!!!!!EAP-Tls Authentication Fault
jkmaline at cc.hut.fi
Sun Feb 9 01:05:47 EST 2003
On Fri, Feb 07, 2003 at 05:38:59PM -0800, Selcuk OZTURK wrote:
> When I test hostAP , TLS hadshake starts and FreeRadius Authenticates the
> client from its view by sending Access-Accept and MS-MPPE keys.
> But hostapd unauthorize the WinXP client :
> ./hostapd -x -0 XXX.XXX.XXX.XXX -a XXX.XXX.XXX.XXX -s whatever wlan0
> Using interface wlan0ap with hwaddr 00:05:d9:55:a5 and ssid 'test"
> Flushing old station entries
> Station 00:05:5d:d9:57:59 authenticated (open system)
> Station 00:05:5d:d9:57:59 associated (aid1)
> IEEE 802.1X Start authentication for new station 00:05:5d:d9:57:59
> IEEE 802.1X Unauthorizing station 00:05:5d:d9:57:59
That is normal. EAPOL state machines force the port to be unauthorized
before .1X authentication has been completed.
> EAP Identifier of the Response-identity form 00:05:5d:d9:57:59 does not
> match ( was 1, expected 2)
> IEEE 802.1X Authorizing station 00:05:5d:d9:57:59
and here the port is authorized..
> MGMT: BSSID=7b:77:7b:27:52:32 not our address
I don't know what that is, but it looks like a corrupted frame.
> Sending disassociation info to STA 00:05:5d:d9:57:59
> Sending deauthentication info to STA 00:05:5d:d9:57:59
Did you get these log items immediately after the authorizing message or
was there a delay of about 5 mins here? This looks like normal
disassociation of a station after inactivity timeout. You should be able
to get more information be adding debugging verbosity with '-d' command
> How could I download a Snapversion of the HostAP ?
http://hostap.epitest.fi/ has a link for downloading CVS snapshot.
Please note that the configuration of hostapd has changed. In the CVS
version, hostapd uses a configuration file instead of command line
Jouni Malinen PGP id EFC895FA
More information about the HostAP