madwifi WPA/EAP/TTLS/PAP
Wolfgang Schnerring
wosc
Wed Apr 26 09:00:48 PDT 2006
Hello!
WPA/EAP/TTLS/PAP - this letter soup is what my university requires
people to use when they want WLAN. But they have a sample
configuration for wpa_supplicant to go with it. It looks like this:
[/etc/wpa_supplicant.conf]
------------------------------------------------------------
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=1
network={
ssid="802.1X"
proto=WPA WPA2
key_mgmt=WPA-EAP
pairwise=TKIP CCMP
group=TKIP CCMP
eap=TTLS
anonymous_identity="anonymous at uni-jena.de"
identity="myusername at uni-jena.de"
password="MYPASSWORD"
ca_cert="/etc/ssl/certs/fsu-cacert.pem"
phase2="auth=PAP"
}
------------------------------------------------------------
I'm running Debian with the madwifi driver compiled from CVS snapshots
(read: more or less from yesterday) provided by ftp://debian.marlow.dk/ and
wpa_supplicant v0.4.8 which I've compiled myself using the headers of
the madwifi-source (according to various reccomendations).
The long and short of it: It doesn't work, and I can't make any sense
of the debugging output which I've attached below -- everything seems
mighty fine, but all of a sudden it says "EAP: Received EAP-Failure"
and that's it.
Can somebody enlighten me what's going on here and how I could go
about solving this?
Thank you very much,
Wolfgang
nautis:~# wpa_supplicant -d -w -iath0 -Dmadwifi -c /etc/wpa_supplicant.conf
Initializing interface 'ath0' conf '/etc/wpa_supplicant.conf' driver 'madwifi' ctrl_interface 'N/A'
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1
Priority group 0
id=0 ssid='802.1X'
Initializing interface (2) 'ath0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
SIOCGIWRANGE: WE(compiled)=19 WE(source)=13 enc_capa=0xf
capabilities: key_mgmt 0xf enc 0xf
Own MAC address: 00:05:4e:44:f7:fc
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_set_countermeasures: enabled=0
wpa_driver_madwifi_set_drop_unencrypted: enabled=1
Setting scan request: 0 sec 100000 usec
Added interface ath0
Wireless event: cmd=0x8b06 len=8
Ignore event for foreign ifindex 3
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Wireless event: cmd=0x8b1a len=8
Wireless event: cmd=0x8b19 len=8
Received 1747 bytes of scan results (5 BSSes)
Scan results: 5
Selecting BSS from priority group 0
0: 00:12:da:9e:5c:b0 ssid='802.1X' wpa_ie_len=26 rsn_ie_len=22 caps=0x11
selected based on RSN IE
Trying to associate with 00:12:da:9e:5c:b0 (SSID='802.1X' freq=2412 MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
RSN: using IEEE 802.11i/D9.0
WPA: Selected cipher suites: group 8 pairwise 16 key_mgmt 1
WPA: set AP WPA IE - hexdump(len=26): dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 28 00
WPA: set AP RSN IE - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 01 28 00
WPA: using GTK TKIP
WPA: using PTK CCMP
WPA: using KEY_MGMT 802.1X
WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00
No keys have been configured - skip key clearing
wpa_driver_madwifi_set_drop_unencrypted: enabled=1
State: SCANNING -> ASSOCIATING
wpa_driver_madwifi_associate
ioctl[unknown???]: Invalid argument
Association request to the driver failed
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - portControl=Auto
RSN: Ignored PMKID candidate without preauth flag
RSN: Ignored PMKID candidate without preauth flag
Wireless event: cmd=0x8b1a len=15
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:12:da:9e:5c:b0
State: ASSOCIATING -> ASSOCIATED
Associated to a new BSS: BSSID=00:12:da:9e:5c:b0
No keys have been configured - skip key clearing
Associated with 00:12:da:9e:5c:b0
WPA: Association event - clear replay counter
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
RX EAPOL from 00:12:da:9e:5c:b0
Setting authentication timeout: 70 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=1
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=46):
00 6e 65 74 77 6f 72 6b 69 64 3d 38 30 32 2e 31 _networkid=802.1
58 2c 6e 61 73 69 64 3d 66 73 75 6a 2d 61 70 31 X,nasid=fsuj-ap1
32 30 30 2d 34 2c 70 6f 72 74 69 64 3d 30 200-4,portid=0
EAP: using anonymous identity - hexdump_ascii(len=21):
61 6e 6f 6e 79 6d 6f 75 73 40 75 6e 69 2d 6a 65 anonymous at uni-je
6e 61 2e 64 65 na.de
