Identity response problem

Nadeem Akhtar n.akhtar at eim.surrey.ac.uk
Wed Jun 11 10:37:16 EDT 2003



I'm actually using the latest version of the driver. The strangest thing
is that the authentication works fine most for Aironet cards. Anyway, I'm
attaching the log file I collected at the authenticator. On the
supplicant, I dont see much except for 'Connection established,
authenticatin ..' message repeated many time.


On Thu, 5 Jun 2003, Jouni Malinen wrote:

> On Thu, Jun 05, 2003 at 07:19:08PM +0100, Nadeem Akhtar wrote:
>
> >  I am trying to use xsupplicant for authenticating a linux m/c via HostAP.
> > I'm using the in-built Lucent WaveLAN IEEE wireless card (driver
> > orinoco_cs). When I run the supplicant, it starts
> > sending messages to the AP. When an EAP Identity Request is received, the
> > supplicant sends the EAP Identity Response which is 'invalidated' by the
> > AP because of the EAP Identifiers in the Request and Response are
> > different.
>
> I have seen this happening when Authenticator sends canned failure in
> DISCONNECTED state of Authenticator PAE state machine and Supplicant (in
> this case, WinXP Supplicant) sends a deauthentication frame. This will
> mark portEnabled FALSE and state machines returns to DISCONNECTED state
> (through INITIALIZE).
>
> DISCONNECTED state increments currentId and Authenticator will then send
> new initial request to the Supplicant using the new identifier. If the
> Supplicant replies to the previous initial request, it will be dropped
> due to invalid identifier. In most cases, Supplicant would then reply to
> the new initial request and authentication can continue. However, I have
> seen cases where this has taken minutes due to those deauthentications..
>
> Which version of the Host AP did you use? I modified Authenticator PAE
> state machine to not send canned failure (and increade currentId) in
> some cases to avoid this kind of loops. I changed this in April and if
> you are using version before v0.0.2, I would recommend retesting with
> the latest version. If you can reproduce this behavior with the latest
> version of Host AP dirver, I would be interested in getting detailed
> debug logs from both hostapd and XSupplicant.
>
> --
> Jouni Malinen                                            PGP id EFC895FA
>




Nadeem Akhtar
Centre for Comm. Systems Research
University of Surrey
Guildford, Surrey GU2 7XH
United Kingdom

Tel (CCSR) : 01483-683605
-------------- next part --------------
The following attachment was sent,

but NOT saved in the Fcc copy:

    A Application/octet-stream (Name="log.gz") segment of about 2,059 bytes.



More information about the HostAP mailing list