AW: 802.1x troubles...
larry.leblanc at shaw.ca
Thu Aug 12 11:28:13 EDT 2004
Thanks for the input Karl. As per subsequent follow-ups (which
unfortunately weren't threaded) my problem was that I was attempting
dynamic WEP with the built-in minimal EAP server, which Jouni has
emphatically pointed out will not work. Once I turned that off (and
setup static WEP, since my WinXP client doesn't seem to allow me to use
802.1x without some form of encryption) the 802.1x authentication worked
fine. And yesterday I was able to get dynamic WEP working with an
installation of freeRADIUS.
Jouni: I don't think removing minimal_eap is necessarily the right
answer - once I understood its limitations it was quite useful, allowing
me to verify basic 802.1x functionality before adding too many new
software components to the mix (eg freeRADIUS). What would be useful for
people like me is an additional comment in hostapd.conf indicating that
dynamic WEP doesn't work with minimal_eap. The current comment just says
it should only be used for testing which is exactly what I was trying to
use it for.
Thanks for all the help everyone...
Karl Rothenhofer wrote:
>having a very similar objective like you, myself and a couple of friends
>encountered a very similar problem like the one you described. Though dhcpd
>was running, the WIN XP client could not get an IP-address and hence could
>not communicate. When we assigned a fixed IP address, communication was
>possible or alternatively when we restarted dhcpd in our accesspoint in that
>given situation automatic assignment of the IP-address and hence
>communication became also possible. This lead to the assumption, that dhcpd
>was initialised at the wrong point in time, when the wlan Interface was not
>yet ready. Conseuqently we changed the initialisation sequence putting dhcpd
>initialisation at a very late point in initialisation time and our problem
>was solved. Will yours be also solved by doing so? In case you need
>additional information please let me know.
>>Von: hostap-bounces+karl.rothenhoefer=t-online.de at shmoo.com
>>[mailto:hostap-bounces+karl.rothenhoefer=t-online.de at shmoo.com]Im
>>Auftrag von Larry LeBlanc
>>Gesendet: Mittwoch, 11. August 2004 00:43
>>An: hostap at shmoo.com
>>Betreff: 802.1x troubles...
>>I'm (eventually) trying to setup a full-blown 802.11i AP
>>using freeRADIUS but I thought I would take baby steps and
>>see if I could get 802.1x working with the minimal EAP server
>>built-in to hostapd. From what I can see in the hostapd logs
>>things seem to work OK - I see messages indicating that the
>>port is authorized and authenticated, i.e.:
>>wlan0: STA <my client MAC> IEEE 802.1X: authorizing port
>>wlan0: STA <my client MAC> IEEE 802.1X: authenticated
>>But my (WinXP) client doesn't seem to understand that it is
>>authenticated. My DHCP queries fail and if I force another
>>query Windows launches into the authentication process again.
>>So it seems Windows does not understand the link is up.
>>I am using hostapd-0.2.4 with hostap-driver-0.2.4. In
>>hostapd.conf I have set the following:
>>wep_rekey_period=0 # for now I'd just like to get one!
>>eapol_key_index_workaround=0 # since I'm setting unicast keys
>>I've attached the output from "hostapd -ddd". If anyone has
>>any hints, I'd love to hear them. If you need me to capture
>>and post any additional data, let me know.
>>HostAP mailing list
>>HostAP at shmoo.com
More information about the HostAP