EAP-FAST inner Auth Fails

Jouni Malinen jkmaline
Fri Dec 8 20:12:55 PST 2006

On Fri, Dec 08, 2006 at 11:36:03AM +0530, ramprasad.rajendran at wipro.com wrote:
> The server's log says the following
> ==> authReports/rejects_20061208.csv <==
> "2006-12-08","11:29:51","<ANY>","test","EAP-FAST","User name or
> credential incorrect","Inner EAP-FAST authentication
> failed",""
> ==> 20061208.log <==
> 12/08/2006 11:29:51 User test ultimately failed challenge sequence
> 12/08/2006 11:29:51 Sent reject response

SBR is not very helpful with the debug log.. I tried to enable full
debugging and even with that, the server was only saying that inner auth

After looking at what exactly was being sent in the inner
EAP-Response/Identity, I found a bug in wpa_supplicant. It was using
incorrect EAP identifier in this message (the one from the outer
EAP-Request and SBR happened to be using different identifier in the
inner request and refused to accept the response because of the

This is now fixed in the CVS version of wpa_supplicant (in both 0.5.x
and 0.6.x branches) and the fix is included in the latest snapshots. I
was able to complete EAP-FAST provisioning and authentication against
SBR with this version.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list