EAP-FAST authentication on a university campus

Fri Apr 15 08:09:03 PDT 2011

On Fri, Apr 15, 2011 at 02:11:06PM +0200, Stephen Bosch wrote:
> my university recently switched to EAP-FAST authentication. Support
> for Linux users is non-existent.

> The institution provides the following configuration information and
> instructions to users:
> 
> WPA2 Enterprise authentication
> Encryption: AES (I assume that this is CCMP)
> Network authentication: PEAP

That PEAP is in conflict with the switch to EAP-FAST.. Anyway, the logs
you showed did not get as far as even starting EAP, so this would not
have changed them.

> When I configure wicd to use EAP-FAST, it generates this configuration file:
> 
> > ap_scan=1
> > ctrl_interface=/var/run/wpa_supplicant
> > network={
> > ? ? ? ?ssid="HAB"
> > ? ? ? ?scan_ssid=1
> > ? ? ? ?proto=RSN WPA
> > ? ? ? ?pairwise=CCMP TKIP
> > ? ? ? ?group=CCMP TKIP
> > ? ? ? ?key-mgmt=WPA-EAP

That "key-mgmt" should be "key_mgmt".

> > ap_scan=1
> > ctrl_interface=/var/run/wpa_supplicant
> > network={
> > ? ? ? ?ssid="HAB"
> > ? ? ? ?scan_ssid=1
> > ? ? ? ?proto=RSN
> > ? ? ? ?key_mgmt=WPA-EAP
> > ? ? ? ?pairwise=CCMP
> > ? ? ? ?group=CCMP
> > ? ? ? ?eap=PEAP
> > ? ? ? ?identity="<windows_userid>"
> > ? ? ? ?password="<windows_password>"
> > ? ? ? ?phase1="fast_provisioning=1"
> > ? ? ? ?phase2="auth=MSCHAPV2"

This looks fine in general.

> It actually attempts a connection then, but still fails:

> > 0: 00:26:3e:07:21:00 ssid='HAB' wpa_ie_len=0 rsn_ie_len=20 caps=0x11
> > ? selected based on RSN IE
> > ? selected WPA AP 00:26:3e:07:21:00 ssid='HAB'
> > Trying to associate with 00:26:3e:07:21:00 (SSID='HAB' freq=2462 MHz)

wpa_supplicant asks the driver to associate with the AP, but the driver
does not seem to be able to do that. Which driver are you using?

-- 
Jouni Malinen                                            PGP id EFC895FA