EAP-TLS: Linux wpa_supplicant does not work for wired network
Shangguan, Xuan FXSGSC
Xuan.Shangguan
Wed Apr 8 03:37:13 PDT 2009
Hi:
The testing enviornment:
------------------------
Server: FreeRadious.net V1.1.7.
Certs: created via openssl-0.9.8i
Clients: a linux client (wpa_supplicant) and a XP client
Testing results:
----------------
MD5 is workable from both the XP and Linux clients.
TLS (using the same batch certs) is only workable from the XP client.
Server config:
--------------
<<eap.conf>>
------------
default_eap_type = tls
tls {
private_key_password = whatever
private_key_file = /etc/mycerts/srv_cert.pem
certificate_file = /etc/mycerts/srv_cert.pem
}
Wpa_supplicant config:
----------------------
1. command: wpa_suppliicant -ieth0 -c/etc/wpa_supplicant/xuan/wpa_supplicant_tls.c onf -Dwired -dd
2. <<wpa_supplicant_tls.conf>>
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
ap_scan=0
fast_reauth=0
network={
ssid="test"
key_mgmt=IEEE8021X
eap=TLS
identity="clt_cert"
ca_cert="/etc/wpa_supplicant/xuan/root.pem"
client_cert="/etc/wpa_supplicant/xuan/clt_cert.pem"
private_key="/etc/wpa_supplicant/xuan/clt_cert.pem"
private_key_passwd="whatever"
eapol_flags=0
}
Some Error Trace:
----------------
Initializing interface 'eth0' conf '/etc/wpa_supplicant/xuan/wpa_supplicant_tls.conf' driver 'wired' ctrl_interface 'N/A'
Configuration file '/etc/wpa_supplicant/xuan/wpa_supplicant_tls.conf' -> '/etc/wpa_supplicant/xuan/wpa_supplicant_tls.conf'
Reading configuration file '/etc/wpa_supplicant/xuan/wpa_supplicant_tls.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group=0
ap_scan=0
fast_reauth=0
Line: 6 - start of a new network block
ssid - hexdump_ascii(len=4):
74 65 73 74 test
key_mgmt: 0x8
eap methods - hexdump(len=2): 0d 00
identity - hexdump_ascii(len=8):
63 6c 74 5f 63 65 72 74 clt_cert
ca_cert - hexdump_ascii(len=33):
2f 65 74 63 2f 77 70 61 5f 73 75 70 70 6c 69 63 /etc/wpa_supplic
61 6e 74 2f 78 75 61 6e 2f 72 6f 6f 74 2e 70 65 ant/xuan/root.pe
6d m
client_cert - hexdump_ascii(len=37):
2f 65 74 63 2f 77 70 61 5f 73 75 70 70 6c 69 63 /etc/wpa_supplic
61 6e 74 2f 78 75 61 6e 2f 63 6c 74 5f 63 65 72 ant/xuan/clt_cer
74 2e 70 65 6d t.pem
private_key - hexdump_ascii(len=37):
2f 65 74 63 2f 77 70 61 5f 73 75 70 70 6c 69 63 /etc/wpa_supplic
61 6e 74 2f 78 75 61 6e 2f 63 6c 74 5f 63 65 72 ant/xuan/clt_cer
74 2e 70 65 6d t.pem
private_key_passwd - hexdump_ascii(len=8): [REMOVED]
eapol_flags=0 (0x0)
Priority group 0
id=0 ssid='test'
Initializing interface (2) 'eth0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_wired_init: Added multicast membership with packet socket
Own MAC address: 00:00:aa:7d:a7:b2
Setting scan request: 0 sec 100000 usec
Added interface eth0
RX EAPOL from 00:1c:f0:a8:ab:74
RX EAPOL - hexdump(len=46): 01 00 00 04 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
EAPOL: Received EAP-Packet frame
RX EAPOL from 00:1c:f0:a8:ab:74
RX EAPOL - hexdump(len=46): 01 00 00 0f 01 01 00 0f 01 55 73 65 72 20 6e 61 6d 65 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
EAPOL: Received EAP-Packet frame
RX EAPOL from 00:1c:f0:a8:ab:74
RX EAPOL - hexdump(len=46): 01 00 00 0f 01 02 00 0f 01 55 73 65 72 20 6e 61 6d 65 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
EAPOL: Received EAP-Packet frame
More information about the Hostap
mailing list