WPA2-PEAP problems

Harshal Chhaya harshal
Mon May 16 15:17:12 PDT 2011 

Jouni,

Thanks for your response.

The output with '-ddK' is below (I have not included the 'logread' output
due to the size constraints):


Configuration file: /tmp/hostapd.conf
eapol_version=2
netlink: Operstate: linkmode=1, operstate=5
nl80211: Add own interface ifindex 8
nl80211: New interface mon.wlan0 created: ifindex=9
nl80211: Add own interface ifindex 9
BSS count 1, BSSID mask 00:00:00:00:00:00 (0 bits)
nl80211: Added 802.11b mode based on 802.11g information
Allowed channel: mode=1 chan=1 freq=2412 MHz max_tx_power=27 dBm
Allowed channel: mode=1 chan=2 freq=2417 MHz max_tx_power=27 dBm
Allowed channel: mode=1 chan=3 freq=2422 MHz max_tx_power=27 dBm
Allowed channel: mode=1 chan=4 freq=2427 MHz max_tx_power=27 dBm
Allowed channel: mode=1 chan=5 freq=2432 MHz max_tx_power=27 dBm
Allowed channel: mode=1 chan=6 freq=2437 MHz max_tx_power=27 dBm
Allowed channel: mode=1 chan=7 freq=2442 MHz max_tx_power=27 dBm
Allowed channel: mode=1 chan=8 freq=2447 MHz max_tx_power=27 dBm
Allowed channel: mode=1 chan=9 freq=2452 MHz max_tx_power=27 dBm
Allowed channel: mode=1 chan=10 freq=2457 MHz max_tx_power=27 dBm
Allowed channel: mode=1 chan=11 freq=2462 MHz max_tx_power=27 dBm
Allowed channel: mode=0 chan=1 freq=2412 MHz max_tx_power=27 dBm
Allowed channel: mode=0 chan=2 freq=2417 MHz max_tx_power=27 dBm
Allowed channel: mode=0 chan=3 freq=2422 MHz max_tx_power=27 dBm
Allowed channel: mode=0 chan=4 freq=2427 MHz max_tx_power=27 dBm
Allowed channel: mode=0 chan=5 freq=2432 MHz max_tx_power=27 dBm
Allowed channel: mode=0 chan=6 freq=2437 MHz max_tx_power=27 dBm
Allowed channel: mode=0 chan=7 freq=2442 MHz max_tx_power=27 dBm
Allowed channel: mode=0 chan=8 freq=2447 MHz max_tx_power=27 dBm
Allowed channel: mode=0 chan=9 freq=2452 MHz max_tx_power=27 dBm
Allowed channel: mode=0 chan=10 freq=2457 MHz max_tx_power=27 dBm
Allowed channel: mode=0 chan=11 freq=2462 MHz max_tx_power=27 dBm
Completing interface initialization
Mode: IEEE 802.11g  Channel: 11  Frequency: 2462 MHz
RATE[0] rate=10 flags=0x1
RATE[1] rate=20 flags=0x1
RATE[2] rate=55 flags=0x1
RATE[3] rate=110 flags=0x1
RATE[4] rate=60 flags=0x0
RATE[5] rate=90 flags=0x0
RATE[6] rate=120 flags=0x0
RATE[7] rate=180 flags=0x0
RATE[8] rate=240 flags=0x0
RATE[9] rate=360 flags=0x0
RATE[10] rate=480 flags=0x0
RATE[11] rate=540 flags=0x0
Flushing old station entries
Deauthenticate all stations
wpa_driver_nl80211_set_key: ifindex=8 alg=0 addr=(nil) key_idx=0 set_tx=1
seq_len=0 key_len=0
wpa_driver_nl80211_set_key: ifindex=8 alg=0 addr=(nil) key_idx=1 set_tx=0
seq_len=0 key_len=0
wpa_driver_nl80211_set_key: ifindex=8 alg=0 addr=(nil) key_idx=2 set_tx=0
seq_len=0 key_len=0
wpa_driver_nl80211_set_key: ifindex=8 alg=0 addr=(nil) key_idx=3 set_tx=0
seq_len=0 key_len=0
Using interface wlan0 with hwaddr 00:06:80:00:a9:37 and ssid
'N-00068000A937'
TLSv1: Converting PEM format certificate into DER format
X509: Version X.509v3
X509: serialNumber 1337599526
X509: issuer C=US, ST=Texas, L=Austin, O=MyOrg, CN=MyOrg
CA/emailAddress=bogusemail at bogus
X509: Validity: notBefore: 1294683888 notAfter: 1610043888
X509: subject C=US, ST=Texas, L=Austin, O=MyOrg, CN=MyOrg
