A couple of Problems with hostap and 802.1x
erich at vitavonni.de
Mon Aug 25 09:30:58 EDT 2003
> > Well, that leads to my questions already. ;)
> > - xsupplicant: using the same certificates i can't get it to work. It
> > sends out the user name; on the machine running hostapd i do see the EAP
> > Challenge being sent out, on the client i don't see it coming in with
> > ethereal. I guess that is why xsupplicant doesn't reply. Any ideas?
> Seeing hostapd debug log with at least debug=2 (or -dd in command line)
> level could be helpful to find out what did not work.
I have been running hostapd with -dd, freeradius with -XA and ethereal
in order to get it working. No success yet.
> > - dynamic wep rekeying with EAP-TSL and win2k. Does this work? when i
> > enable rekeying in hostapd authentication fails:
> > wlan0: encryption configured, but RX frame not encrypted (SA=...)
> > i guess that is the reply frame.
> It should work. How did you configure hostapd for this? With both
> broadcast and unicast keys? Does EAP-TLS succeed in this setup or do you
> get that frame drop messages already for an EAPOL packet?
It seems the first EAPOL packet gets through, but nothing more. Maybe
the reply packet isn't arriving correctly. I have a third machine with
WLAN here, Knoppix-based (i'm using to try xsupplicant) but i couldn't
get useful dumps there either.
I tried EAP-TSL with a fixed WEP-Key, but i think i had problems with
that, too. Using WEP without 802.1x was fine though.
I tried at least both multicast and unicast keys enabled (default
values). Is it easier to just try one first?
> > Another question: When 802.11i is finished; are there people working on
> > implementing these for linux already?
erich@(mucl.de|debian.org) -- GPG Key ID: 4B3A135C (o_
There was never a good war or a bad peace. - Benjamin Franklin //\
Die Freunde nennen sich aufrichtig. Die Feinde sind es: Daher V_/_
man ihren Tadel zur Selbsterkenntnis benutzen sollte, als
eine bittere Arznei. --- Arthur Schopenhauer
More information about the HostAP