802.1x auth with wpa_supp?
Morgan Read
mstuff
Sat Sep 25 02:29:05 PDT 2004
Hi
I've had some feed back from my uni on this. Apparently the server cert
was changed a few weeks back and it can no longer be verified (nice
work). Now people are turning the verification option off in windows &
linux/xsupplicant - How do I turn verification off in wpa_supplicant?
Another suggestion was that I need to regenerate my key? The one I'm
using was generated for xsupplicant - can anybody give me a basic "one
two" on using ssh-keygen or openssl to correctly generate a private key
for wpa_supplicant? I've had this in the back of my mind for a while
but not found any info on it.
Copy of recent debug output attached FYI (interesting bit's 35-45 lines
from end).
Regards,
Morgan.
###################################
[root at morgansmachine root]# wpa_supplicant -iwlan0
-c/etc/wpa_supplicant.conf -d Configuration file
'/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group=0
eapol_version=1
ap_scan=1
Priority group 0
id=0 ssid='uoa'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_hostap_set_wpa: enabled=1
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_countermeasures: enabled=0
wpa_driver_hostap_set_drop_unencrypted: enabled=1
Setting scan request: 0 sec 100000 usec
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
RTM_NEWLINK, IFLA_IFNAME: Interface 'wifi0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
Starting AP scan (specific SSID)
Scan SSID - hexdump_ascii(len=3):
75 6f 61 uoa
Wireless event: cmd=0x8b19 len=12
Received 158 bytes of scan results (1 BSSes)
Scan results: 1
Selecting BSS from priority group 0
0: 00:0d:ed:99:37:c0 ssid='uoa' wpa_ie_len=0 rsn_ie_len=0
skip - no WPA/RSN IE
selected non-WPA AP 00:0d:ed:99:37:c0 ssid='uoa'
Trying to associate with 00:0d:ed:99:37:c0 (SSID='uoa' freq=2437 MHz)
Cancelling scan request
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_drop_unencrypted: enabled=1
wpa_driver_hostap_associate
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
Wireless event: cmd=0x8b04 len=12
RX EAPOL from 00:0d:ed:99:37:c0
Setting authentication timeout: 10 sec 0 usec
EAPOL frame received in disassociated state - dropped
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
Wireless event: cmd=0x8b1a len=15
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:0d:ed:99:37:c0
Association event - clear replay counter
Associated to a new BSS: BSSID=00:0d:ed:99:37:c0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
RX EAPOL from 00:0d:ed:99:37:c0
Setting authentication timeout: 10 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=2
EAP: EAP entering state IDENTITY
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=10):
45 43 5c 6d 72 65 61 30 30 35 EC\mrea005
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 46, expecting at least 99
RX EAPOL from 00:0d:ed:99:37:c0
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=25 id=3
EAP: EAP entering state GET_METHOD
EAP-PEAP: Phase2 type: MSCHAPV2
SSL: Trusted root certificate(s) loaded
SSL: Private key failed verification: error:140CB07C:SSL
routines:SSL_use_PrivateKey_file:bad ssl filetype
SSL - SSL error: error:140A30B1:SSL routines:SSL_check_private_key:no
certificate assigned
EAP-PEAP: Failed to initialize SSL.
EAP: Failed to initialize EAP method 25
EAP: EAP entering state METHOD
EAP::METHOD - method not selected
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: txSuppRsp - EAP response data not available
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 46, expecting at least 99
RTM_NEWLINK, IFLA_IFNAME: Interface 'wifi0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
Signal 2 received - terminating
wpa_driver_hostap_deauthenticate
wpa_driver_hostap_reset: type=2
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
wpa_driver_hostap_set_wpa: enabled=0
wpa_driver_hostap_set_drop_unencrypted: enabled=0
wpa_driver_hostap_set_countermeasures: enabled=0
[root at morgansmachine root]#
###########################
Jouni Malinen wrote:
> On Tue, Sep 07, 2004 at 10:25:30PM +1200, Morgan Read wrote:
>
>
>>Well that was much more exciting! At least to my eyes...
>>
>>I ran as you suggested per the hostap driver (not wext).
>
>
> Yes, indeed, this time the EAPOL negotiation was at least started.
> However, the AP/authentication server did not seem to like the identity
> response from the client.
>
>
>>EAP: Received EAP-Request method=1 id=2
>>EAP: EAP entering state IDENTITY
>>EAP: EAP-Request Identity data - hexdump_ascii(len=0):
>>EAP: using real identity - hexdump_ascii(len=10):
>> 45 43 2f 6d 72 65 61 30 30 35 EC/mrea005
>
>
> Are you sure that is the current username? If "EC" is the domain part,
> that should most likely be EC\mrea005, not EC/mrea005..
>
>
>>Wireless event: cmd=0x8b15 len=20
>>Wireless event: new AP: 00:00:00:00:00:00
>>Setting scan request: 0 sec 100000 usec
>>EAPOL: External notification - portEnabled=0
>>EAPOL: SUPP_PAE entering state DISCONNECTED
>
>
> It looks like the AP disassociated the stations. This could have
> happened, e.g., because the authentication server rejected access to
> EC/mrea005 identity.
>
--
Morgan Read
<mailto:mstuffATplDOTnet>
More information about the Hostap
mailing list