Communication between Xsupplicant and Hostap with EAP-MD5

Carlos Peñafiel carpeher
Tue Apr 18 19:04:20 PDT 2006


Hello again,

>>I have a problem trying to configure my network. I am trying to get this
>>
>>Radius<--> HostAp <--> Xsupplicant
>>
>>in order to cipher the communications with EAP-MD5. My problem is between 
>>the HostAp and the Xsupplicant, because if I enable the 802.1X 
>>configuration as true, the HostAp looks like it is not receive anything 
>>(it does not show any messages).
>
>Are you trying to use some form of encryption on this connection? EAP-MD5 
>should not really be used on wireless connections unless it is inside a 
>protected tunnel (e.g., with EAP-TTLS). In addition, EAP-MD5 does not 
>generate keying material, so it cannot be used to generate dynamic WEP 
>keys.

I need to create a network which clients who want to join to the network 
have to use a login and a password. I am using the Hostap because after that 
authentication, the hostap should offer QoS to the client, but this part is 
not matter right now. I just want to explain why I need HostAp (I will have 
to change the source code later).

>>When I run the HostAp with a Windows Client, my Client ask me for a ?WEP? 
>>key. If I insert a 128-bit-key, whatever!!, and I select ?authentication 
>>eap-md5?, and I insert the login and the password, the hostap works 
>>perfectly. Is this a bug?
>
>Working with Windows? No, that's not a bug ;-).

I liked you answer, hehe.


>>But the problem is when I am on Linux (Kernel version 2.6.11-1_FC4), If I 
>>do
>>
>>iwlist ath0 scanning
>>
>>I can see the Hostap with ?key: on?. If I do
>>
>>iwconfig ath0 essid myESSID
>>
>>I can do the association, but I can not work yet. But when I do
>>
>>iwconfig ath0 key my-invented-key
>>
>>the hostap sends a lot of messages like
>
>I'm not really following the configuration you are trying to use.. Are you 
>trying to use dynamic WEP keys with IEEE 802.1X? If yes, you will need to 
>use another EAP method than plain EAP-MD5. If not, please give more details 
>of what exactly you are trying to do.


I am sorry for that.I will try to be clearer. I just want to make a network 
which each client who wants to join the network has to enter a login and a 
password. After that authentication, the AP (the hostap) will offer a QoS, 
depending on the client.

I have tryed two configurations: one of them, with the attribute 
"ieee8021X=1" and the radius client configuration. The other one is with the 
attribute "ieee8021X=0"  and the radius client configuration.

If I do "ieee8021X=0", hostap clients cannot log in to the network, beacuse 
the radius server does not receive the login and the password. I do not know 
why!!,

If I do "ieee8021X=1", (only this change in all the network), the wireless 
connection looks like a secure network, and it is when I see "key: on" when 
I do the "iwlist scanning", but I did not set up any key!!!, really, I dont 
want to have one!.

I suppose if I am using a EAP-MD5, it is 802.1X, right? So, I have to put 
"ieee8021X=1" in my configuration file (for hostapd). But, if I do that, 
when I do "iwlist scanning", I will see the wireless connection with a "key: 
on".

But, If I have to use ieee802.1X=0 on the configuration file (for hostapd), 
the hostapd cannot send the authentication information to my radius server.

But, the most amazing thing is that with the intel software for windows for 
my ipw2200, doing the thing that I told you before, I can authenticate. For 
this reason I know the radius server is ok.

So, what I have to do? how can I solve my problem?

Thank you a lot for your time.






More information about the Hostap mailing list