No subject

bogus at bogus at
Mon Feb 11 19:02:05 PST 2013

ate-Request, and Server Hello Done
Supplicant responds with Certificate, Client Key Exchange, Change Cipher Sp=
ec, and Encrypted Handshake
Server resends the first message and then DEAUTH's the supplicant with the =
reason being "802.1x failed".

What seems different between MS 2008 NPS and the others is its sending  Cer=
tificate-Request. The others do not have it.
Supplicant does respond but with Cert but what looks like a zero length cer=
Any insight or suggestions much appreciated.

Tom Gulick
Motorola AirDefense Solutions
420 Lakeside Ave
Marlborough, MA 01752
(508) 460-0104
Tom.Gulick at<mailto:Tom.Gulick at>

Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"" xmlns=3D"http:=
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
<meta name=3D"Generator" content=3D"Microsoft Word 12 (filtered medium)">
/* Font Definitions */
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
a:link, span.MsoHyperlink
a:visited, span.MsoHyperlinkFollowed
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">Has anyone encountered an issue using wpa_supplicant=
 with MS 2008 NPS ?<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal">We’re using 0.6.9 and have no issue with Cisco=
 ACS, FreeRADIUS, or MS 2003 NPS.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal">When we try to connect, we get DEAUTH’d during=
 the TLS negotiation.
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal">From Wireshark we see:<o:p></o:p></p>
<p class=3D"MsoNormal">The server sends a TLSv1 message with:  Server =
Hello, Certificate, Certificate-Request, and Server Hello Done<o:p></o:p></=
<p class=3D"MsoNormal">Supplicant responds with Certificate, Client Key Exc=
hange, Change Cipher Spec, and Encrypted Handshake<o:p></o:p></p>
<p class=3D"MsoNormal">Server resends the first message and then DEAUTH&#82=
17;s the supplicant with the reason being “802.1x failed”.<o:p>=
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal">What seems different between MS 2008 NPS and the oth=
ers is its sending  Certificate-Request. The others do not have it.<o:=
<p class=3D"MsoNormal">Supplicant does respond but with Cert but what looks=
 like a zero length certificate.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p></o:p></p>
<p class=3D"MsoNormal">Any insight or suggestions much appreciated.<o:p></o=
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal">Regards,<o:p></o:p></p>
<p class=3D"MsoNormal">Tom Gulick<o:p></o:p></p>
<p class=3D"MsoNormal">Motorola AirDefense Solutions<o:p></o:p></p>
<p class=3D"MsoNormal">420 Lakeside Ave<o:p></o:p></p>
<p class=3D"MsoNormal">Marlborough, MA 01752<o:p></o:p></p>
<p class=3D"MsoNormal">(508) 460-0104<o:p></o:p></p>
<p class=3D"MsoNormal"><a href=3D"mailto:Tom.Gulick at"><span sty=
le=3D"color:blue">Tom.Gulick at</span></a><o:p></o:p></p=
<p class=3D"MsoNormal"><o:p> </o:p></p>


More information about the Hostap mailing list