Hostapd and Wpa_supplicant in WPA2 EAP-TLS mode?
hareesh.khattri at ndsu.edu
hareesh.khattri
Mon Apr 4 16:06:37 PDT 2005
hi
I am trying to get the hostapd and WPA_supplicant to work with WPA2
authentication with EAP.
I have them running with 802.1x authentication with EAP-TLS.
My wpa_supplicant configuration is
network={
ssid="test"
proto=RSN
key_mgmt=WPA-EAP IEEE8021X
pairwise=CCMP TKIP
group=CCMP TKIP WEP104
eap=TLS
identity="client at example.com"
ca_cert="/etc/certs/CRYPTO.pem"
client_cert="/etc/certs/clientCA-cert.pem"
private_key="/etc/certs/clientCA-key.pem"
private_key_passwd="secretpassword"
eapol_flags=3
priority=1
}
And the hostapd configuration:
interface=wlan0
logger_syslog=-1
logger_syslog_level=-1
logger_stdout=-1
logger_stdout_level=-1
debug=2
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=test
macaddr_acl=0
accept_mac_file=/etc/hostapd.accept
deny_mac_file=/etc/hostapd.deny
ieee8021x=1
own_ip_addr=198.134.129.104
nas_identifier=client.example.com
# RADIUS authentication server
auth_server_addr=198.134.129.204
auth_server_port=1812
auth_server_shared_secret=secret
# RADIUS accounting server
acct_server_addr=198.134.129.204
acct_server_port=1813
acct_server_shared_secret=secret
wpa=1
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP CCMP
wpa_group_rekey=300
wpa_gmk_rekey=6400
>From the readme files and some other mails in the list I gather this is
the correct configuration for WPA2 with EAP-TLS.
The access point gets the association request from the supplicant but
does not respond as it does not detect it to be WPA/RSN capable.
The hostapd log:
Wireless event: cmd=0x8c00 len=20
wlan0: WPA rekeying GTK
WPA: group state machine entering state SETKEYS
GMK - hexdump(len=32): ca 0a bd 7b 85 6c 4b 90 b7 ef 60 5e bd 37 37 bb 5d
6c 489GTK - hexdump(len=32): df 7d ed 1f 65 cb 20 47 68 e5 e4 0a 36 ed 0e
6a b7 36 465WPA: group state machine entering state SETKEYSDONE
Received 30 bytes management frame
MGMT
mgmt::auth
authentication: STA=00:0d:88:70:78:ec auth_alg=0 auth_transaction=1
status_code0 New STA
wlan0: STA 00:0d:88:70:78:ec IEEE 802.11: authentication OK (open system)
wlan0: STA 00:0d:88:70:78:ec WPA: event 0 notification
authentication reply: STA=00:0d:88:70:78:ec auth_alg=0 auth_transaction=2
resp=0Received 30 bytes management frame
MGMT (TX callback) ACK
mgmt::auth cb
wlan0: STA 00:0d:88:70:78:ec IEEE 802.11: authenticated
Received 62 bytes management frame
MGMT
mgmt::assoc_req
association request: STA=00:0d:88:70:78:ec capab_info=0x11 listen_interval=10
STA 00:0d:88:70:78:ec: No WPA/RSN IE in association request
Received 36 bytes management frame
MGMT (TX callback) ACK
mgmt::assoc_resp cb
Received 30 bytes management frame
MGMT
mgmt::auth
authentication: STA=00:0d:88:70:78:ec auth_alg=0 auth_transaction=1
status_code0wlan0: STA 00:0d:88:70:78:ec IEEE 802.11: authentication OK
(open system)
wlan0: STA 00:0d:88:70:78:ec WPA: event 0 notification
authentication reply: STA=00:0d:88:70:78:ec auth_alg=0 auth_transaction=2
resp=0Received 30 bytes management frame
MGMT (TX callback) ACK
mgmt::auth cb
wlan0: STA 00:0d:88:70:78:ec IEEE 802.11: authenticated
Received 62 bytes management frame
MGMT
mgmt::assoc_req
The wpa_supplicant log:
Initializing interface 'wlan0' conf '/etc/wpa_supplicant.conf' driver
'default'
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1
Priority group 1
id=0 ssid='test'
Initializing interface (2) 'wlan0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Own MAC address: 00:0d:88:70:78:ec
wpa_driver_hostap_set_wpa: enabled=1
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_countermeasures: enabled=0
wpa_driver_hostap_set_drop_unencrypted: enabled=1
Setting scan request: 0 sec 100000 usec
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK, IFLA_IFNAME: Interface 'wifi0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
Added BSSID 00:00:00:00:00:00 into blacklist
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
Starting AP scan (broadcast SSID)
Wireless event: cmd=0x8b19 len=12
Received 938 bytes of scan results (5 BSSes)
Scan results: 5
Selecting BSS from priority group 1
0: 00:02:6f:37:26:b6 ssid='test' wpa_ie_len=0 rsn_ie_len=0
skip - no WPA/RSN IE
1: 00:09:5b:96:11:ea ssid='NDSU-ECE' wpa_ie_len=0 rsn_ie_len=0
skip - no WPA/RSN IE
2: 00:09:5b:95:e6:6e ssid='NDSU-ECE' wpa_ie_len=0 rsn_ie_len=0
skip - no WPA/RSN IE
3: 00:09:5b:96:13:e0 ssid='NDSU-ECE' wpa_ie_len=0 rsn_ie_len=0
skip - no WPA/RSN IE
4: 00:09:5b:96:12:22 ssid='NETGEAR' wpa_ie_len=0 rsn_ie_len=0
skip - no WPA/RSN IE
selected non-WPA AP 00:02:6f:37:26:b6 ssid='test'
Trying to associate with 00:02:6f:37:26:b6 (SSID='test' freq=2422 MHz)
Cancelling scan request
Automatic auth_alg selection: 0x1
WPA: Set cipher suites based on configuration
WPA: Selected cipher suites: group 28 pairwise 24 key_mgmt 9
WPA: using GTK CCMP
WPA: using PTK CCMP
WPA: using KEY_MGMT 802.1X
WPA: Own WPA IE - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac
04 01
00 00 0f ac 01 00 00
No keys have been configured - skip key clearing
wpa_driver_hostap_set_drop_unencrypted: enabled=1
wpa_driver_hostap_associate
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
Wireless event: cmd=0x8b06 len=8
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
Wireless event: cmd=0x8b04 len=12
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
Wireless event: cmd=0x8b1a len=17
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
Could someone point to me what is going wrong with the authentication. And
why the supplicant does not include RSN capability in its association
request.
Thanks
Hareesh
More information about the Hostap
mailing list