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:12:da:9e:5c:b0
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=21 id=2
EAP: EAP entering state GET_METHOD
EAP: initialize selected EAP method (21, TTLS)
EAP-TTLS: Phase2 type: PAP
TLS: Trusted root certificate(s) loaded
CTRL-EVENT-EAP-METHOD EAP method 21 (TTLS) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-TTLS: Start
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 101 bytes pending from ssl_out
SSL: 101 bytes left to be sent out (of total 101 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:12:da:9e:5c:b0
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=21 id=3
EAP: EAP entering state METHOD
SSL: Received packet(len=1034) - Flags 0xc0
SSL: TLS Message Length: 2604
SSL: Need 1580 bytes more input data
SSL: Building ACK
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:12:da:9e:5c:b0
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=21 id=4
EAP: EAP entering state METHOD
SSL: Received packet(len=1034) - Flags 0xc0
SSL: TLS Message Length: 2604
SSL: Need 556 bytes more input data
SSL: Building ACK
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:12:da:9e:5c:b0
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=21 id=5
EAP: EAP entering state METHOD
SSL: Received packet(len=566) - Flags 0x80
SSL: TLS Message Length: 2604
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server hello A
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=1 buf='/C=DE/O=University Jena/OU=Computer Center/CN=Security Office/emailAddress=security at uni-jena.de'
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=0 buf='/C=DE/O=University Jena/OU=Computer Center/CN=RADIUS/802.1X'
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server certificate A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server key exchange A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server done A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client key exchange A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write change cipher spec A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write finished A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 flush data
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read finished A
SSL: SSL_connect - want more data
SSL: 134 bytes pending from ssl_out
SSL: 134 bytes left to be sent out (of total 134 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:12:da:9e:5c:b0
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=21 id=6
EAP: EAP entering state METHOD
SSL: Received packet(len=69) - Flags 0x80
SSL: TLS Message Length: 59
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read finished A
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 0 bytes pending from ssl_out
SSL: No data to be sent out
EAP-TTLS: TLS done, proceed to Phase 2
EAP-TTLS: Derived key - hexdump(len=64): [REMOVED]
EAP-TTLS: received 0 bytes encrypted data for Phase 2
EAP-TTLS: empty data in beginning of Phase 2 - use fake EAP-Request Identity
EAP-TTLS: Phase 2 PAP Request
EAP-TTLS: Encrypting Phase 2 data - hexdump(len=52): [REMOVED]
EAP-TTLS: Authentication completed successfully
EAP: method process -> ignore=FALSE methodState=DONE decision=COND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: startWhen --> 0
RX EAPOL from 00:12:da:9e:5c:b0
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_BE entering state IDLE
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
Setting scan request: 0 sec 100000 usec
Added BSSID 00:12:da:9e:5c:b0 into blacklist
State: ASSOCIATED -> DISCONNECTED
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_del_key: keyidx=0
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Wireless event: cmd=0x8b1a len=8
CTRL-EVENT-TERMINATING - signal 2 received
Removing interface ath0
State: SCANNING -> DISCONNECTED
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_madwifi_set_drop_unencrypted: enabled=0
wpa_driver_madwifi_set_countermeasures: enabled=0
No keys have been configured - skip key clearing
EAP: deinitialize previously used EAP method (21, TTLS) at EAP deinit
ENGINE: engine deinit
Removed BSSID 00:12:da:9e:5c:b0 from blacklist (clear)
Cancelling scan request
^C
More information about the Hostap
mailing list