802.1x with WinXP

marcb at softhome.net marcb at softhome.net
Fri Dec 6 04:12:33 EST 2002


I'm hoping someone can help me...  I'm  way out of my depth, and I've been 
banging my head against a wall for quite some time now...  but I think I'm 
close. 

I have a Linux box with a DWL-520 and a laptop running WinXP with a DWL-650. 

I'm trying to set the linux box up with hostap as an access point using 
802.1x, authenticating to freeRadius. 

I've nearly got it all working...  in that when the laptop transmits a 
request to authenticate to the linux box...  the request is correctly sent 
by hostapd to the radius server, and I get an "ACCEPT-ACCEPT" from the 
radius server back to hostapd. 

I'm pretty sure the key is then sent to the laptop... as for a brief second 
or two I get a "Authentication Successful" message on WinXP, but as soon as 
the connection is authenticated it drops out and hostapd deauthenticates it. 

I tried doing this whilst continually trying to ping the laptop and for the 
brief few seconds that the laptop is authenticated I get responses... so I 
am able to pass packets through....   I just don't understand why the laptop 
is deauthenticated immediately after authenticating. 

I've tried both hostap-2002-10-12 and the latest CVS, with no noticeable 
difference in behaviour. 

I've attached the output from hostapd below... 

Thanks, 

Marc 

 

 


