802.1x auth with wpa_supp?

Jouni Malinen jkmaline at cc.hut.fi
Mon Sep 6 22:53:00 EDT 2004


On Tue, Sep 07, 2004 at 01:41:36PM +1200, Morgan Read wrote:

> >Failed to enable WPA in the driver.
> >
> I updated the station firmware to 1.7.4 in ram and got the second output
> (second) below.  Also, in the second instance the AP seemed to
> "disappear" and the MAC changed to all 4s while wpa_supplicant was
> running (it didn't exit itself) and when I exited wpa_supplicant (with
> ctrl-C) the AP came back with a real MAC.
> 
> But, this is all a bit strange because I shouldn't be doing anything
> with wpa if I'm using 802.1x??  So, I think something must be
> fundamentaly amiss?

The current version of the Host AP driver interface in wpa_supplicant
always enables WPA support and consequently, requires new station
firmware. You might be able to use IEEE 802.1X with driver_wext.c (add
CONFIG_DRIVER_WEXT=y to .config, use ap_scan=0 in wpa_supplicant.conf,
and -Dwext on command line).

> Already associated with a configured network - generating associated event
> Association event - clear replay counter
> Associated to a new BSS: BSSID=44:44:44:44:44:44

> ap_scan=0

I would recommend starting with ap_scan=1 when using Host AP driver.
Your debug log showed that wpa_supplicant was not receiving any EAPOL
packets from the AP and then timing out. ap_scan=1 has received much
more testing..

> 	eap=PEAP MSCHAPV2

If you are using EAP-PEAP with EAP-MSCHAPv2 as the inner (tunneled,
phase 2) authentication, you only need to have PEAP on this line. Phase
2 method is configured below with:

> 	phase2="auth=MSCHAPV2"

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list