hostapd 1.3.5, madwifi, internal EAP-PEAP/MSCHAPv2 w/ WinXP supplicant
Jouni Malinen
jkmaline
Sun Feb 6 15:48:17 PST 2005
On Sun, Feb 06, 2005 at 01:57:32PM -0800, Coert Vonk wrote:
> Thanks for the reply. Attached are the configuration files and log.
> Sorry for the delay. My initial reply bounced because the email
> exceeded 25kB. This time the log file is compressed (use gunzip to
> uncompress).
Thanks.
It looks like you have configured the phase 2 authentication to use MD5,
but the Windows XP supplicant does not support this. Please re-test
after replacing MD5 with MSCHAPV2 in hostapd.eap_user.
In hostapd log, you can see this failure in negotiation for phase 2 EAP
method:
hostapd tries MD5:
EAP-Identity: Peer identity - hexdump_ascii(len=15):
43 52 4f 58 5c 43 6f 65 72 74 20 56 6f 6e 6b CROX\Coert Vonk
EAP-PEAP: PHASE2_ID -> PHASE2_METHOD
EAP-PEAP: try EAP type 4
client does not support it, asks for MSCHAPv2:
EAP-PEAP: received Phase 2: code=2 identifier=108 length=6
EAP-PEAP: Phase2 type Nak'ed; allowed types - hexdump(len=1): 1a
EAP: processing NAK (current EAP method index 1)
hostapd was configured not to allow MSCHAPv2 so it rejects
authentication (not very clear from the debug log, but that is what is
happening here):
EAP: list of methods supported by the peer - hexdump(len=1): 1a
EAP: new list of configured methods - hexdump(len=8): 04 00 00 00 00 00 00 00
EAP-PEAP: PHASE2_METHOD -> PHASE2_TLV
client acknowledges this:
EAP-TLV: Result TLV - hexdump(len=2): 00 02
EAP-TLV: TLV Result - Failure - requested Failure
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list