Opening raw packet socket for ifindex 4
Using interface wlan0ap with hwaddr 00:05:5d:5b:c4:1c and ssid 'test'
Default WEP key - hexdump(len=13): 67 8d 91 69 48 94 85 93 59 fb 48 a4 48
Flushing old station entries
Received 30 bytes management frame
MGMT
mgmt::auth
authentication: STA=00:40:05:ae:bd:2d auth_alg=0 auth_transaction=1 
status_code=0
 New STA
Station 00:40:05:ae:bd:2d authenticated (open system)
Received 40 bytes management frame
MGMT
mgmt::assoc_req
association request: STA=00:40:05:ae:bd:2d capab_info=0x01 listen_interval=1
 new AID 1
Station 00:40:05:ae:bd:2d associated (aid 1)
IEEE 802.1X: Start authentication for new station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_KEY_TX entering state NO_KEY_TRANSMIT
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state DISCONNECTED
IEEE 802.1X: Unauthorizing station 00:40:05:ae:bd:2d
IEEE 802.1X: Sending canned EAP packet FAILURE to 00:40:05:ae:bd:2d 
(identifier 0)
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state IDLE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:40:05:ae:bd:2d (identifier 
1)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 37 bytes management frame
DATA
IEEE 802.1X: 5 bytes from 00:40:05:ae:bd:2d
  IEEE 802.1X: version=1 type=1 length=0
  ignoring 1 extra octets after IEEE 802.1X packet
  EAPOL-Start
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:40:05:ae:bd:2d (identifier 
1)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 26 bytes management frame
MGMT
MGMT: BSSID=32:33:38:3b:36:33 not our address
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 30 bytes management frame
MGMT
mgmt::auth
authentication: STA=00:40:05:ae:bd:2d auth_alg=0 auth_transaction=1 
status_code=0
Station 00:40:05:ae:bd:2d authenticated (open system)
Received 40 bytes management frame
MGMT
mgmt::assoc_req
association request: STA=00:40:05:ae:bd:2d capab_info=0x11 listen_interval=1
 old AID 1
Station 00:40:05:ae:bd:2d associated (aid 1)
Received 37 bytes management frame
DATA
IEEE 802.1X: 5 bytes from 00:40:05:ae:bd:2d
  IEEE 802.1X: version=1 type=1 length=0
  ignoring 1 extra octets after IEEE 802.1X packet
  EAPOL-Start
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:40:05:ae:bd:2d (identifier 
1)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state DISCONNECTED
IEEE 802.1X: Unauthorizing station 00:40:05:ae:bd:2d
IEEE 802.1X: Sending canned EAP packet FAILURE to 00:40:05:ae:bd:2d 
(identifier 1)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:40:05:ae:bd:2d (identifier 
2)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 51 bytes management frame
DATA
IEEE 802.1X: 19 bytes from 00:40:05:ae:bd:2d
  IEEE 802.1X: version=1 type=0 length=15
  EAP: code=2 identifier=1 length=15 (response)
EAP Identifier of the Response-Identity from 00:40:05:ae:bd:2d does not 
match (was 1, expected 2)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 51 bytes management frame
DATA
IEEE 802.1X: 19 bytes from 00:40:05:ae:bd:2d
  IEEE 802.1X: version=1 type=0 length=15
  EAP: code=2 identifier=2 length=15 (response)
  EAP Response-Identity
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state AUTHENTICATING
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 84 bytes from authentication server
Received RADIUS message
RADIUS packet matching with station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:ae:bd:2d (identifier 3)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 148 bytes management frame
DATA
IEEE 802.1X: 116 bytes from 00:40:05:ae:bd:2d
  IEEE 802.1X: version=1 type=0 length=112
  EAP: code=2 identifier=3 length=112 (response)
  EAP Response-TLS
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 1120 bytes from authentication server
Received RADIUS message
RADIUS packet matching with station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:ae:bd:2d (identifier 4)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 42 bytes management frame
DATA
IEEE 802.1X: 10 bytes from 00:40:05:ae:bd:2d
  IEEE 802.1X: version=1 type=0 length=6
  EAP: code=2 identifier=4 length=6 (response)
  EAP Response-TLS
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 980 bytes from authentication server
Received RADIUS message
RADIUS packet matching with station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:ae:bd:2d (identifier 5)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 1080 bytes management frame
DATA
IEEE 802.1X: 1048 bytes from 00:40:05:ae:bd:2d
  IEEE 802.1X: version=1 type=0 length=1044
  EAP: code=2 identifier=5 length=1044 (response)
  EAP Response-TLS
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 131 bytes from authentication server
Received RADIUS message
RADIUS packet matching with station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:ae:bd:2d (identifier 6)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 42 bytes management frame
DATA
IEEE 802.1X: 10 bytes from 00:40:05:ae:bd:2d
