I'm trying (still) to connect to a corporate wifi installation that is
painless on winders and is based on (afaik) cisco AP's, and a connection
to AD across RADIUS server(s)
I have no access to the RADIUS logs.
I have the following for wpa_supplicant.conf
***************************************
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
update_config=1
ap_scan=1
eapol_version=1
network={
ssid="Corporate_WiFi"
scan_ssid=1
proto=RSN
key_mgmt=WPA-EAP
pairwise=TKIP
eap=PEAP
identity="user.name at corp.win.domain"
anonymous_identity="user.name"
password="password"
ca_cert2="/etc/ssl/certs/cert_from_wisma_server.cer"
ca_path2="/etc/ssl/certs"
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
}
******************************
The following is from a connection attempt with -d and I assume is
telling me that something is broken, but I've no idea *what* is broken.
TLS done I assume means that I have negotiated some sort of key, but I
get the impression that PEAP is not completing at all....
<SNIP>
EAP-PEAP: TLS done, proceed to Phase
2
EAP-PEAP: using label 'client EAP encryption' in key
derivation
EAP-PEAP: Derived key - hexdump(len=64):
[REMOVED]
SSL: Building ACK (type=25 id=8
ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT
decision=FAIL
EAP: EAP entering state
SEND_RESPONSE
EAP: EAP entering state
IDLE
EAPOL: SUPP_BE entering state
RESPONSE
EAPOL:
txSuppRsp
TX EAPOL:
dst=00:19:2f:32:29:20
EAPOL: SUPP_BE entering state
RECEIVE
RX EAPOL from
00:19:2f:32:29:20
EAPOL: Received EAP-Packet
frame
EAPOL: SUPP_BE entering state
REQUEST
EAPOL:
getSuppRsp
EAP: EAP entering state
RECEIVED
EAP: Received EAP-Request id=9 method=25 vendor=0
vendorMethod=0
EAP: EAP entering state
METHOD
SSL: Received packet(len=35) - Flags
0x00
EAP-PEAP: received 29 bytes encrypted data for Phase
2
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=1):
01
EAP-PEAP: received Phase 2: code=1 identifier=9
length=5
EAP-PEAP: Phase 2 Request:
type=1
EAP: using real identity -
hexdump_ascii(len=29):
41 6c 69 73 74 61 69 72 2e 54 6f 6e 6e 65 72 40
{USER.NAME}@
72 63 69 2e 72 6f 67 65 72 73 2e 63 61
{CORP.WIN.DOMAIN}
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=34):
[REMOVED]
SSL: 90 bytes left to be sent out (of total 90
bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT
decision=FAIL
EAP: EAP entering state
SEND_RESPONSE
EAP: EAP entering state
IDLE
EAPOL: SUPP_BE entering state
RESPONSE
EAPOL:
txSuppRsp
TX EAPOL:
dst=00:19:2f:32:29:20
EAPOL: SUPP_BE entering state
RECEIVE
EAPOL: startWhen -->
0
RTM_NEWLINK: operstate=0 ifi_flags=0x1003
([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0'
added
Wireless event: cmd=0x8b15 len=24
<SNIP>
Can anyone suggest what it is (we) need to correct in
wpa_supplicant.conf to get this connection to the next step please?
Alistair.