EAP-PEAP/MSCHAPv2 with ipw2100

Andrew Pimlott andrew
Wed Jul 6 13:24:22 PDT 2005 

I started to write this email as a problem description, but then I got
wpa_supplicant working!  I'm sending this anyway as documentation, in
case it helps anyone on the list or searching with google.

I'm connecting to a network that, according to the documentation I have
available, uses PEAP with EAP-MSCHAP v2.  My wireless adapter uses the
ipw2100 driver.  My OS is Debian unstable.

The first problem was that that I was getting bizarre error messages,
like

    Authentication with 00:00:00:00:00:00 timed out

no matter what configurating I tried.

It turned out that ipw2100 1.1.0 in Debian unstable needed the patch at

    http://ipw2100.sourceforge.net/#patches
    http://ipw2100.sourceforge.net/patches/ipw2100-1.1.0-wpa_supplicant-0.4.x.patch

With that working, things got easier.  I found the "EAP-PEAP/MSCHAPv2"
section in the example configuration.  First, I had to comment out the
ca_cert parameter, because I don't have a certificate for the server.
Then, I was getting the following error

    Trying to associate with 00:20:a6:51:05:4f (SSID='XXX' freq=0 MHz)
    Associated with 00:20:a6:51:05:4f
    CTRL-EVENT-EAP-STARTED EAP authentication started
    CTRL-EVENT-EAP-METHOD EAP method 25 (PEAP) selected
    EAP-MSCHAPV2: Authentication succeeded
    EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
    CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
    CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys

This looked very promising until the disconnect.  It would have been
nice if the output had explained why it was disconnecting.  It turned
out that I needed to change peaplabel from 1 to 0.  Then it worked!  My
final config is

    network={
            ssid="ADE"
            key_mgmt=WPA-EAP
            eap=PEAP
            identity="XXX"
            password="XXX"
    #       ca_cert="/etc/cert/ca.pem"
            phase1="peaplabel=0"
            phase2="auth=MSCHAPV2"
            priority=10
    }

In general, I would like it if wpa_supplicant (including the
documentation and diagnostics) were a bit more geared towards a user who
doesn't know exactly how his network is configured.  But wpa_supplicant
still seems like an impressive piece of work, so thanks!

Andrew

More information about the Hostap mailing list