EAP-FAST inner Auth Fails
Jouni Malinen
jkmaline
Thu Dec 7 19:18:39 PST 2006
On Thu, Dec 07, 2006 at 03:28:04PM +0530, ramprasad.rajendran at wipro.com wrote:
> I am using wpa_supplicant-0.5.5 and hostapd as the authenticator and I
> am testing over a wired interface.
> The radius server that I'm using is Steel Belted Radius
> I had commented out code related to certificate processing to reduce on
> the size.
I've never tested EAP-FAST with SBR, so I don't know what to expect from
it.
Which TLS library are you using? Patched OpenSSL?
> As soon as Phase1 suceeds, in phase 2, the Radius server requests for
> identity, without using any inner authentication.
> Is this correct? I guess an inner authentication method should start as
> part of phase 2
>
> Attached alongwith is the output and my configuration file
Could you please send a debug log that shows the full EAP-FAST
authentication? The one attached to the message did not include any EAP
processing, not even the identity request.
Have you configured the RADIUS server to use EAP-FAST for the user that
you configured as the 'identity' in wpa_supplicant configuration? Are
you trying to use in-band provisioning first or has that already been
taken care of? I would suggest removing phase2 option for the initial
test because there are some limits on which EAP method can be used in
the tunneled phase 2.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list