wpa_supplicant on Windows & hostapd with integrated EAP server

Tran Thanh Dinh dinh107
Wed Sep 20 01:32:32 PDT 2006 

   Hi Ambedkar,
   
    I want to run a test of 802.1X with wpa_supplicant running on Windows and integrated EAP server on hostapd. Any method can be used but I prefer the simplest one (MD5???). I just want to see how the 802.1X works. 
   
    I wonder if there's any constraints in my test case. The README-Windows file of wpa_supplucant says that IEEE802.1X with dynamics WEP keys was tested. Does it mean EAP-MD5 is not supported for WIndows version please.
   
    I am beginer beginer of security domain, I dont know match about the different methods. For the short term, I just want to look at 802.1X port-control system.
   
    Thanks a lot for your help,
    Best regards,
   
  Dinh Tran

Ambedkar R <ambedkar_r at yahoo.com> wrote:
    Hi Dinh,
   
  Your configuration file is little confuse.Can you tell me that which authentication method you want to use.If you want to use IEEE802.1X with dynamic wep keys,you should use certificates.(For EAP-TLS,we should use client and root certificate) 
  In the case of WPA-PSK.no need certificates.
   
  -Ambedkar.R

Tran Thanh Dinh <dinh107 at yahoo.com> wrote:
  Hi,

Here is the config file for eap_psk on hostapd side:
eap_psk.conf
driver=madwifi
interface=ath0
bridge=br0
eap_server=1
ssid=eap_psk_test
ieee8021x=1
eap_user_file=/etc/hostapd.eap_user
logger_stdout=-1
logger_stdout_level=0

then I got the following log after lauching hostapd
[root at localhost hostapd-0.4.9]# hostapd -d
eap_psk.conf
Configuration file: eap_psk.conf
Configure bridge br0 for EAPOL traffic.
Using interface ath0 with hwaddr 00:17:9a:0c:0a:fb and
ssid 
'eap_psk_test'
Flushing old station entries
madwifi_sta_deauth: addr=ff:ff:ff:ff:ff:ff
reason_code=3
Deauthenticate all stations
l2_packet_receive - recvfrom: Network is down
Signal 2 received - terminating
Flushing old station entries
madwifi_sta_deauth: addr=ff:ff:ff:ff:ff:ff
reason_code=3
Deauthenticate all stations
madwifi_set_privacy: enabled=0
[root at localhost hostapd-0.4.9]#

On wpa_supplicant side, the config file used is: 
eap_psk.conf
ap_scan=1
network={
ssid="eap_psk_test"
key_mgmt=IEEE8021X
eap=MD5
identity="psk"
eappsk=0123456789abcdef0123456789abcdef
}

