Configuring PEAP w/ ndiswrapper

Richard Laager rlaager
Sun Aug 29 17:02:49 PDT 2004


My university uses 802.11x authentication with PEAP and MSCHAP (v2, I
assume). The ESSID on the access points is the same across the
university, and the access points broadcast the ESSID. IP addresses are
handed out via DHCP. I'm using ndiswrapper with the bcmwl5a driver.

I can connect to unsecured access points with no trouble. I've tried a
number of configurations of Xsupplicant and wpa_supplicant with no luck.
wpa_supplicant at least mentions ndiswrapper in the documentation, so I
think it's my best shot at this point.

The authentication credentials are simply my username and password.
There are no client certificates used. I do not currently have the
server certificate. I may be able to get the server certificate if it's
required, but I'd prefer not to have to hassle the network
administrators: Non-Windows configurations are allowed, but unsupported.

My current wpa_supplicant configuration (for wpa_supplicant 0.2.4) is as
follows:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
network={
        ssid="UMC"
        scan_ssid=0
        key_mgmt=IEEE8021X
        eap=PEAP
        identity="laag0007 at umcrookston.edu"
        password="my_password_goes_here"
        ca_cert="/etc/cert/ca.pem"
        eapol_flags=3
        phase1="peaplabel=0"
        phase2="auth=MSCHAPV2"
}

If I run the following command:
wpa_supplicant -iwlan0 -c /etc/wpa_supplicant.conf -d

I get the following debug output. The authentication appears to timeout
and loop over and over until I hit Ctrl-C. I've let it loop once here
before stopping it.

Configuration file '/etc/wpa_supplicant.conf' ->
'/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group=10 (from group name 'wheel')
Priority group 0
   id=0 ssid='UMC'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Setting scan request: 0 sec 100000 usec
Starting AP scan (broadcast SSID)
Scan timeout - try to get results
Received 148 bytes of scan results (1 BSSes)
Scan results: 1
Selecting BSS from priority group 0
0: 00:0b:5f:7c:1e:c5 ssid='UMC' wpa_ie_len=0 rsn_ie_len=0
   skip - no WPA/RSN IE
   selected non-WPA AP 00:0b:5f:7c:1e:c5 ssid='UMC'
Trying to associate with 00:0b:5f:7c:1e:c5 (SSID='UMC' freq=2452 MHz)
Cancelling scan request
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - portControl=Auto
Authentication with 00:00:00:00:00:00 timed out.
Setting scan request: 0 sec 0 usec
Starting AP scan (broadcast SSID)
Scan timeout - try to get results
Received 148 bytes of scan results (1 BSSes)
Scan results: 1
Selecting BSS from priority group 0
0: 00:0b:5f:7c:1e:c5 ssid='UMC' wpa_ie_len=0 rsn_ie_len=0
   skip - no WPA/RSN IE
   selected non-WPA AP 00:0b:5f:7c:1e:c5 ssid='UMC'
Trying to associate with 00:0b:5f:7c:1e:c5 (SSID='UMC' freq=2452 MHz)
Cancelling scan request
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - portControl=Auto
Signal 2 received - terminating
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0

Is there a step-by-step guide to getting 802.11x authentication working
in such a configuration? If not, can anyone point to my mistakes?

I'm a very experience Linux administrator, but I'm a total newbie when
it comes to configuring wireless authentication. If I've omitted any
important information, please let me know.

Thanks,
Richard Laager

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20040829/fc87a105/attachment.pgp 



More information about the Hostap mailing list