WPA2 Enterprise PEAP MSCHAPv2 connection problem

Alistair Tonner ajftonner
Sun Nov 15 14:49:13 PST 2009


I'm trying (still) to connect to a corporate wifi installation that is 
painless on winders and is based on (afaik) cisco AP's, and a connection
to AD across RADIUS server(s)
   
I have no access to the RADIUS logs.

I have the following for wpa_supplicant.conf 

***************************************
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
update_config=1
ap_scan=1
eapol_version=1


network={
        ssid="Corporate_WiFi"
        scan_ssid=1
        proto=RSN
        key_mgmt=WPA-EAP
        pairwise=TKIP
        eap=PEAP
        identity="user.name at corp.win.domain"
        anonymous_identity="user.name"
        password="password"
        ca_cert2="/etc/ssl/certs/cert_from_wisma_server.cer"
        ca_path2="/etc/ssl/certs"
        phase1="peaplabel=0"
        phase2="auth=MSCHAPV2"
}
******************************


The following is from a connection attempt with -d and I assume is
telling me that something is broken, but I've no idea *what* is broken.

TLS done I assume means that I have negotiated some sort of key, but I
get the impression that PEAP is not completing at all....

<SNIP>
EAP-PEAP: TLS done, proceed to Phase
2                                                                                                                                  
EAP-PEAP: using label 'client EAP encryption' in key
derivation                                                                                                         
EAP-PEAP: Derived key - hexdump(len=64):
[REMOVED]                                                                                                                      
SSL: Building ACK (type=25 id=8
ver=0)                                                                                                                                  
EAP: method process -> ignore=FALSE methodState=MAY_CONT
decision=FAIL                                                                                                  
EAP: EAP entering state
SEND_RESPONSE                                                                                                                                   
EAP: EAP entering state
IDLE                                                                                                                                            
EAPOL: SUPP_BE entering state
RESPONSE                                                                                                                                  
EAPOL:
txSuppRsp                                                                                                                                                        
TX EAPOL:
dst=00:19:2f:32:29:20                                                                                                                                         
EAPOL: SUPP_BE entering state
RECEIVE                                                                                                                                   
RX EAPOL from
00:19:2f:32:29:20                                                                                                                                         
EAPOL: Received EAP-Packet
frame                                                                                                                                        
EAPOL: SUPP_BE entering state
REQUEST                                                                                                                                   
EAPOL:
getSuppRsp                                                                                                                                                       
EAP: EAP entering state
RECEIVED                                                                                                                                        
EAP: Received EAP-Request id=9 method=25 vendor=0
vendorMethod=0                                                                                                        
EAP: EAP entering state
METHOD                                                                                                                                          
SSL: Received packet(len=35) - Flags
0x00                                                                                                                               
EAP-PEAP: received 29 bytes encrypted data for Phase
2                                                                                                                  
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=1):
01                                                                                                                    
EAP-PEAP: received Phase 2: code=1 identifier=9
length=5                                                                                                                
EAP-PEAP: Phase 2 Request:
type=1                                                                                                                                       
EAP: using real identity -
hexdump_ascii(len=29):                                                                                                                       
     41 6c 69 73 74 61 69 72 2e 54 6f 6e 6e 65 72 40
{USER.NAME}@                                                                                                 
     72 63 69 2e 72 6f 67 65 72 73 2e 63 61
{CORP.WIN.DOMAIN}                                                                                                    
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=34):
[REMOVED]                                                                                                          
SSL: 90 bytes left to be sent out (of total 90
bytes)                                                                                                                   
EAP: method process -> ignore=FALSE methodState=MAY_CONT
decision=FAIL                                                                                                  
EAP: EAP entering state
SEND_RESPONSE                                                                                                                                   
EAP: EAP entering state
IDLE                                                                                                                                            
EAPOL: SUPP_BE entering state
RESPONSE                                                                                                                                  
EAPOL:
txSuppRsp                                                                                                                                                        
TX EAPOL:
dst=00:19:2f:32:29:20                                                                                                                                         
EAPOL: SUPP_BE entering state
RECEIVE                                                                                                                                   
EAPOL: startWhen -->
0                                                                                                                                                  
RTM_NEWLINK: operstate=0 ifi_flags=0x1003
([UP])                                                                                                                        
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0'
added                                                                                                                       
Wireless event: cmd=0x8b15 len=24   
<SNIP>

    Can anyone suggest what it is (we) need to correct in
wpa_supplicant.conf to get this connection to the next step please?



Alistair.                   




More information about the Hostap mailing list