WPA+EAP-PEAP+MSCHAPv2 Problem

Greg Baker gbaker
Wed Feb 9 10:53:05 PST 2005 

Hi guys, this is my first post to this list.  Apologies if this is a known 
issue..

I'm trying to connect to the wireless network at my school and am having 
problems.  It connects fine in Windows, but not Linux.

I'm not sure what is relevant for help, so I'll post the output from 
wpa_supplicant:

-------
[root at nimba greg]# wpa_supplicant -dw -c /etc/wpa_supplicant.conf -i ath0 -D 
madwifi
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group=0
eapol_version=1
ap_scan=1
Priority group 0
   id=0 ssid='stu'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_madwifi_set_wpa: enabled=1
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_set_countermeasures: enabled=0
wpa_driver_madwifi_set_drop_unencrypted: enabled=1
Setting scan request: 0 sec 100000 usec
l2_packet_receive - recv: Network is down
Starting AP scan (specific SSID)
Scan SSID - hexdump_ascii(len=3):
     73 74 75                                          stu
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
Wireless event: cmd=0x8b1a len=15
Wireless event: cmd=0x8b19 len=12
Received 538 bytes of scan results (2 BSSes)
Scan results: 2
Selecting BSS from priority group 0
0: 00:11:92:49:54:20 ssid='stu' wpa_ie_len=26 rsn_ie_len=0
   selected
Trying to associate with 00:11:92:49:54:20 (SSID='stu' freq=2412 MHz)
Cancelling scan request
WPA: using IEEE 802.11i/D3.0
WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 
00 50 f2 02 01 00 00 50 f2 01
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_set_drop_unencrypted: enabled=1
wpa_driver_madwifi_associate
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b1a len=15
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:11:92:49:54:20
Association event - clear replay counter
Associated to a new BSS: BSSID=00:11:92:49:54:20
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_del_key: keyidx=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
RX EAPOL from 00:11:92:49:54:20
Setting authentication timeout: 70 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=1
EAP: EAP entering state IDENTITY
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=6):
     67 62 61 6b 65 72                                 gbaker
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 50, expecting at least 99
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
RX EAPOL from 00:11:92:49:54:20
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=2
EAP: EAP entering state IDENTITY
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=6):
     67 62 61 6b 65 72                                 gbaker
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 50, expecting at least 99
RX EAPOL from 00:11:92:49:54:20
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=17 id=118
EAP: EAP entering state GET_METHOD
EAP: Building EAP-Nak (requested type 17 not allowed)
EAP: allowed methods - hexdump(len=1): 19
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 50, expecting at least 99
RX EAPOL from 00:11:92:49:54:20
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=25 id=119
EAP: EAP entering state GET_METHOD
EAP-PEAP: Forced PEAP version 1
EAP-PEAP: Phase2 type: MSCHAPV2
EAP: EAP entering state METHOD
EAP-PEAP: Received packet(len=6) - Flags 0x21
EAP-PEAP: Start (server ver=1, own ver=1)
EAP-PEAP: Using PEAP version 1
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 102 bytes left to be sent out (of total 102 bytes)
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 50, expecting at least 99
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
Setting scan request: 0 sec 100000 usec
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_del_key: keyidx=0
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
Starting AP scan (broadcast SSID)
Wireless event: cmd=0x8b1a len=12
Wireless event: cmd=0x8b19 len=12
Received 392 bytes of scan results (2 BSSes)
Scan results: 2
Selecting BSS from priority group 0
0: 00:11:92:49:54:20 ssid='' wpa_ie_len=0 rsn_ie_len=0
   skip - no WPA/RSN IE
1: 00:11:92:49:5d:00 ssid='' wpa_ie_len=0 rsn_ie_len=0
   skip - no WPA/RSN IE
No suitable AP found.
Setting scan request: 5 sec 0 usec
Starting AP scan (specific SSID)
Scan SSID - hexdump_ascii(len=3):
     73 74 75                                          stu
Wireless event: cmd=0x8b1a len=15
Wireless event: cmd=0x8b19 len=12
Received 465 bytes of scan results (2 BSSes)
Scan results: 2
Selecting BSS from priority group 0
0: 00:11:92:49:54:20 ssid='stu' wpa_ie_len=26 rsn_ie_len=0
   selected
Trying to associate with 00:11:92:49:54:20 (SSID='stu' freq=2412 MHz)
Cancelling scan request
WPA: using IEEE 802.11i/D3.0
WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 
00 50 f2 02 01 00 00 50 f2 01
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_set_drop_unencrypted: enabled=1
wpa_driver_madwifi_associate
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b1a len=15
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:11:92:49:54:20
Association event - clear replay counter
Associated to a new BSS: BSSID=00:11:92:49:54:20
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_del_key: keyidx=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
RX EAPOL from 00:11:92:49:54:20
Setting authentication timeout: 70 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=1
EAP: EAP entering state IDENTITY
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=6):
     67 62 61 6b 65 72                                 gbaker
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 50, expecting at least 99
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
RX EAPOL from 00:11:92:49:54:20
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=2
EAP: EAP entering state IDENTITY
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=6):
     67 62 61 6b 65 72                                 gbaker
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 50, expecting at least 99
RX EAPOL from 00:11:92:49:54:20
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=17 id=131
EAP: EAP entering state GET_METHOD
EAP: Building EAP-Nak (requested type 17 not allowed)
EAP: allowed methods - hexdump(len=1): 19
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 50, expecting at least 99
RX EAPOL from 00:11:92:49:54:20
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=25 id=132
EAP: EAP entering state GET_METHOD
EAP-PEAP: Forced PEAP version 1
EAP-PEAP: Phase2 type: MSCHAPV2
EAP: EAP entering state METHOD
EAP-PEAP: Received packet(len=6) - Flags 0x21
EAP-PEAP: Start (server ver=1, own ver=1)
EAP-PEAP: Using PEAP version 1
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 102 bytes left to be sent out (of total 102 bytes)
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 50, expecting at least 99
Signal 2 received - terminating
wpa_driver_madwifi_deauthenticate
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_del_key: keyidx=0
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
wpa_driver_madwifi_set_wpa: enabled=0
wpa_driver_madwifi_set_drop_unencrypted: enabled=0
wpa_driver_madwifi_set_countermeasures: enabled=0


