EAP-FAST inner Auth Fails
Jouni Malinen
jkmaline
Fri Dec 8 07:06:43 PST 2006
On Fri, Dec 08, 2006 at 11:36:03AM +0530, ramprasad.rajendran at wipro.com wrote:
> >And the server is sending out EAP-Request/Identity frame in
> >the tunnel and that is received successfully.
>
> Is this fine. Can the server just ask for a request identity inside the
> tunnel instead of using any authentication method like GTC or MSCHAPV2.
It is normal to first ask for the real identity inside the encrypted
tunnel to protect the privacy of the user identity. This means that the
anonymous_identity in wpa_supplicant configuration is sent in plain, but
the identity value is only send in the encrypted tunnel.
EAP-GTC or EAP-MSCHAPv2 is supposed to follow this identity query in the
tunnel.
> The server's log says the following
>
> ==> authReports/rejects_20061208.csv <==
> "2006-12-08","11:29:51","<ANY>","test","EAP-FAST","User name or
> credential incorrect","Inner EAP-FAST authentication
> failed","10.114.2.53"
This sounds like the "test" user would not be properly configured in the
server. This identity was rejected even before starting EAP-MSCHAPv2.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list