CA/emailAddress=bogusemail at bogus
X509: subjectPublicKey - hexdump(len=140): 30 81 89 02 81 81 00 9d df ae 4e
57 8e d9 14 ae 8f e4 c4 ad 5b 94 a5 6f 45 44 ea bc 82 98 af b4 04 d4 ea 68
73 d3 35 3a 3a 73 20 e4 50 8c 05 a3 2b 81 f8 3f 07 54 3a 49 e8 70 4b a3 62
c2 e1 f7 66 da a7 39 f1 99 1a 43 3a db 0e 78 3f f7 42 ef 40 30 fe 8c 64 48
1b c4 1c d1 47 b1 fd 03 9d d6 95 90 f2 40 f2 87 67 a1 df c4 20 be 29 60 83
19 83 1f 9c bc 77 11 f6 7e 5e d1 86 f8 1e db 81 f8 15 86 25 bf 14 76 65 02
03 01 00 01
X509: Extension: extnID=2.5.29.14 critical=0
X509: extnValue - hexdump(len=22): 04 14 f7 ac 32 f9 2d 00 91 42 88 31 dc 71
7d fd 53 19 53 9c df be
X509: Extension: extnID=2.5.29.35 critical=0
X509: extnValue - hexdump(len=183): 30 81 b4 80 14 f7 ac 32 f9 2d 00 91 42
88 31 dc 71 7d fd 53 19 53 9c df be a1 81 90 a4 81 8d 30 81 8a 31 0b 30 09
06 03 55 04 06 13 02 55 53 31 0e 30 0c 06 03 55 04 08 13 05 54 65 78 61 73
31 0f 30 0d 06 03 55 04 07 13 06 44 61 6c 6c 61 73 31 1a 30 18 06 03 55 04
0a 13 11 54 65 78 61 73 20 49 6e 73 74 72 75 6d 65 6e 74 73 31 1d 30 1b 06
03 55 04 03 13 14 54 65 78 61 73 20 49 6e 73 74 72 75 6d 65 6e 74 73 20 43
41 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 10 62 6f 67 75 73 65 6d
61 69 6c 40 62 6f 67 75 73 82 09 00 fc 7b 06 8c 4f ba 26 26
X509: Extension: extnID=2.5.29.19 critical=0
X509: extnValue - hexdump(len=5): 30 03 01 01 ff
X509: BasicConstraints - cA=255
X509: signature - hexdump(len=128): 93 a0 51 8c cc 9c 63 28 55 f5 c0 e7 57
0a af 73 80 c6 f4 7f a3 70 d6 8a 97 e8 8e 89 88 9e c4 94 e3 05 ca 82 36 d3
12 60 47 40 0a e8 a7 f1 c1 54 51 2e 4c d4 1d 38 f0 d9 c4 5f 7b 28 56 83 86
49 57 e2 52 47 3f e4 3b be cd ac b8 af 67 ca d5 ab cc 09 8e 1f 63 90 98 3f
b9 7d 03 bf d2 f2 84 63 54 5a cd 33 9e 98 f9 7b ac 24 41 d8 0a c8 ef e4 28
b6 b6 dd d3 ee 1d d1 b6 07 25 3e cc de 20 84
TLSv1: Added certificate: C=US, ST=Texas, L=Austin, O=MyOrg, CN=MyOrg
CA/emailAddress=bogusemail at bogus
TLSv1: Converting PEM format certificate into DER format
X509: Version X.509v3
X509: serialNumber 1337599526
X509: issuer C=US, ST=Texas, L=Austin, O=MyOrg, CN=MyOrg
CA/emailAddress=bogusemail at bogus
X509: Validity: notBefore: 1294683888 notAfter: 1610043888
X509: subject C=US, ST=Texas, L=Austin, O=MyOrg, CN=MyOrg
CA/emailAddress=bogusemail at bogus
X509: subjectPublicKey - hexdump(len=140): 30 81 89 02 81 81 00 9d df ae 4e
57 8e d9 14 ae 8f e4 c4 ad 5b 94 a5 6f 45 44 ea bc 82 98 af b4 04 d4 ea 68
73 d3 35 3a 3a 73 20 e4 50 8c 05 a3 2b 81 f8 3f 07 54 3a 49 e8 70 4b a3 62
c2 e1 f7 66 da a7 39 f1 99 1a 43 3a db 0e 78 3f f7 42 ef 40 30 fe 8c 64 48
1b c4 1c d1 47 b1 fd 03 9d d6 95 90 f2 40 f2 87 67 a1 df c4 20 be 29 60 83
19 83 1f 9c bc 77 11 f6 7e 5e d1 86 f8 1e db 81 f8 15 86 25 bf 14 76 65 02
03 01 00 01
X509: Extension: extnID=2.5.29.14 critical=0
X509: extnValue - hexdump(len=22): 04 14 f7 ac 32 f9 2d 00 91 42 88 31 dc 71
7d fd 53 19 53 9c df be
X509: Extension: extnID=2.5.29.35 critical=0
X509: extnValue - hexdump(len=183): 30 81 b4 80 14 f7 ac 32 f9 2d 00 91 42
88 31 dc 71 7d fd 53 19 53 9c df be a1 81 90 a4 81 8d 30 81 8a 31 0b 30 09
06 03 55 04 06 13 02 55 53 31 0e 30 0c 06 03 55 04 08 13 05 54 65 78 61 73
31 0f 30 0d 06 03 55 04 07 13 06 44 61 6c 6c 61 73 31 1a 30 18 06 03 55 04
