HostAPd WPA Enterprise fails on Windows 10

Jouni Malinen j at
Tue Dec 13 02:09:33 PST 2016

On Mon, Dec 12, 2016 at 05:23:50PM -0500, Thomas d'Otreppe wrote:
> I have been playing with Hostapd patched for WPE on Kali. It is a
> patch to make HostAPd (2.6) an Enterprise AP and accept and log all
> credentials entered.
> With a stock configuration, it works just fine on most OSes (tested:
> Ubuntu 16.04, 16.10, iOS 10.1 and 10.2) but Windows 10 (14393) fails
> without much explanation. However, in a set-up where HostAPd forwards
> the request to Freeradius 3.0.12, it works just fine with Windows 10.

I'm not sure whether WPE patches could have had an impact there, but I
cannot reproduce PEAP/MSCHAPv2 authentication issue between Windows 10
station and hostapd as the AP and EAP authentication server. This was
with the current hostapd snapshot (but there should not really be
changes between 2.6 and this for the relevant parts) and with OpenSSL

> To summarize the ticket, by enabling debug (-d) when running hostapd,
> it seems like it is failing right before switching to Phase 2. It
> doesn't seem to get the data for phase 2 correctly as you can see in
> the log excerpt in the ticket.

There is not enough context in that log to be able to tell what

> According to some forums, Windows might have had some issue with TLS
> v1.2 so I tried to recompile with TLS v1.2 disabled but it still
> failed (and also tried disabling also v1.1, no success). I also tried
> latest hostapd git from a day or 2 ago and the problem still persists.

Which OpenSSL version are you using?

> If needed, I kept the success and failure logs and I can send them for analysis.

Yes, I'd need to see the full failure log to be able to say much more
than that since this works fine in my tests.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list