hostapd 1.3.5, madwifi, internal EAP-PEAP/MSCHAPv2 w/ WinXP supplicant
Coert Vonk
coert.vonk
Mon Feb 7 07:40:15 PST 2005
Of cause, the WEP rekeying is not needed.
I said "PC-name" because the client is not connected to a domain. It
used the hostname as the domain name.
It was using the user/passwd used to signin to XP. That passwd was
not set. Correcting this got me to the point where the connection
comes up. It only stays up for a few seconds though, before it
reauthenticates. Looking at the traces, I see these messenges that
might be related:
SSL: SSL_accept:error in SSLv3 read client certificate A
I used the same certificates that I use for IPsec. This describes how
I generated them:
http://www.cybcon.com/~coert/linux/wrap/ch-ipsec.html#s2-ipsec-ca-winxp
Thanks again
Coert
On Sun, 6 Feb 2005 22:46:34 -0800, Jouni Malinen <jkmaline at cc.hut.fi> wrote:
> On Sun, Feb 06, 2005 at 09:39:54PM -0800, Coert Vonk wrote:
>
> > It now appears to disagree during MSCHAPV2
>
> Invalid NT-Response usually means that the peer and the authenticator
> did not agree on the password..
>
> > I included the updated config and users file. Sometimes it appears to
> > be looking for the username without the PC name, and other times it
> > includes the PC name. I added both to the users file to be sure.
>
> Do you mean domain name with "PC name"? How did you enter the user
> name/domain/password? Manually into a dialog box during authentication
> or using the same user name and password that was used to login into
> Windows (single sign-on)? You can configure this in the authentication
> tab and details for MSCHAPv2 (e.g., whether to try to authenticate as
> host, etc.).
>
> PS.
>
> You seem to have both WEP keys and TKIP/CCMP configured in
> hostapd.conf. If you are using WPA with TKIP/CCMP, you should not
> configure wep_key_len_broadcast, wep_key_len_unicast, or
> wep_rekey_period.
>
> --
> Jouni Malinen PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hostapd.conf
Type: application/octet-stream
Size: 570 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050207/ba761ca6/attachment.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hostapd.eap_user
Type: application/octet-stream
Size: 124 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050207/ba761ca6/attachment-0001.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: log.gz
Type: application/x-gzip
Size: 12822 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050207/ba761ca6/attachment.bin
More information about the Hostap
mailing list