AW: 802.1x troubles...

Larry LeBlanc larry.leblanc at shaw.ca
Thu Aug 12 11:28:13 EDT 2004


Thanks for the input Karl. As per subsequent follow-ups (which 
unfortunately weren't threaded) my problem was that I was attempting 
dynamic WEP with the built-in minimal EAP server, which Jouni has 
emphatically pointed out will not work. Once I turned that off (and 
setup static WEP, since my WinXP client doesn't seem to allow me to use 
802.1x without some form of encryption) the 802.1x authentication worked 
fine. And yesterday I was able to get dynamic WEP working with an 
installation of freeRADIUS.

Jouni: I don't think removing minimal_eap is necessarily the right 
answer - once I understood its limitations it was quite useful, allowing 
me to verify basic 802.1x functionality before adding too many new 
software components to the mix (eg freeRADIUS). What would be useful for 
people like me is an additional comment in hostapd.conf indicating that 
dynamic WEP doesn't work with minimal_eap. The current comment just says 
it should only be used for testing which is exactly what I was trying to 
use it for.

Thanks for all the help everyone...

Larry

Karl Rothenhofer wrote:

>Hello Larry,
>
>having a very similar objective like you, myself and a couple of friends
>encountered a very similar problem like the one you described. Though dhcpd
>was running, the WIN XP client could not get an IP-address and hence could
>not communicate. When we assigned a fixed IP address, communication was
>possible or alternatively when we restarted dhcpd in our accesspoint in that
>given situation automatic assignment of the IP-address and hence
>communication became also possible. This lead to the assumption, that dhcpd
>was initialised at the wrong point in time, when the wlan Interface was not
>yet ready. Conseuqently we changed the initialisation sequence putting dhcpd
>initialisation at a very late point in initialisation time and our problem
>was solved. Will yours be also solved by doing so? In case you need
>additional information please let me know.
>
>Karl
>
>
>
>  
>
>>-----Ursprungliche Nachricht-----
>>Von: hostap-bounces+karl.rothenhoefer=t-online.de at shmoo.com
>>[mailto:hostap-bounces+karl.rothenhoefer=t-online.de at shmoo.com]Im
>>Auftrag von Larry LeBlanc
>>Gesendet: Mittwoch, 11. August 2004 00:43
>>An: hostap at shmoo.com
>>Betreff: 802.1x troubles...
>>
>>
>>Hello,
>>
>>I'm (eventually) trying to setup a full-blown 802.11i AP
>>using freeRADIUS but I thought I would take baby steps and
>>see if I could get 802.1x working with the minimal EAP server
>>built-in to hostapd. From what I can see in the hostapd logs
>>things seem to work OK - I see messages indicating that the
>>port is authorized and authenticated, i.e.:
>>
>>wlan0: STA <my client MAC> IEEE 802.1X: authorizing port
>>wlan0: STA <my client MAC> IEEE 802.1X: authenticated
>>
>>But my (WinXP) client doesn't seem to understand that it is
>>authenticated. My DHCP queries fail and if I force another
>>query Windows launches into the authentication process again.
>>So it seems Windows does not understand the link is up.
>>
>>I am using hostapd-0.2.4 with hostap-driver-0.2.4. In
>>hostapd.conf I have set the following:
>>
>>ieee8021x=1
>>minimal_eap=1
>>wep_key_len_broadcast=13
>>wep_key_len_unicast=13
>>wep_rekey_period=0 # for now I'd just like to get one!
>>eapol_key_index_workaround=0 # since I'm setting unicast keys
>>
>>I've attached the output from "hostapd -ddd". If anyone has
>>any hints, I'd love to hear them. If you need me to capture
>>and post any additional data, let me know.
>>
>>Thanks,
>>
>>Larry
>>
>>_______________________________________________
>>HostAP mailing list
>>HostAP at shmoo.com
>>http://lists.shmoo.com/mailman/listinfo/hostap
>>
>>    
>>
>
>
>
>  
>




More information about the HostAP mailing list