EAP method not allowed (MD5), trying to do EAP-AKA auth.
Ben Greear
greearb
Fri Sep 5 10:48:12 PDT 2014
Any idea why this might be failing? We do not see this when using
hostapd as a radius server, but another user sees the problem on
their radius server.
Interestingly, if my user uses a different AP, then things work,
but when we use the exact same AP/firmware, it works for us.
Could be AP config differences (and bugs), as we cannot exactly replicate
their setup for testing...
Station config file is:
ctrl_interface=/var/run/wpa_supplicant
fast_reauth=1
concurrent_assoc_ok=1
scan_cur_freq=1
min_scan_gap=5
bss_max_count=2000
network={
ssid="NETGEAR19-5G"
disable_ht=0
disable_vht=0
ieee80211w=0
disable_ht40=0
disable_sgi=0
ht_mcs=""
disable_max_amsdu=-1
ampdu_factor=-1
ampdu_density=-1
proto=RSN
key_mgmt=WPA-EAP
eap=AKA
pairwise=CCMP TKIP
group=CCMP TKIP WEP104 WEP40
identity="0310028400001101 at wlan.mnc028.mcc310.3gppnetwork.org"
password="[aka-auth-password]"
proactive_key_caching=0
}
Verbose supplicant logs:
1409937637.935706: sta_0: Event ASSOC (0) received
1409937637.935711: sta_0: Association info event
1409937637.935714: resp_ies - hexdump(len=169): 01 08 8c 12 98 24 b0 48 60 6c 35 01 00 41 01 00 46 05 72 00 01 00 00 2d 1a ef 09 17 ff ff ff 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 3d 16 2c 0d 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7f 08 04 00 08 00 00 00 00 40 bf 0c b2 59 82
0f ea ff 00 00 ea ff 00 00 c0 05 01 2a 00 00 00 dd 18 00 50 f2 04 10 4a 00 01 10 10 3b 00 01 03 10 49 00 06 00 37 2a 00 01 20 dd 09 00 10 18 02 00 00 1c 00 00
dd 18 00 50 f2 02 01 01 88 00 03 a4 00 00 27 a4 00 00 42 43 bc 00 62 32 66 00
1409937637.935745: WPA: Unrecognized EAPOL-Key Key Data IE - hexdump(len=3): 35 01 00
1409937637.935748: WPA: Unrecognized EAPOL-Key Key Data IE - hexdump(len=3): 41 01 00
1409937637.935751: WPA: Unrecognized EAPOL-Key Key Data IE - hexdump(len=7): 46 05 72 00 01 00 00
1409937637.935755: WPA: Unrecognized EAPOL-Key Key Data IE - hexdump(len=24): 3d 16 2c 0d 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1409937637.935760: WPA: Unrecognized EAPOL-Key Key Data IE - hexdump(len=7): c0 05 01 2a 00 00 00
1409937637.935765: WPA: WMM Parameter Element - hexdump(len=24): 00 50 f2 02 01 01 88 00 03 a4 00 00 27 a4 00 00 42 43 bc 00 62 32 66 00
1409937637.935771: IEEE 802.11 element parse ignored unknown element (id=53 elen=1)
1409937637.935774: IEEE 802.11 element parse ignored unknown element (id=65 elen=1)
1409937637.935776: IEEE 802.11 element parse ignored unknown element (id=70 elen=5)
1409937637.935780: IEEE 802.11 element parse ignored unknown element (id=53 elen=1)
1409937637.935783: IEEE 802.11 element parse ignored unknown element (id=65 elen=1)
1409937637.935785: IEEE 802.11 element parse ignored unknown element (id=70 elen=5)
1409937637.935789: sta_0: freq=5220 MHz
1409937637.935793: FT: Stored MDIE and FTIE from (Re)Association Response - hexdump(len=0):
1409937637.935797: sta_0: State: ASSOCIATING -> ASSOCIATED
1409937637.935800: nl80211: Set sta_0 operstate 0->0 (DORMANT)
1409937637.935804: netlink: Operstate: ifindex=9 linkmode=-1 (no change), operstate=5 (IF_OPER_DORMANT)
1409937637.935814: sta_0: Associated to a new BSS: BSSID=e4:f4:c6:00:73:8c
1409937637.935821: sta_0: Associated with e4:f4:c6:00:73:8c
1409937637.935824: sta_0: WPA: Association event - clear replay counter
1409937637.935828: sta_0: WPA: Clear old PTK
1409937637.935846: TDLS: Remove peers on association
1409937637.935850: EAPOL: External notification - portEnabled=0
1409937637.935854: EAPOL: External notification - portValid=0
1409937637.935858: EAPOL: External notification - portEnabled=1
1409937637.935860: EAPOL: SUPP_PAE entering state CONNECTING