and the obtained log:
C:\cygwin\home\root\wpa_supplicant-0.4.9>wpa_supplicant.exe
-i\Device\NPF_{8FE40
90E-D22B-4769-B270-441A9F06B8B2} -c eap_psk.conf -d
Initializing interface
'\Device\NPF_{8FE4090E-D22B-4769-B270-441A9F06B8B2}'
conf
'eap_psk.conf' driver 'default' ctrl_interface 'N/A'
Configuration file 'eap_psk.conf' ->
'C:\cygwin\home\root\wpa_supplicant-0.4.9/e
ap_psk.conf'
Reading configuration file
'C:\cygwin\home\root\wpa_supplicant-0.4.9/eap_psk.con
f'
ap_scan=1
Priority group 0
id=0 ssid='eap_psk_test'
Initializing interface (2)
'\Device\NPF_{8FE4090E-D22B-4769-B270-441A9F06B8B2}'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
NDIS: Packet.dll version: 3, 1, 0, 27
NDIS: 3 adapter names found
NDIS: 3 adapter descriptions found
NDIS: 0 - \Device\NPF_GenericDialupAdapter - Generic
dialup adapter
NDIS: 1 -
\Device\NPF_{8FE4090E-D22B-4769-B270-441A9F06B8B2} -
Intel(R) PRO/Wire
less 2200BG Network Connection (Microsoft's Packet
Scheduler)
NDIS: 2 -
\Device\NPF_{63468DCC-BAAF-45CA-9684-5E7E0725A406} -
Broadcom NetXtrem
e Gigabit Ethernet Driver (Microsoft's Packet
Scheduler)
NDIS: Adapter description prefix 'Intel'
NDIS: Driver supports OID_802_11_CAPABILITY -
NoOfPMKIDs 4 NoOfAuthEncrPairs 12
NDIS: driver capabilities: key_mgmt 0xf enc 0xf auth
0x3
Own MAC address: 00:16:6f:25:8a:fe
wpa_driver_ndis_set_wpa: enabled=1
ndis_get_oid: oid=0xd010101 len (6) failed
ndis_get_oid: oid=0xd010101 len (6) failed
ndis_get_oid: oid=0xd010101 len (6) failed
ndis_get_oid: oid=0xd010101 len (6) failed
Setting scan request: 0 sec 100000 usec
Added interface
\Device\NPF_{8FE4090E-D22B-4769-B270-441A9F06B8B2}
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
NDIS: turning radio on before the first scan
ndis_get_oid: oid=0xd010101 len (6) failed
ndis_get_oid: oid=0xd010101 len (6) failed
ndis_get_oid: oid=0xd010101 len (6) failed
Scan timeout - try to get results
Scan results: 2
Selecting BSS from priority group 0
0: 00:0f:f8:58:58:cd ssid='wpa_test' wpa_ie_len=24
rsn_ie_len=0 caps=0x10
skip - SSID mismatch
1: 00:17:9a:0c:0a:fb ssid='eap_psk_test' wpa_ie_len=0
rsn_ie_len=0 caps=0x0
skip - no WPA/RSN IE
No suitable AP found.
Setting scan request: 5 sec 0 usec
ndis_get_oid: oid=0xd010101 len (6) failed
ndis_get_oid: oid=0xd010101 len (6) failed
CTRL-EVENT-TERMINATING - signal 2 received
Removing interface
\Device\NPF_{8FE4090E-D22B-4769-B270-441A9F06B8B2}
State: SCANNING -> DISCONNECTED
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_ndis_set_wpa: enabled=0
No keys have been configured - skip key clearing
Cancelling scan request

C:\cygwin\home\root\wpa_supplicant-0.4.9>

wpa_supplicant sees the network eap_psk_test but it
doesnt take it as a suitable AP

I tried also with eap_leap. On hostapd side, I edited
the /etc/hostapd.eap_user file as follow

"leap" LEAP "leap"

[root at localhost hostapd-0.4.9]# hostapd -d
eap_leap.conf
Configuration file: eap_leap.conf
Unsupported EAP type 'LEAP' on line 33 in
'/etc/hostapd.eap_user'
1 errors found in configuration file 'eap_leap.conf'
[root at localhost hostapd-0.4.9]#

It seems that the EAP integrated server doesnt support
LEAP method.

Thanks for your help,
Best regards,

Dinh Tran
--- Ambedkar R wrote:

> Hi Dinh,
> 
> Can you send me your logs with -ddK option and
> include your config file also.
> 
> Regards
> Ambedkar.R
> --------------------
> Create something before destroying,because
> destruction can't be ultimate aim.
> 
> 
> Tran Thanh Dinh wrote:
> Hi,
> 
> I want to have a test with wpa_supplicant running on
> Windows XP, and hostapd with integrated EAP server
> for
> 802.1X but thanks for confirming me if it's possible
> please?
> 
> I tested succesfully for WPA_PSK, but once I changed
> to 802.1X, I always get error: No suitable AP found.
> 
> In the README file of wpa_supplicant for Windows, it
> says that 802.1X with dynamic WEP keys was tested.
> Does it mean the other methods are not yet possible
> for WIndows version please?
> 
> On hostapd side, I tried to configure for LEAP
> (dynamic WEP keys?) but the method LEAP was not
> recognized by integrated server.
> 
> Could you please help me out to have a test for
> 802.1X with wpa_supplicant on Windows and integrated
> EAP server used (any methods)?
> 
> Thanks for your help,
> Best regards,
> 
> Dinh Tran
> 
> 
> 
> 
> 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
> 
> 
> 
> ---------------------------------
> Want to be your own boss? Learn how on Yahoo! Small
> Business. 






__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

    
---------------------------------
  Want to be your own boss? Learn how on Yahoo! Small Business. 


 


 				
---------------------------------
Want to be your own boss? Learn how on  Yahoo! Small Business. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20060920/79e6a8ab/attachment.htm

More information about the Hostap mailing list