wpa_supplicant problem with EAP

daniel escartin EXCHANGE03_VirtYH04 escartid at arcada.fi
Mon Feb 23 06:01:08 EST 2004


Hi all,

I'm trying to authenticate my  wpa_supplicant in Linux Red Hat 9.0
and Kernel 2.4.20-8 join with xsupplicant againts one cisco-ap and RADIUS
server, in my case I tried to work with PreShared key and I was
successful, but now I'm trying with EAP authentication, I got work with
this,but know I get next error:
########################################################################
[root at test-radius root]# xsupplicant -i wlan0 -c /etc/xsupplicant.conf
Interface initalized!
Connection established, authenticating...
Authenticated!
Processing EAPoL-Key!
WPA EAPOL-Key - ignoring it
Processing EAPoL-Key!
WPA EAPOL-Key - ignoring it
Processing EAPoL-Key!
WPA EAPOL-Key - ignoring it
########################################################################


This is RADIUS log:


#####################################################################
rad_recv: Access-Request packet from host 192.168.1.60:1645, id=74,
length=161        User-Name = "cisco-wlan"
        Framed-MTU = 1400
        Called-Station-Id = "000d.2888.d602"
        Calling-Station-Id = "0006.2530.7374"
        Message-Authenticator = 0x208156361854c4cb3259dfe02670c699
        EAP-Message = 0x020400060d00
        NAS-Port-Type = Virtual
        NAS-Port = 351
        State =
0x675f6e273ae8c8a59cbf8244cc1bcd941ed939402be082ba836edc990f0824569609e621
        NAS-IP-Address = 192.168.1.60
        NAS-Identifier = "ciscoap"
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "chap" returns noop
  rlm_eap: EAP packet type notification id 4 length 6
  rlm_eap: EAP Start not found
  modcall[authorize]: module "eap" returns updated
    rlm_realm: No '@' in User-Name = "cisco-wlan", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop
    users: Matched cisco-wlan at 99
  modcall[authorize]: module "files" returns ok
  modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns updated
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
  rlm_eap: EAP packet type notification id 4 length 6
  rlm_eap: EAP Start not found
  rlm_eap: Request found, released from the list
  rlm_eap: EAP_TYPE - tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
rlm_eap_tls: Received EAP-TLS ACK message
  modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 74 to 192.168.1.60:1645
        EAP-Message =
0x010501360d800000092c20666f722....
        EAP-Message =
0x11300f0603550403130843616d616....
        Message-Authenticator = 0x00000000000000000000000000000000
        State =
0x135c9b5b2d4aaeee888d864ccfef779d1ed939406b5e8db832ec91503371b822da69b4c0
Finished request 10
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.60:1645, id=75,
length=1573
        User-Name = "cisco-wlan"
        Framed-MTU = 1400
        Called-Station-Id = "000d.2888.d602"
        Calling-Station-Id = "0006.2530.7374"
        Message-Authenticator = 0x2b64f7bae478b9e24006f9ac1cac31f0
        EAP-Message =
0x020505800dc0000008b816030107620b0...
        EAP-Message =
0x064e796c616e64310d300b06035504071...
        EAP-Message =
0x8a1090ca927fd82a2df606d3dee702030...
        EAP-Message =
0x6e64310d300b060355040713044573626...
        EAP-Message =
0x965dda6a7d00037530820371308202daa...
        EAP-Message =
0x044573626f310f300d060355040a13064...
        NAS-Port-Type = Virtual
        NAS-Port = 351
        State =
0x135c9b5b2d4aaeee888d864ccfef779d1ed939406b5e8db832ec91503371b822da69b4c0
        NAS-IP-Address = 192.168.1.60
        NAS-Identifier = "ciscoap"
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "chap" returns noop
  rlm_eap: EAP packet type notification id 5 length 1408
  rlm_eap: EAP Start not found
  modcall[authorize]: module "eap" returns updated
    rlm_realm: No '@' in User-Name = "cisco-wlan", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop
    users: Matched cisco-wlan at 99
  modcall[authorize]: module "files" returns ok
  modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns updated
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
  rlm_eap: EAP packet type notification id 5 length 1408
  rlm_eap: EAP Start not found
  rlm_eap: Request found, released from the list
  rlm_eap: EAP_TYPE - tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
rlm_eap_tls:  Received EAP-TLS First Fragment of the message
Total Length Included
  modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 75 to 192.168.1.60:1645
        EAP-Message = 0x010600060d00
        Message-Authenticator = 0x00000000000000000000000000000000
        State =
0x6c1eb4fb81d87220c7625db9c80c65441fd93940ae63f806d1689b4334d77dc182429ac4

####################################################################

These is the wpa_supplicant.conf

####################################################################

network={
        ssid="cisco-wlan"
        key_mgmt=WPA-EAP
        pairwise=TKIP
}

##################################################################

And this is xsupplicant.conf

network_list = all
default_netname = cisco-wlan

cisco-wlan
{
        type = wireless
        allow_types = eap_tls
        identity = <BEGIN_ID>cisco-wlan<END_ID>
        eap-tls {
                 random_file = /dev/urandom
                 chunk_size = 1398
                 root_cert = /trusted-ca-list/ca-list.pem
                 cert = /certgen/pemcerts/User1cert.pem
                 key  = /certgen/privatekeys/User1key.pem
                 key_pass = <BEGIN_PASS>User1<END_PASS>
                }
}


######################################################

My wireless card is a Linksys WPC11 version 3 with wpa_support,
its really weird, because before it worked well but suddenly it
started with this error, Can anyone say me what is wrong here?

Thank you in advance, Regards Daniel.



More information about the HostAP mailing list