802.1x with WinXP
jkmaline at cc.hut.fi
Sun Dec 8 23:33:48 EST 2002
On Fri, Dec 06, 2002 at 08:43:35PM -0800, Jouni Malinen wrote:
> If only Supplicant in WinXP would give a bit more debugging information
> to find out what is causing the problems.. If anyone happens to know a
> way of configuring something like this or knows of a debug version of
> that Supplicant, please do let me know. This would certainly make
> debugging lot easier.
Several hours of expirimenting with various tricks did not help with
this.. Everything seems to be working fine with Xsupplicant, but I
cannot get WinXP (SP1) Supplicant to be happy with the transmitted keys.
It just reports that network connection could not be established (I have
seen at least two different error messages for this). In some cases I
have been able to send frames using WEP encryption, so apparently the
keys were in proper format.
I have found possible cause for some of the problems. Current Host AP
driver does not support PS buffering for 802.1x frames. However, even
with power saving disabled in the WinXP driver, there was no way of
getting the connection last more than few seconds. I'm guessing that
this is because WinXP Supplicant rejects either EAPOL-Key packet
(although WEP key gets changed) or final Access-Accept from RADIUS.
However, I have no idea why..
I would really need to get more debug info out of the WinXP Supplicant,
so if someone happens to have good contact info for Microsoft
developers/support, please let me know. Should someone have (or can
easily make) a frame dump (i.e., sniffed from the wireless media) of a
successful 802.1x exchange using WinXP Supplicant and any .1x
Authenticator/Auth Server, it might be useful in comparing what could go
wrong. This dump would need to include WEP key exchange using EAPOL-Key
Jouni Malinen PGP id EFC895FA
More information about the HostAP