...and so on ad infinitum..

Most of this is gibberish to me.....   So hopefully someone can figure out 
exactly where this is dying..

Here's my wpa_supplicant.conf file:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1 # <--  not sure what this does
ap_scan=1 # <-- needed to associate with ap
network={
        ssid="stu"
        scan_ssid=1
        key_mgmt=WPA-EAP
        eap=PEAP
        pairwise=TKIP
        group=TKIP
        identity="gbaker"
        password="........."
        phase1="peapver=1 peaplabel=1"
        phase2="auth=MSCHAPV2"
}

Now, I've tried changing some of the settings above (like peapver and 
peaplabel) but don't ever get any farther.

One thing I'm not sure about, do I need to have a certificate defined?  The 
APs here provide the certificate, and they are not validated.

One last thing, after doing an analysis of packets from both windows and 
linux, here is a summary of what happens

me: EAPOL-Start
AP: EAP Request ID
me: EAP Response ID
AP: EAP Request, EAP-Cisco Wireless (LEAP) [Norman]
me: EAP Response NAK
AP: EAP Request PEAP [Palekar]

Here's where it begins to get funky..  Windows and the AP discuss a couple of 
more PEAP things while in linux it goes straight to "TLS Client Hello"...

There are two more packets from both windows and the AP here before the TLS 
hello..

Can anyone give me some insight as to what I'm missing??

Thanks, and really sorry about the long post.
Greg

More information about the Hostap mailing list