EAP-TLS hostapd, wpa_supplicant 0.4.1 and atheros 5212 card fails

Jouni Malinen jkmaline
Mon Jun 20 18:41:27 PDT 2005 

On Mon, Jun 20, 2005 at 08:46:15PM -0300, Beat Meier wrote:

> I'm having trouble with EAP-TLS and hostapd, wpa_supplicant 0.4.1 and 
> atheros 5212 card.
> I have the message "IE in 3/4 msg does not match with IE in 
> Beacon/ProbeResp" and they
> are really not the same ;-)

> I use freeradius-1.0.3 server which seems to authenticate us (see below).
> Whats the deal with the phase2? This is not used in EAP-TLS, is it?

I don't know what you are refering to with "phase2" in this context. If
you mean phase 2 of the EAP authentication, then you are correct about
it not being used with EAP-TLS. However, the WPA handshake is still
supposed to haopen after EAP-TLS.

> It would be nice if there is a "message help catalog" for every method 
> (WPA-PSK, EAP-TLS etc.)
> with the essential messages in the steps so users know until which step 
> it was right.

This could be useful, but..

> so users don't have to send always the "full" log

.. this is not what I would like to see. It is very helpful to have
access to full debug logs without having to waste time trying to request
them separately in cases where the information provided in the first
message was not enough to determine the reason.

> Jun 20 20:15:51.364901: WPA: RSN IE in Beacon/ProbeResp - 
> hexdump(len=24): *30 16 01 00 00 0f ac 02 02 00 00 0f ac 04 00 0f ac 02 
> 01 00 00 0f ac 01*
> Jun 20 20:15:51.366089: WPA: RSN IE in 3/4 msg - 
> hexdump(len=26):                       *30 18 01 00 00 0f ac 02 02 00 00 
> 0f ac 04 00 0f ac 02 01 00 00 0f ac 01 00 00*

madwifi driver does not implement a mechanism for synchronizing WPA/RSN
IEs with hostapd and this can trigger the error you are seeing. This
should really finally be fixed by providing such mechanism.. So far, the
workaround has been in trying to make madwifi driver do whatever hostapd
generates as the IE, but not all versions of the driver do this. Which
version are you using here?

-- 
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list