EAP-FAST inner Auth Fails
Jouni Malinen
jkmaline
Fri Dec 8 20:12:55 PST 2006
On Fri, Dec 08, 2006 at 11:36:03AM +0530, ramprasad.rajendran at wipro.com wrote:
>
> The server's log says the following
>
> ==> authReports/rejects_20061208.csv <==
> "2006-12-08","11:29:51","<ANY>","test","EAP-FAST","User name or
> credential incorrect","Inner EAP-FAST authentication
> failed","10.114.2.53"
>
> ==> 20061208.log <==
> 12/08/2006 11:29:51 User test ultimately failed challenge sequence
> 12/08/2006 11:29:51 Sent reject response
SBR is not very helpful with the debug log.. I tried to enable full
debugging and even with that, the server was only saying that inner auth
failed.
After looking at what exactly was being sent in the inner
EAP-Response/Identity, I found a bug in wpa_supplicant. It was using
incorrect EAP identifier in this message (the one from the outer
EAP-Request and SBR happened to be using different identifier in the
inner request and refused to accept the response because of the
mismatch).
This is now fixed in the CVS version of wpa_supplicant (in both 0.5.x
and 0.6.x branches) and the fix is included in the latest snapshots. I
was able to complete EAP-FAST provisioning and authentication against
SBR with this version.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list