EAP-FAST inner Auth Fails

Jouni Malinen jkmaline
Thu Dec 7 19:18:39 PST 2006

On Thu, Dec 07, 2006 at 03:28:04PM +0530, ramprasad.rajendran at wipro.com wrote:

> I am using wpa_supplicant-0.5.5 and hostapd as the authenticator and I
> am testing over a wired interface. 
> The radius server that I'm using is Steel Belted Radius
> I had commented out code related to certificate processing to reduce on
> the size.

I've never tested EAP-FAST with SBR, so I don't know what to expect from

Which TLS library are you using? Patched OpenSSL?

> As soon as Phase1 suceeds, in phase 2, the Radius server requests for
> identity, without using any inner authentication.
> Is this correct? I guess an inner authentication method should start as
> part of phase 2
> Attached alongwith is the output and my configuration file

Could you please send a debug log that shows the full EAP-FAST
authentication? The one attached to the message did not include any EAP
processing, not even the identity request.

Have you configured the RADIUS server to use EAP-FAST for the user that
you configured as the 'identity' in wpa_supplicant configuration? Are
you trying to use in-band provisioning first or has that already been
taken care of? I would suggest removing phase2 option for the initial
test because there are some limits on which EAP method can be used in
the tunneled phase 2.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list