!!!!!EAP-Tls Authentication Fault

Sun Feb 9 01:05:47 EST 2003

On Fri, Feb 07, 2003 at 05:38:59PM -0800, Selcuk OZTURK wrote:

>   When I test hostAP , TLS hadshake starts and FreeRadius Authenticates the 
> client from its view by sending Access-Accept and MS-MPPE keys. 
>    But hostapd unauthorize the WinXP client :
> 
>  
>   ./hostapd -x -0 XXX.XXX.XXX.XXX -a XXX.XXX.XXX.XXX  -s whatever wlan0
>   Using interface wlan0ap  with hwaddr 00:05:d9:55:a5 and ssid 'test"
>    Flushing old station entries 
>    Station 00:05:5d:d9:57:59 authenticated (open system)
>    Station 00:05:5d:d9:57:59 associated (aid1)
>    IEEE 802.1X Start authentication for new station 00:05:5d:d9:57:59
>    IEEE 802.1X  Unauthorizing  station 00:05:5d:d9:57:59

That is normal. EAPOL state machines force the port to be unauthorized
before .1X authentication has been completed.

>    EAP Identifier of the Response-identity form 00:05:5d:d9:57:59 does not 
> match ( was 1, expected 2) 
>    IEEE 802.1X  Authorizing  station 00:05:5d:d9:57:59

and here the port is authorized..

>    MGMT: BSSID=7b:77:7b:27:52:32 not our address

I don't know what that is, but it looks like a corrupted frame.

>                Sending disassociation info to STA 00:05:5d:d9:57:59
>                Sending deauthentication info to STA 00:05:5d:d9:57:59

Did you get these log items immediately after the authorizing message or
was there a delay of about 5 mins here? This looks like normal
disassociation of a station after inactivity timeout. You should be able
to get more information be adding debugging verbosity with '-d' command
line option.

>  How could I download a Snapversion of the HostAP ?

http://hostap.epitest.fi/ has a link for downloading CVS snapshot.
Please note that the configuration of hostapd has changed. In the CVS
version, hostapd uses a configuration file instead of command line
arguments.

-- 
Jouni Malinen                                            PGP id EFC895FA