1409937637.935863: EAPOL: enable timer tick
1409937637.935867: EAPOL: SUPP_BE entering state IDLE
1409937637.935872: EAP: EAP entering state INITIALIZE
1409937637.935875: EAP: EAP entering state IDLE
1409937637.935880: sta_0: Setting authentication timeout: 10 sec 0 usec
1409937637.935885: sta_0: Cancelling scan request
1409937637.935896: RTM_NEWLINK: ifi_index=9 ifname=sta_0 operstate=5 linkmode=1 ifi_flags=0x11003 ([UP][LOWER_UP])
1409937637.935910: RTM_NEWLINK: ifi_index=9 ifname=sta_0 wext ifi_flags=0x11003 ([UP][LOWER_UP])
1409937637.935920: RTM_NEWLINK: ifi_index=9 ifname=sta_0 wext ifi_flags=0x11003 ([UP][LOWER_UP])
1409937637.935928: nl80211: Event message available
1409937637.935936: nl80211: Drv Event 46 (NL80211_CMD_CONNECT) received for sta_0
1409937637.935940: nl80211: Ignore connect event (cmd=46) when using userspace SME
1409937637.937349: sta_0: RX EAPOL from e4:f4:c6:00:73:8c
1409937637.937361: RX EAPOL - hexdump(len=9): 02 00 00 05 01 00 00 05 01
1409937637.937370: sta_0: Setting authentication timeout: 70 sec 0 usec
1409937637.937376: EAPOL: Received EAP-Packet frame
1409937637.937383: EAPOL: SUPP_PAE entering state RESTART
1409937637.937387: EAP: EAP entering state INITIALIZE
1409937637.937392: EAP: EAP entering state IDLE
1409937637.937398: EAPOL: SUPP_PAE entering state AUTHENTICATING
1409937637.937403: EAPOL: SUPP_BE entering state REQUEST
1409937637.937407: EAPOL: getSuppRsp
1409937637.937411: EAP: EAP entering state RECEIVED
1409937637.937429: EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
1409937637.937436: EAP: EAP entering state IDENTITY
1409937637.937442: sta_0: CTRL-EVENT-EAP-STARTED EAP authentication started
1409937637.937448: EAP: Status notification: started (param=)
1409937637.937454: EAP: EAP-Request Identity data - hexdump_ascii(len=0):
1409937637.937460: EAP: using real identity - hexdump_ascii(len=51):
30 33 31 30 30 32 38 34 30 30 30 30 31 31 30 31 0310028400001101
40 77 6c 61 6e 2e 6d 6e 63 30 32 38 2e 6d 63 63 @wlan.mnc028.mcc
33 31 30 2e 33 67 70 70 6e 65 74 77 6f 72 6b 2e 310.3gppnetwork.
6f 72 67 org
1409937637.937497: EAP: EAP entering state SEND_RESPONSE
1409937637.937503: EAP: EAP entering state IDLE
1409937637.937508: EAPOL: SUPP_BE entering state RESPONSE
1409937637.937513: EAPOL: txSuppRsp
1409937637.937519: TX EAPOL: dst=e4:f4:c6:00:73:8c
1409937637.937526: TX EAPOL - hexdump(len=60): 01 00 00 38 02 00 00 38 01 30 33 31 30 30 32 38 34 30 30 30 30 31 31 30 31 40 77 6c 61 6e 2e 6d 6e 63 30 32 38 2e
6d 63 63 33 31 30 2e 33 67 70 70 6e 65 74 77 6f 72 6b 2e 6f 72 67
1409937637.937558: EAPOL: SUPP_BE entering state RECEIVE
1409937637.955447: sta_0: RX EAPOL from e4:f4:c6:00:73:8c
1409937637.955468: RX EAPOL - hexdump(len=26): 02 00 00 16 01 01 00 16 04 10 9e 99 76 69 91 5a 97 a7 41 36 dc ae 8f 52 68 eb
1409937637.955481: EAPOL: Received EAP-Packet frame
1409937637.955487: EAPOL: SUPP_BE entering state REQUEST
1409937637.955491: EAPOL: getSuppRsp
1409937637.955496: EAP: EAP entering state RECEIVED
1409937637.955510: EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0
1409937637.955517: EAP: EAP entering state GET_METHOD
1409937637.955521: EAP: configuration does not allow: vendor 0 method 4
1409937637.955524: EAP: vendor 0 method 4 not allowed
1409937637.955528: sta_0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK
1409937637.955532: EAP: Status notification: refuse proposed method (param=MD5)
1409937637.955537: EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed)
1409937637.955542: EAP: allowed methods - hexdump(len=1): 17
1409937637.955545: EAP: EAP entering state SEND_RESPONSE
1409937637.955548: EAP: EAP entering state IDLE
Thanks,
Ben
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the Hostap
mailing list