  IEEE 802.1X: version=1 type=0 length=6
  EAP: code=2 identifier=6 length=6 (response)
  EAP Response-TLS
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
Received 160 bytes from authentication server
Received RADIUS message
RADIUS packet matching with station 00:40:05:ae:bd:2d
MS-MPPE-Send-Key (len=32): 2f 39 60 e6 50 da e9 d1 52 7d f8 ec 1f 94 d0 42 
9d 16 2f 4c c0 8c 4f 7f 00 7c 82 d3 aa e0 4e ea
MS-MPPE-Recv-Key (len=32): ee 99 e6 57 2b 76 37 71 d0 f5 3c c7 a4 92 72 35 
9c b0 9d fc e2 2a f4 78 a6 ed 81 15 2c 10 cb 7a
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state SUCCESS
IEEE 802.1X: Sending canned EAP packet SUCCESS to 00:40:05:ae:bd:2d 
(identifier 6)
IEEE 802.1X: 00:40:05:ae:bd:2d REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state AUTHENTICATED
IEEE 802.1X: Authorizing station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state IDLE
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_KEY_TX entering state KEY_TRANSMIT
IEEE 802.1X: Sending EAPOL-Key(s) to 00:40:05:ae:bd:2d (identifier 7)
IEEE 802.1X: Sending EAPOL-Key to 00:40:05:ae:bd:2d (broadcast index=0)
Received 37 bytes management frame
DATA
IEEE 802.1X: 5 bytes from 00:40:05:ae:bd:2d
  IEEE 802.1X: version=1 type=1 length=0
  ignoring 1 extra octets after IEEE 802.1X packet
  EAPOL-Start
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:40:05:ae:bd:2d (identifier 
7)
Received 51 bytes management frame
DATA
IEEE 802.1X: 19 bytes from 00:40:05:ae:bd:2d
  IEEE 802.1X: version=1 type=0 length=15
  EAP: code=2 identifier=7 length=15 (response)
  EAP Response-Identity
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state AUTHENTICATING
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
Received 84 bytes from authentication server
Received RADIUS message
RADIUS packet matching with station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:ae:bd:2d (identifier 8)
Received 148 bytes management frame
DATA
IEEE 802.1X: 116 bytes from 00:40:05:ae:bd:2d
  IEEE 802.1X: version=1 type=0 length=112
  EAP: code=2 identifier=8 length=112 (response)
  EAP Response-TLS
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
Received 1120 bytes from authentication server
Received RADIUS message
RADIUS packet matching with station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:ae:bd:2d (identifier 9)
Received 42 bytes management frame
DATA
IEEE 802.1X: 10 bytes from 00:40:05:ae:bd:2d
  IEEE 802.1X: version=1 type=0 length=6
  EAP: code=2 identifier=9 length=6 (response)
  EAP Response-TLS
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
Received 980 bytes from authentication server
Received RADIUS message
RADIUS packet matching with station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:ae:bd:2d (identifier 10)
Received 1080 bytes management frame
DATA
IEEE 802.1X: 1048 bytes from 00:40:05:ae:bd:2d
  IEEE 802.1X: version=1 type=0 length=1044
  EAP: code=2 identifier=10 length=1044 (response)
  EAP Response-TLS
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
Received 131 bytes from authentication server
Received RADIUS message
RADIUS packet matching with station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:ae:bd:2d (identifier 11)
Received 42 bytes management frame
DATA
IEEE 802.1X: 10 bytes from 00:40:05:ae:bd:2d
  IEEE 802.1X: version=1 type=0 length=6
  EAP: code=2 identifier=11 length=6 (response)
  EAP Response-TLS
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
Received 160 bytes from authentication server
Received RADIUS message
RADIUS packet matching with station 00:40:05:ae:bd:2d
MS-MPPE-Send-Key (len=32): d8 fd e6 87 ce a6 7a a3 33 d2 c5 aa 61 7e ac 72 
6c 4a cc 55 08 cf a6 87 c7 f2 3a 15 94 ee 09 ac
MS-MPPE-Recv-Key (len=32): b2 8c 32 62 41 bb 50 78 17 7b cc f5 17 8e 91 c1 
b3 66 33 18 3c 01 dc e1 95 10 e4 72 89 d5 81 b0
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state SUCCESS
IEEE 802.1X: Sending canned EAP packet SUCCESS to 00:40:05:ae:bd:2d 
(identifier 11)
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_KEY_TX entering state KEY_TRANSMIT
IEEE 802.1X: Sending EAPOL-Key(s) to 00:40:05:ae:bd:2d (identifier 11)
IEEE 802.1X: Sending EAPOL-Key to 00:40:05:ae:bd:2d (broadcast index=0)
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state AUTHENTICATED
IEEE 802.1X: Authorizing station 00:40:05:ae:bd:2d
IEEE 802.1X: 00:40:05:ae:bd:2d BE_AUTH entering state IDLE
Received 26 bytes management frame
MGMT
MGMT: BSSID=32:33:38:3b:36:33 not our address
Received 26 bytes management frame
MGMT
mgmt::deauth
deauthentication: STA=00:40:05:ae:bd:2d reason_code=3
Station 00:40:05:ae:bd:2d deauthenticated
IEEE 802.1X: station 00:40:05:ae:bd:2d port disabled
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:40:05:ae:bd:2d AUTH_PAE entering state INITIALIZE
Signal 2 received - terminating
Flushing old station entries
Deauthenticate all stations 



More information about the HostAP mailing list