MS 2008 NPS and PEAP/MSCHAPv2 - wpa_supplicant not connecting

Gulick Tom-WPD384 Tom.Gulick
Sat Mar 30 12:46:52 PDT 2013


We're using OpenSSL 0.9.8p

Server config does not have client certificate required. I got a Wireshark trace of a Win 7 client connecting successfully and the EAP exchange seems the same as wpa_supplicant. 

From: hostap-bounces at [hostap-bounces at] on behalf of Jouni Malinen [j at]
Sent: Saturday, March 30, 2013 1:57 PM
To: hostap at
Subject: Re: MS 2008 NPS and PEAP/MSCHAPv2 - wpa_supplicant not connecting

On Fri, Mar 22, 2013 at 08:08:05PM +0000, Gulick Tom-WPD384 wrote:
> >From Wireshark we see:
> The server sends a TLSv1 message with:  Server Hello, Certificate, Certificate-Request, and Server Hello Done
> Supplicant responds with Certificate, Client Key Exchange, Change Cipher Spec, and Encrypted Handshake
> Server resends the first message and then DEAUTH's the supplicant with the reason being "802.1x failed".
> What seems different between MS 2008 NPS and the others is its sending  Certificate-Request. The others do not have it.
> Supplicant does respond but with Cert but what looks like a zero length certificate.

Which TLS library are you using in this wpa_supplicant build? Is the
server configured to try to use client certificate with PEAP?

Jouni Malinen                                            PGP id EFC895FA
HostAP mailing list
HostAP at

More information about the Hostap mailing list