help !something about hostap-xsupplicant-freeradius!!

tan keen keentan_coldfire at yahoo.com.cn
Tue Mar 25 22:44:19 EST 2003


hi, 

i just do it all follow 

1)HOWTO on EAP/TLS authentication between freeRadius and xsupplicant(http://www.missl.cs.umd.edu/wireless/eaptls/)   ,  

 2)  README_prism2.htm 

to build a wlan using 802.1x . (two pc running linux RedHat 7.2  ; AP and FreeRadius are in one pc)

   i finish those work sugesting in the above two document and i have changed the ATTR_FRAMED_MTU value in ieee802_1x.c file to 1500 from 2304., but i can not  be authoried by AP successfully.  

  where is my error come from ?  Can anyone told me? thank you!!

========================

######xsupplicant -i wlan0

   i got this :  failed to verify cert error : Certificate has expired

================================

######./hostapd -dd -x -o 192.168.2.155 -a 192.168.2.155  -s whatever wlan0

i got :EEE 802.1X: 4 bytes from 00:40:05:af:05:2e
   IEEE 802.1X: version=1 type=1 length=0
   EAPOL-Start
IEEE 802.1X: 00:40:05:af:05:2e AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:40:05:af:05:2e (identifier 1)
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 49 bytes management frame
DATA
IEEE 802.1X: 17 bytes from 00:40:05:af:05:2e
   IEEE 802.1X: version=1 type=0 length=13
   EAP: code=2 identifier=1 length=13 (response)
   EAP Response-Identity
IEEE 802.1X: 00:40:05:af:05:2e AUTH_PAE entering state AUTHENTICATING
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=154
   Attribute 1 (User-Name) length=10
      Value: 'adam-ctl'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 192.168.2.155
   Attribute 5 (NAS-Port) length=6
      Value: 1
   Attribute 30 (Called-Station-Id) length=24
      Value: '00-40-05-AF-05-14:test'
   Attribute 31 (Calling-Station-Id) length=19
      Value: '00-40-05-AF-05-2E'
   Attribute 12 (Framed-MTU) length=6
      Value: 1500
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=15
   Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 84 bytes from authentication server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=84
   Attribute 79 (EAP-Message) length=8
   Attribute 80 (Message-Authenticator) length=18
   Attribute 24 (State) length=38
RADIUS packet matching with station 00:40:05:af:05:2e
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:af:05:2e (identifier 2)
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 98 bytes management frame
DATA
IEEE 802.1X: 66 bytes from 00:40:05:af:05:2e
   IEEE 802.1X: version=1 type=0 length=62
   EAP: code=2 identifier=2 length=62 (response)
   EAP Response-TLS
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=241
   Attribute 1 (User-Name) length=10
      Value: 'adam-ctl'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 192.168.2.155
   Attribute 5 (NAS-Port) length=6
      Value: 1
   Attribute 30 (Called-Station-Id) length=24
      Value: '00-40-05-AF-05-14:test'
   Attribute 31 (Calling-Station-Id) length=19
      Value: '00-40-05-AF-05-2E'
   Attribute 12 (Framed-MTU) length=6
      Value: 1500
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=64
   Attribute 24 (State) length=38
   Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 1120 bytes from authentication server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=1120
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=24
   Attribute 80 (Message-Authenticator) length=18
   Attribute 24 (State) length=38
RADIUS packet matching with station 00:40:05:af:05:2e
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:af:05:2e (identifier 3)
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 42 bytes management frame
DATA
IEEE 802.1X: 10 bytes from 00:40:05:af:05:2e
   IEEE 802.1X: version=1 type=0 length=6
   EAP: code=2 identifier=3 length=6 (response)
   EAP Response-TLS
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=2 length=185
   Attribute 1 (User-Name) length=10
      Value: 'adam-ctl'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 192.168.2.155
   Attribute 5 (NAS-Port) length=6
      Value: 1
   Attribute 30 (Called-Station-Id) length=24
      Value: '00-40-05-AF-05-14:test'
   Attribute 31 (Calling-Station-Id) length=19
      Value: '00-40-05-AF-05-2E'
   Attribute 12 (Framed-MTU) length=6
      Value: 1500
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=8
   Attribute 24 (State) length=38
   Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 60 bytes management frame
MGMT
mgmt::beacon
Received 1120 bytes from authentication server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=2 length=1120
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=24
   Attribute 80 (Message-Authenticator) length=18
   Attribute 24 (State) length=38
RADIUS packet matching with station 00:40:05:af:05:2e
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:af:05:2e (identifier 4)
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 42 bytes management frame
DATA
IEEE 802.1X: 10 bytes from 00:40:05:af:05:2e
   IEEE 802.1X: version=1 type=0 length=6
   EAP: code=2 identifier=4 length=6 (response)
   EAP Response-TLS
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=3 length=185
   Attribute 1 (User-Name) length=10
      Value: 'adam-ctl'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 192.168.2.155
   Attribute 5 (NAS-Port) length=6
      Value: 1
   Attribute 30 (Called-Station-Id) length=24
      Value: '00-40-05-AF-05-14:test'
   Attribute 31 (Calling-Station-Id) length=19
      Value: '00-40-05-AF-05-2E'
   Attribute 12 (Framed-MTU) length=6
      Value: 1500
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=8
   Attribute 24 (State) length=38
   Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 267 bytes from authentication server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=3 length=267
   Attribute 79 (EAP-Message) length=191
   Attribute 80 (Message-Authenticator) length=18
   Attribute 24 (State) length=38
RADIUS packet matching with station 00:40:05:af:05:2e
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:af:05:2e (identifier 5)
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 60 bytes management frame
MGMT
mgmt::beacon
Received 60 bytes management frame
MGMT
mgmt::beacon
Signal 2 received - terminating
Flushing old station entries
Deauthenticate all stations

 

=======================================

it seem ok ,but xsupplicant  cant be authoried by AP!

what the problem ? i need your help!







---------------------------------
Do You Yahoo!?
"雅虎通网络KTV, 随时随地免费卡拉OK~~"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20030326/c336a11a/attachment.htm 


More information about the HostAP mailing list