802.1x auth with wpa_supp?
Morgan Read
mstuff
Fri Sep 17 01:43:57 PDT 2004
Hi Jouni
Progress!
With that little correction I now seem to be getting though the first
phase of the process?!:-) (See debug below).
But, I'm getting stuck with my private key? I've included what
seemed to be one cycle of the debug below, plus a couple of extra
error examples which are a little different (first).
Here's the command I used to generate the private key; the instructions
I followed are from a v basic howto for xsupplicant at my uni:
<http://www.ece.auckland.ac.nz/%7Etcol036/wireless/wireless.html> -
"openssl genrsa -out client.key 1024"
All help very much appreciated!
Regards,
Morgan.
****************************************
EAP-PEAP: Phase2 type: MSCHAPV2
SSL: Trusted root certificate(s) loaded
SSL: Private key failed verification: error:140CB07C:SSL
routines:SSL_use_PrivateKey_file:bad ssl filetype
SSL - SSL error: error:140A30B1:SSL routines:SSL_check_private_key:no
certificate assigned
EAP-PEAP: Failed to initialize SSL.
###################################
EAP-PEAP: Phase2 type: MSCHAPV2
SSL: Trusted root certificate(s) loaded
SSL: Private key failed verification: error:0B07C065:x509 certificate
routines:X509_STORE_add_cert:cert already in hash table
SSL - SSL error: error:140CB07C:SSL routines:SSL_use_PrivateKey_file:bad
ssl filetype
SSL - SSL error: error:140A30B1:SSL routines:SSL_check_private_key:no
certificate assigned
EAP-PEAP: Failed to initialize SSL.
####################################
Setting scan request: 0 sec 0 usec
Starting AP scan (specific SSID)
Scan SSID - hexdump_ascii(len=3):
75 6f 61 uoa
Wireless event: cmd=0x8b19 len=12
Received 158 bytes of scan results (1 BSSes)
Scan results: 1
Selecting BSS from priority group 0
0: 00:0d:ed:99:37:c0 ssid='uoa' wpa_ie_len=0 rsn_ie_len=0
skip - no WPA/RSN IE
selected non-WPA AP 00:0d:ed:99:37:c0 ssid='uoa'
Trying to associate with 00:0d:ed:99:37:c0 (SSID='uoa' freq=2437 MHz)
Cancelling scan request
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_drop_unencrypted: enabled=1
wpa_driver_hostap_associate
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
Wireless event: cmd=0x8b04 len=12
Wireless event: cmd=0x8b1a len=15
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
RX EAPOL from 00:0d:ed:99:37:c0
EAPOL frame received in disassociated state - dropped
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:0d:ed:99:37:c0
Association event - clear replay counter
Associated to a new BSS: BSSID=00:0d:ed:99:37:c0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
RTM_NEWLINK, IFLA_IFNAME: Interface 'wifi0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
RX EAPOL from 00:0d:ed:99:37:c0
Setting authentication timeout: 10 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=2
EAP: EAP entering state IDENTITY
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=10):
45 43 5c 6d 72 65 61 30 30 35 EC\mrea005
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 46, expecting at least 99
RX EAPOL from 00:0d:ed:99:37:c0
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=25 id=3
EAP: EAP entering state GET_METHOD
EAP-PEAP: Phase2 type: MSCHAPV2
SSL: Trusted root certificate(s) loaded
SSL: Private key failed verification: error:0B07C065:x509 certificate
routines:X509_STORE_add_cert:cert already in hash table
SSL - SSL error: error:140CB07C:SSL routines:SSL_use_PrivateKey_file:bad
ssl filetype
SSL - SSL error: error:140A30B1:SSL routines:SSL_check_private_key:no
certificate assigned
EAP-PEAP: Failed to initialize SSL.
EAP: Failed to initialize EAP method 25
EAP: EAP entering state METHOD
EAP::METHOD - method not selected
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: txSuppRsp - EAP response data not available
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 46, expecting at least 99
Authentication with 00:0d:ed:99:37:c0 timed out.
Setting scan request: 0 sec 0 usec
****************************************
Jouni Malinen wrote:
> On Tue, Sep 07, 2004 at 10:25:30PM +1200, Morgan Read wrote:
>
>
>>Well that was much more exciting! At least to my eyes...
>>
>>I ran as you suggested per the hostap driver (not wext).
>
>
> Yes, indeed, this time the EAPOL negotiation was at least started.
> However, the AP/authentication server did not seem to like the identity
> response from the client.
>
>
>>EAP: Received EAP-Request method=1 id=2
>>EAP: EAP entering state IDENTITY
>>EAP: EAP-Request Identity data - hexdump_ascii(len=0):
>>EAP: using real identity - hexdump_ascii(len=10):
>> 45 43 2f 6d 72 65 61 30 30 35 EC/mrea005
>
>
> Are you sure that is the current username? If "EC" is the domain part,
> that should most likely be EC\mrea005, not EC/mrea005..
>
>
>>Wireless event: cmd=0x8b15 len=20
>>Wireless event: new AP: 00:00:00:00:00:00
>>Setting scan request: 0 sec 100000 usec
>>EAPOL: External notification - portEnabled=0
>>EAPOL: SUPP_PAE entering state DISCONNECTED
>
>
> It looks like the AP disassociated the stations. This could have
> happened, e.g., because the authentication server rejected access to
> EC/mrea005 identity.
>
--
Morgan Read
<mailto:mstuffATplDOTnet>
More information about the Hostap
mailing list