hostapd on FreeBSD + EAP-TLS + WindowsXP/SP2 -- problems.

Lev A. Serebryakov lev
Thu May 11 05:04:30 PDT 2006 

   I'm trying to build AP on FreeBSD 6 box with hostapd go WinXP/SP2 
clients. My driver is `bsd', version of hostapd - 0.4.8, network card is 
Atherso 5212-based (D-Link DWL-G520, rev. B3).

   First of all, I've tried to setup WPA-PSK. It works fine with 
simplest config:

====
interface=ath0
driver=bsd
logger_syslog=-1
logger_syslog_level=0
logger_stdout=63
logger_stdout_level=0
debug=4
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=MY-SSID-HERE
wpa=1
wpa_passphrase=MY-PASS-HERE
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP TKIP
====

   But EAP-TLS doesn't work at all. I've generated certificates as 
described in "HOWTO: WAP/TLS Setup fot FreeRADIUS and Windws XP 
Supplicant", I didn't forgot about special EKU in these certificates. 
I've installed CA certificate and client certificate to WindowsXP. I 
want to use computer authentication, not user one, so my `commonName' is 
equal to FQDN of client computer. I even add altSubjName to 
certificates, as described in MS' documentation ("Enterprise Deployment 
of IEEE 802.11 Using Windows XP and Windows 2000 Internet Authentication 
Service")

   Config for hostapd is:
====
interface=ath0
driver=bsd
logger_syslog=-1
logger_syslog_level=0
logger_stdout=63
logger_stdout_level=0
debug=4
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=MY-SSID-HERE
ieee8021x=1
own_ip_addr=127.0.0.1
auth_server_addr=127.0.0.1
auth_server_port=1812
auth_server_shared_secret=MY-RADIUS-PASS-HERE
wpa=2
wpa_key_mgmt=WPA-EAP
wpa_pairwise=CCMP TKIP
====

   But after all these settings, `hostapd -dd' doesn't show any packets 
from client!

   And WindowsXP/SP2 shows "Wait for network..." progress bar for about 
3 minutes and fails to connect!

   I'm repeating: hostapd doesn't see even `Association' event, so it is 
not problem with RADIUS (FreeRADIUS in my case) or with certificate 
validation :(

   May be, here is any way to enable debug output (log file?) on Windows 
XP? Or maybe, it is well-known problem?

-- 
// Lev Serebryakov

More information about the Hostap mailing list