WInXP +SP1 Hostap and 802.1x authentications

Oleg Izhvanov izh at openlan.ru
Tue Aug 12 18:15:40 EDT 2003 

Paolo Rossi wrote:

> Hi all,
>
> I've problem with 802.1x authentication.
> I have WinXp + SP1 client and a linux debian box with hostap in master 
> mode. I want use 802.1x to authenticate the users. I have compiled 
> hostapd and change my configuration file hostapd.conf, but i have a 
> trouble. The output of hostapd is:
> "nasso:/home/paolo/hostap-0.0.4/hostapd# ./hostapd hostapd.conf
> Configuration file: hostapd.conf
> Opening raw packet socket for ifindex 32
> Using interface wlan0ap with hwaddr 00:60:b3:68:c1:3f and ssid 'test2'
> Default WEP key - hexdump(len=13): 4e 43 56 0c b0 57 9a 00 47 7f 66 32 35
> Flushing old station entries
> Deauthenticate all stations
> Received 30 bytes management frame
> MGMT
> mgmt::auth
> authentication: STA=00:40:05:29:11:cc auth_alg=1 auth_transaction=1 
> status_code=0 wep=0 

It seems that your SP1 client uses Shared Authentication algorithm, but 
support for it
disabled in your hostapd.conf config file. Either disable Shared 
Authentication on the client or
enable it in the hostapd by setting auth_algs variable to 3 (with Open 
Authentication algoritm
enables), or to 1 (with Open Authentication algorithm disabled).

>
> Unsupported authentication algorithm (1)
> authentication reply: STA=00:40:05:29:11:cc auth_alg=1 
> auth_transaction=2 resp=13
> Received 30 bytes management frame
> MGMT (TX callback) ACK
> mgmt::auth cb
> handle_auth_cb: STA 00:40:05:29:11:cc not found
> Received 30 bytes management frame
> MGMT
> mgmt::auth
> authentication: STA=00:40:05:29:11:cc auth_alg=0 auth_transaction=1 
> status_code=0 wep=0
> Unsupported authentication algorithm (0)
> authentication reply: STA=00:40:05:29:11:cc auth_alg=0 
> auth_transaction=2 resp=13
> Received 30 bytes management frame
> MGMT (TX callback) ACK
> mgmt::auth cb
> handle_auth_cb: STA 00:40:05:29:11:cc not found"
>
>
> Can someone help me?
>
>
> Best Regards Paolo
>
>
>
>
>------------------------------------------------------------------------
>
>##### hostapd configuration file ##############################################
># Empty lines and lines starting with # are ignored
>
># AP netdevice name (without 'ap' prefix, i.e., wlan0 uses wlan0ap for
># management frames)
>interface=wlan0
>
># hostapd event logger configuration
>#
># Two output method: syslog and stdout (only usable if not forking to
># background).
>#
># Module bitfield (ORed bitfield of modules that will be logged; -1 = all
># modules):
># bit 0 (1) = IEEE 802.11
># bit 1 (2) = IEEE 802.1X
># bit 2 (4) = RADIUS
>#
># Levels (minimum value for logged events):
>#  0 = verbose debugging
>#  1 = debugging
>#  2 = informational messages
>#  3 = notification
>#  4 = warning
>#
>logger_syslog=4
>logger_syslog_level=3
>logger_stdout=4
>logger_stdout_level=3
>
># Debugging: 0 = no, 1 = minimal, 2 = verbose, 3 = msg dumps
>debug=2
>
># Dump file for state information (on SIGUSR1)
>dump_file=/tmp/hostapd.dump
>
># Daemonize hostapd process (i.e., fork to background)
>daemonize=1
>
>
>##### IEEE 802.11 related configuration #######################################
>
># SSID to be used in IEEE 802.11 management frames
>ssid=test2
>
># Station MAC address -based authentication
># 0 = accept unless in deny list
># 1 = deny unless in accept list
># 2 = use external RADIUS server (accept/deny lists are searched first)
>macaddr_acl=2
>
># Accept/deny lists are read from separate files (containing list of
># MAC addresses, one per line). Use absolute path name to make sure that the
># files can be read on SIGHUP configuration reloads.
>#accept_mac_file=/etc/hostapd.accept
>#deny_mac_file=/etc/hostapd.deny
>
># IEEE 802.11 specifies two authentication algorithms. hostapd can be
># configured to allow both of these or only one. Open system authentication
># should be used with IEEE 802.1X.
># Bit fields of allowed authentication algorithms:
># bit 0 = Open System Authentication
># bit 1 = Shared Key Authentication (requires WEP)
>auth_algs=0
>
># Associate as a station to another AP while still acting as an AP on the same
># channel.
>#assoc_ap_addr=00:12:34:56:78:9a
>
>
>##### IEEE 802.1X (and IEEE 802.1aa/D4) related configuration #################
>
># Require IEEE 802.1X authorization
>ieee8021x=1
>
># Use internal minimal EAP Authentication Server for testing IEEE 802.1X.
># This should only be used for testing since it authorizes all users that
># suppot IEEE 802.1X without any keys or certificates.
>#minimal_eap=0
>
># Optional displayable message sent with EAP Request-Identity
>#eap_message=hello
>
># WEP rekeying (disabled if key lengths are not set or are set to 0)
># Key lengths for default/broadcast and individual/unicast keys:
># 5 = 40-bit WEP (also known as 64-bit WEP with 40 secret bits)
># 13 = 104-bit WEP (also known as 128-bit WEP with 104 secret bits)
>wep_key_len_broadcast=13
>wep_key_len_unicast=13
># Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once)
>wep_rekey_period=1800
>
># EAPOL-Key index workaround (set bit7) for WinXP Supplicant (needed only if
># only broadcast keys are used)
>eapol_key_index_workaround=64
>
>
>##### IEEE 802.11f - Inter-Access Point Protocol (IAPP) #######################
>
># Interface to be used for IAPP broadcast packets
>#iapp_interface=eth0
>
>
>##### RADIUS configuration ####################################################
># for IEEE 802.1X with external Authentication Server, IEEE 802.11
># authentication with external ACL for MAC addresses, and accounting
>
># The own IP address of the access point (used as NAS-IP-Address)
>own_ip_addr=192.168.x.xx
>
># RADIUS authentication server
>auth_server_addr=192.168.x.xx
>auth_server_port=1812
>auth_server_shared_secret=password
>
># RADIUS accounting server
>#acct_server_addr=127.0.0.1
>#acct_server_port=1813
>#acct_server_shared_secret=secret
>
># Secondary RADIUS servers; to be used if primary one does not reply to
># RADIUS packets. These are optional and there can be more than one secondary
># server listed.
>#auth_server_addr=127.0.0.2
>#auth_server_port=1812
>#auth_server_shared_secret=secret2
>#
>#acct_server_addr=127.0.0.2
>#acct_server_port=1813
>#acct_server_shared_secret=secret2
>
># Retry interval for trying to return to the primary RADIUS server (in
># seconds). RADIUS client code will automatically try to use the next server
># when the current server is not replying to requests. If this interval is set,
># primary server will be retried after configured amount of time even if the
># currently used secondary server is still working.
>radius_retry_primary_interval=600
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>HostAP mailing list
>HostAP at shmoo.com
>http://lists.shmoo.com/mailman/listinfo/hostap
>
--
Best Regards, Oleg Izhvanov

More information about the HostAP mailing list