No subject

bogus at does.not.exist.com bogus at does.not.exist.com
Mon Feb 11 19:02:05 PST 2013


ate-Request, and Server Hello Done
Supplicant responds with Certificate, Client Key Exchange, Change Cipher Sp=
ec, and Encrypted Handshake
Server resends the first message and then DEAUTH's the supplicant with the =
reason being "802.1x failed".

What seems different between MS 2008 NPS and the others is its sending  Cer=
tificate-Request. The others do not have it.
Supplicant does respond but with Cert but what looks like a zero length cer=
tificate.
Any insight or suggestions much appreciated.

Regards,
Tom Gulick
Motorola AirDefense Solutions
420 Lakeside Ave
Marlborough, MA 01752
(508) 460-0104
Tom.Gulick at motorolasolutions.com<mailto:Tom.Gulick at motorola.com>


--_000_D3F974322F3960419C962944607E452C568BD67ESN2PRD0410MB360_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 12 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">Has anyone encountered an issue using wpa_supplicant=
 with MS 2008 NPS ?<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal">We’re using 0.6.9 and have no issue with Cisco=
 ACS, FreeRADIUS, or MS 2003 NPS.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal">When we try to connect, we get DEAUTH’d during=
 the TLS negotiation.
<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal">From Wireshark we see:<o:p></o:p></p>
<p class=3D"MsoNormal">The server sends a TLSv1 message with:  Server =
Hello, Certificate, Certificate-Request, and Server Hello Done<o:p></o:p></=
p>
<p class=3D"MsoNormal">Supplicant responds with Certificate, Client Key Exc=
hange, Change Cipher Spec, and Encrypted Handshake<o:p></o:p></p>
<p class=3D"MsoNormal">Server resends the first message and then DEAUTH&#82=
17;s the supplicant with the reason being “802.1x failed”.<o:p>=
</o:p></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal">What seems different between MS 2008 NPS and the oth=
ers is its sending  Certificate-Request. The others do not have it.<o:=
p></o:p></p>
<p class=3D"MsoNormal">Supplicant does respond but with Cert but what looks=
 like a zero length certificate.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p></o:p></p>
<p class=3D"MsoNormal">Any insight or suggestions much appreciated.<o:p></o=
:p></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal">Regards,<o:p></o:p></p>
<p class=3D"MsoNormal">Tom Gulick<o:p></o:p></p>
<p class=3D"MsoNormal">Motorola AirDefense Solutions<o:p></o:p></p>
<p class=3D"MsoNormal">420 Lakeside Ave<o:p></o:p></p>
<p class=3D"MsoNormal">Marlborough, MA 01752<o:p></o:p></p>
<p class=3D"MsoNormal">(508) 460-0104<o:p></o:p></p>
<p class=3D"MsoNormal"><a href=3D"mailto:Tom.Gulick at motorola.com"><span sty=
le=3D"color:blue">Tom.Gulick at motorolasolutions.com</span></a><o:p></o:p></p=
>
<p class=3D"MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>

--_000_D3F974322F3960419C962944607E452C568BD67ESN2PRD0410MB360_--



More information about the Hostap mailing list