more exciting!  At least to my eyes...
>>
>>I ran as you suggested per the hostap driver (not wext).
> 
> 
> Yes, indeed, this time the EAPOL negotiation was at least started.
> However, the AP/authentication server did not seem to like the identity
> response from the client.
> 
> 
>>EAP: Received EAP-Request method=1 id=2
>>EAP: EAP entering state IDENTITY
>>EAP: EAP-Request Identity data - hexdump_ascii(len=0):
>>EAP: using real identity - hexdump_ascii(len=10):
>>     45 43 2f 6d 72 65 61 30 30 35                     EC/mrea005
> 
> 
> Are you sure that is the current username? If "EC" is the domain part,
> that should most likely be EC\mrea005, not EC/mrea005.. 
> 
> 
>>Wireless event: cmd=0x8b15 len=20
>>Wireless event: new AP: 00:00:00:00:00:00
>>Setting scan request: 0 sec 100000 usec
>>EAPOL: External notification - portEnabled=0
>>EAPOL: SUPP_PAE entering state DISCONNECTED
> 
> 
> It looks like the AP disassociated the stations. This could have
> happened, e.g., because the authentication server rejected access to
> EC/mrea005 identity.
> 

-- 
Morgan Read
<mailto:mstuffATplDOTnet>







More information about the Hostap mailing list