Trouble getting eap_server=1 to run: "Supplicant used different EAP type: 1 (Identity)"

Linus Lüssing linus.luessing at c0d3.blue
Wed Jul 20 06:13:25 PDT 2016 

Hi,

I'm currently trying to get a hostapd v2.3 running for WPA-EAP on
a Debian unstable (kernel 4.6). I am trying to connect with a Nokia N900
(OS: Linux/Maemo) which unfortunately always results in the lines:

  wlan0: STA 00:0d:d5:8c:7a:97 IEEE 802.1X: authentication failed - EAP type: 0 ((null))
  wlan0: STA 00:0d:d5:8c:7a:97 IEEE 802.1X: Supplicant used different EAP type: 1 (Identity)

On the N900 GUI I have selected the following options:

-----
EAP Type: TTLS
Certificate: None
EAP Methode: EAP-MSCHAPv2
User: testuser
Password: testpw
-----

On the hostapd side, eap_user.conf looks like this:

-----
"testuser"      TTLS
"testuser"      TTLS-MSCHAPV2   "testpw"        [2]
-----

And hostapd-eap.conf like this:

-----
interface=wlan0
driver=nl80211
country_code=DE
ssid=testnet
ieee80211d=1
hw_mode=g
ieee80211n=1

channel=0
disassoc_low_ack=1
wmm_enabled=1

wpa=2
wpa_key_mgmt=WPA-EAP
wpa_pairwise=CCMP
rsn_pairwise=CCMP

ieee8021x=1
eap_server=1
eap_user_file=/etc/hostapd/eap_user
ca_cert=/etc/hostapd/ca.crt
server_cert=/etc/hostapd/server.pem
dh_file=/etc/hostapd/dh2048.pem
-----


Finally, the output of hostapd itself is the following:

-----
$ hostapd ./hostapd-eap.conf
Configuration file: ./hostapd-eap.conf
wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
ACS: Automatic channel selection started, this may take a bit
wlan0: interface state COUNTRY_UPDATE->ACS
wlan0: ACS-STARTED 
wlan0: ACS-COMPLETED freq=2462 channel=11
Using interface wlan0 with hwaddr 00:1b:b1:f2:f3:e3 and ssid "testnet"
wlan0: interface state ACS->ENABLED
wlan0: AP-ENABLED 
wlan0: STA 00:0d:d5:8c:7a:97 IEEE 802.11: authenticated
wlan0: STA 00:0d:d5:8c:7a:97 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 00:0d:d5:8c:7a:97
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-STARTED 00:0d:d5:8c:7a:97
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-FAILURE 00:0d:d5:8c:7a:97
wlan0: STA 00:0d:d5:8c:7a:97 IEEE 802.1X: authentication failed - EAP type: 0 ((null))
wlan0: STA 00:0d:d5:8c:7a:97 IEEE 802.1X: Supplicant used different EAP type: 1 (Identity)
wlan0: STA 00:0d:d5:8c:7a:97 IEEE 802.11: authenticated
wlan0: STA 00:0d:d5:8c:7a:97 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 00:0d:d5:8c:7a:97
wlan0: CTRL-EVENT-EAP-FAILURE 00:0d:d5:8c:7a:97
wlan0: STA 00:0d:d5:8c:7a:97 IEEE 802.1X: authentication failed - EAP type: 0 ((null))
wlan0: STA 00:0d:d5:8c:7a:97 IEEE 802.1X: Supplicant used different EAP type: 1 (Identity)
wlan0: STA 00:0d:d5:8c:7a:97 IEEE 802.11: deauthenticated due to local deauth request
-----


Anyone having an idea why the authentication might fail?

Regards, Linus


PS: The following combinations did not work either, they resulted
in the same output and error on the hostapd side:

-----
N900: EAP Type: TTLS; EAP Methode: MSCHAPv2 (instead of "EAP-MSCHAPv2")
eap_user.conf: phase1 -> TTLS, phase2 -> TTLS-MSCHAPV2
----

----
N900: EAP Type: TTLS; EAP Methode: EAP-MSCHAPv2 (or just "MSCHAPv2")
eap_user.conf: phase1 -> TTLS, phase2 -> MSCHAPV2 (instead of "TTLS-MSCHAPV2")
----

----
N900: EAP Type: PEAP; EAP Methode: EAP-MSCHAPv2
eap_user.conf: phase1 -> PEAP, phase2 -> MSCHAPv2
----

More information about the Hostap mailing list