0a 13 11 54 65 78 61 73 20 49 6e 73 74 72 75 6d 65 6e 74 73 31 1d 30 1b 06
03 55 04 03 13 14 54 65 78 61 73 20 49 6e 73 74 72 75 6d 65 6e 74 73 20 43
41 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 10 62 6f 67 75 73 65 6d
61 69 6c 40 62 6f 67 75 73 82 09 00 fc 7b 06 8c 4f ba 26 26
X509: Extension: extnID=2.5.29.19 critical=0
X509: extnValue - hexdump(len=5): 30 03 01 01 ff
X509: BasicConstraints - cA=255
X509: signature - hexdump(len=128): 93 a0 51 8c cc 9c 63 28 55 f5 c0 e7 57
0a af 73 80 c6 f4 7f a3 70 d6 8a 97 e8 8e 89 88 9e c4 94 e3 05 ca 82 36 d3
12 60 47 40 0a e8 a7 f1 c1 54 51 2e 4c d4 1d 38 f0 d9 c4 5f 7b 28 56 83 86
49 57 e2 52 47 3f e4 3b be cd ac b8 af 67 ca d5 ab cc 09 8e 1f 63 90 98 3f
b9 7d 03 bf d2 f2 84 63 54 5a cd 33 9e 98 f9 7b ac 24 41 d8 0a c8 ef e4 28
b6 b6 dd d3 ee 1d d1 b6 07 25 3e cc de 20 84
TLSv1: Added certificate: C=US, ST=Texas, L=Austin, O=MyOrg, CN=MyOrg
CA/emailAddress=bogusemail at bogus
PKCS #8: Does not start with PKCS #8 header (SEQUENCE); assume PKCS #8 not
used
Trying to parse PKCS #1 encoded RSA private key
RSA: Expected SEQUENCE (public key) - found class 0 tag 0xd
PKCS #8: algorithm=1.2.840.113549.1.1.1
PKCS #8: Try to parse RSAPrivateKey
WPA: group state machine entering state GTK_INIT (VLAN-ID 0)
GMK - hexdump(len=32): d0 5d d0 76 10 9c 4d a4 97 dd db 50 b8 7c 36 d8 33 72
7f 0b 5c 93 08 9b 8c 22 ba 26 74 61 ac 0e
GTK - hexdump(len=16): 8f 9e 4d 10 13 e0 02 20 a8 a1 78 8e be f1 a2 b6
WPA: group state machine entering state SETKEYSDONE (VLAN-ID 0)
wpa_driver_nl80211_set_key: ifindex=8 alg=3 addr=(nil) key_idx=1 set_tx=1
seq_len=0 key_len=16
VLAN: vlan_set_name_type(name_type=2)
VLAN: vlan_set_name_type: SET_VLAN_NAME_TYPE_CMD name_type=2 failed: Package
not installed
nl80211: Set beacon (beacon_set=0)
wpa_driver_nl80211_set_operstate: operstate 0->1 (UP)
netlink: Operstate: linkmode=-1, operstate=6
wlan0: Setup of interface done.



The 'eap_user' file has:

# Phase 1 users
* PEAP
# Phase 2
"test" MSCHAPV2 "password" [2]

Please let me know if you need any more information.

Thanks again,
- Harshal




On Mon, May 16, 2011 at 2:27 PM, Jouni Malinen <j at w1.fi> wrote:

> On Mon, May 09, 2011 at 10:15:07PM -0500, Harshal Chhaya wrote:
> > The clients use WPA2-PEAP (with username and passwords) to authenticate
> with
> > the AP and RADIUS server.
> >
> > The username and password are stored in an 'eap_user' file.
> >
> > The clients that can connect with the freeRADIUS-based system can't
> connect
> > to the hostapd-powered system.
>
> > The (verbose) hostapd log messages filtered for the specific client are:
>
> That did not include any clear indication on what caused the problem,
> i.e., a more verbose log would be needed to figure out what happened.
> Please add -dd to the hostapd command line and send an unfiltered debug
> log. If this is using test credentials that you do not mind revealing,
> -ddK on command line would produce even more useful information. Just
> keep in mind that it may include private keys and passwords in the
> output when -K is added.
>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20110516/0f86e482/attachment.htm

More information about the Hostap mailing list