WPA2-PEAP problems

Harshal Chhaya harshal
Mon May 9 20:15:07 PDT 2011


Hello,

First off, thanks for a great package that allows me to replace a dedicated
AP with a network processor.

I am working on a system that uses hostapd to implement an integrated access
point to replace an existing product that uses an off-the-shelf access point
with freeRADIUS as the authentication server.

The clients use WPA2-PEAP (with username and passwords) to authenticate with
the AP and RADIUS server.

The username and password are stored in an 'eap_user' file.

The clients that can connect with the freeRADIUS-based system can't connect
to the hostapd-powered system.


The (verbose) hostapd log messages filtered for the specific client are:

 Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.11: authentication OK (open system)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
MLME: MLME-AUTHENTICATE.indication(00:09:37:09:03:87, OPEN_SYSTEM)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
MLME: MLME-DELETEKEYS.request(00:09:37:09:03:87)

Jan  1 00:02:22 OpenWrt user.info hostapd: wlan0: STA 00:09:37:09:03:87 IEEE
802.11: authenticated

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.11: association OK (aid 13)

Jan  1 00:02:22 OpenWrt user.info hostapd: wlan0: STA 00:09:37:09:03:87 IEEE
802.11: associated (aid 13)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
MLME: MLME-ASSOCIATE.indication(00:09:37:09:03:87)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
MLME: MLME-DELETEKEYS.request(00:09:37:09:03:87)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
WPA: event 1 notification

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: start authentication

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
WPA: start authentication

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: unauthorizing port

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: Sending EAP Packet (identifier 84)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: received EAPOL-Start from STA

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
WPA: event 5 notification

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: aborting authentication

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: Sending EAP Packet (identifier 236)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: received EAPOL-Start from STA

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
WPA: event 5 notification

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: aborting authentication

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: unauthorizing port

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: Sending EAP Packet (identifier 219)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: received EAP packet (code=2 id=84 len=21) from STA: EAP
Response-Identity (1)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: received EAP packet (code=2 id=236 len=21) from STA: EAP
Response-Identity (1)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: received EAP packet (code=2 id=219 len=21) from STA: EAP
Response-Identity (1)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: Sending EAP Packet (identifier 220)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: received EAP packet (code=2 id=220 len=86) from STA: EAP
Response-PEAP (25)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: Sending EAP Packet (identifier 221)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: received EAP packet (code=2 id=221 len=200) from STA: EAP
Response-PEAP (25)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: Sending EAP Packet (identifier 222)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: received EAP packet (code=2 id=222 len=6) from STA: EAP
Response-PEAP (25)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: Sending EAP Packet (identifier 223)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: received EAP packet (code=2 id=223 len=59) from STA: EAP
Response-PEAP (25)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: Sending EAP Packet (identifier 224)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: received EAP packet (code=2 id=224 len=107) from STA: EAP
Response-PEAP (25)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: Sending EAP Packet (identifier 225)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: received EAP packet (code=2 id=225 len=43) from STA: EAP
Response-PEAP (25)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: Sending EAP Packet (identifier 225)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.1X: unauthorizing port

Jan  1 00:02:22 OpenWrt user.warn hostapd: wlan0: STA 00:09:37:09:03:87 IEEE
802.1X: authentication failed - EAP type: 0 ((null))

Jan  1 00:02:22 OpenWrt user.info hostapd: wlan0: STA 00:09:37:09:03:87 IEEE
802.1X: Supplicant used different EAP type: 25 (PEAP)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
WPA: event 2 notification

Jan  1 00:02:22 OpenWrt user.info hostapd: wlan0: STA 00:09:37:09:03:87 IEEE
802.11: disassociated

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
MLME: MLME-DISASSOCIATE.indication(00:09:37:09:03:87, 8)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
MLME: MLME-DELETEKEYS.request(00:09:37:09:03:87)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
WPA: event 3 notification

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
IEEE 802.11: deauthenticated

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
MLME: MLME-DEAUTHENTICATE.indication(00:09:37:09:03:87, 3)

Jan  1 00:02:22 OpenWrt user.debug hostapd: wlan0: STA 00:09:37:09:03:87
MLME: MLME-DELETEKEYS.request(00:09:37:09:03:87)



(apologies for the verbose messages but I wanted to make sure I included all
relevant information)


My config file is:

=====================
logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=2

# Dump file for state information (on SIGUSR1)
dump_file=/tmp/hostapd.dump

ctrl_interface=/var/run/hostapd-phy0
driver=nl80211
hw_mode=g
interface=wlan0
eapol_version=2
#auth_algs=1
wpa=2
#ignore_broadcast_ssid=0
wpa_key_mgmt=WPA-EAP
wpa_pairwise=CCMP
wpa_group_rekey=300
wpa_gmk_rekey=640

ieee8021x=1
eapol_key_index_workaround=0
eap_server=1
eap_user_file=/localconf/eap_user
ca_cert=/etc/hostapd/ca.crt
server_cert=/etc/hostapd/ca.crt
private_key=/etc/hostapd/ca.key

ssid=mytest
channel=11

=====================

Setting "eapol_version" to 1 did not make a difference.


Any suggestions on any config settings to help my clients connect? Please
let me know if you need any additional information.

Thanks in advance,
- Harshal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20110509/f10ed4b7/attachment.htm 



More information about the Hostap mailing list