hostapd 1.3.5, madwifi, internal EAP-PEAP/MSCHAPv2 w/ WinXP supplicant

Jouni Malinen jkmaline
Sun Feb 6 15:48:17 PST 2005

On Sun, Feb 06, 2005 at 01:57:32PM -0800, Coert Vonk wrote:

> Thanks for the reply.  Attached are the configuration files and log. 
> Sorry for the delay.  My initial reply bounced because the email
> exceeded 25kB.  This time the log file is compressed (use gunzip to
> uncompress).


It looks like you have configured the phase 2 authentication to use MD5,
but the Windows XP supplicant does not support this. Please re-test
after replacing MD5 with MSCHAPV2 in hostapd.eap_user.

In hostapd log, you can see this failure in negotiation for phase 2 EAP

hostapd tries MD5:

EAP-Identity: Peer identity - hexdump_ascii(len=15):
     43 52 4f 58 5c 43 6f 65 72 74 20 56 6f 6e 6b      CROX\Coert Vonk
EAP-PEAP: try EAP type 4

client does not support it, asks for MSCHAPv2:

EAP-PEAP: received Phase 2: code=2 identifier=108 length=6
EAP-PEAP: Phase2 type Nak'ed; allowed types - hexdump(len=1): 1a
EAP: processing NAK (current EAP method index 1)

hostapd was configured not to allow MSCHAPv2 so it rejects
authentication (not very clear from the debug log, but that is what is
happening here):

EAP: list of methods supported by the peer - hexdump(len=1): 1a
EAP: new list of configured methods - hexdump(len=8): 04 00 00 00 00 00 00 00

client acknowledges this:

EAP-TLV: Result TLV - hexdump(len=2): 00 02
EAP-TLV: TLV Result - Failure - requested Failure

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list