802.1x auth with wpa_supp?

Morgan Read mstuff at pl.net
Sat Sep 25 05:29:05 EDT 2004


Hi
I've had some feed back from my uni on this.  Apparently the server cert 
was changed a few weeks back and it can no longer be verified (nice 
work).  Now people are turning the verification option off in windows & 
linux/xsupplicant - How do I turn verification off in wpa_supplicant?

Another suggestion was that I need to regenerate my key?  The one I'm 
using was generated for xsupplicant - can anybody give me a basic "one 
two" on using ssh-keygen or openssl to correctly generate a private key 
for wpa_supplicant?  I've had this in the back of my mind for a while 
but not found any info on it.

Copy of recent debug output attached FYI (interesting bit's 35-45 lines 
from end).

Regards,
Morgan.

###################################
[root at morgansmachine root]# wpa_supplicant -iwlan0
-c/etc/wpa_supplicant.conf -d Configuration file
'/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group=0
eapol_version=1
ap_scan=1
Priority group 0
    id=0 ssid='uoa'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_hostap_set_wpa: enabled=1
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_countermeasures: enabled=0
wpa_driver_hostap_set_drop_unencrypted: enabled=1
Setting scan request: 0 sec 100000 usec
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
RTM_NEWLINK, IFLA_IFNAME: Interface 'wifi0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
Starting AP scan (specific SSID)
Scan SSID - hexdump_ascii(len=3):
      75 6f 61                                          uoa
Wireless event: cmd=0x8b19 len=12
Received 158 bytes of scan results (1 BSSes)
Scan results: 1
Selecting BSS from priority group 0
0: 00:0d:ed:99:37:c0 ssid='uoa' wpa_ie_len=0 rsn_ie_len=0
    skip - no WPA/RSN IE
    selected non-WPA AP 00:0d:ed:99:37:c0 ssid='uoa'
Trying to associate with 00:0d:ed:99:37:c0 (SSID='uoa' freq=2437 MHz)
Cancelling scan request
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_drop_unencrypted: enabled=1
wpa_driver_hostap_associate
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
Wireless event: cmd=0x8b04 len=12
RX EAPOL from 00:0d:ed:99:37:c0
Setting authentication timeout: 10 sec 0 usec
EAPOL frame received in disassociated state - dropped
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
Wireless event: cmd=0x8b1a len=15
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:0d:ed:99:37:c0
Association event - clear replay counter
Associated to a new BSS: BSSID=00:0d:ed:99:37:c0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
RX EAPOL from 00:0d:ed:99:37:c0
Setting authentication timeout: 10 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=2
EAP: EAP entering state IDENTITY
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=10):
      45 43 5c 6d 72 65 61 30 30 35                     EC\mrea005
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 46, expecting at least 99
RX EAPOL from 00:0d:ed:99:37:c0
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=25 id=3
EAP: EAP entering state GET_METHOD
EAP-PEAP: Phase2 type: MSCHAPV2
SSL: Trusted root certificate(s) loaded
SSL: Private key failed verification: error:140CB07C:SSL
routines:SSL_use_PrivateKey_file:bad ssl filetype
SSL - SSL error: error:140A30B1:SSL routines:SSL_check_private_key:no
certificate assigned
EAP-PEAP: Failed to initialize SSL.
EAP: Failed to initialize EAP method 25
EAP: EAP entering state METHOD
EAP::METHOD - method not selected
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: txSuppRsp - EAP response data not available
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 46, expecting at least 99
RTM_NEWLINK, IFLA_IFNAME: Interface 'wifi0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
Signal 2 received - terminating
wpa_driver_hostap_deauthenticate
wpa_driver_hostap_reset: type=2
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
wpa_driver_hostap_set_wpa: enabled=0
wpa_driver_hostap_set_drop_unencrypted: enabled=0
wpa_driver_hostap_set_countermeasures: enabled=0
[root at morgansmachine root]#
###########################

Jouni Malinen wrote:
> On Tue, Sep 07, 2004 at 10:25:30PM +1200, Morgan Read wrote:
> 
> 
>>Well that was much more exciting!  At least to my eyes...
>>
>>I ran as you suggested per the hostap driver (not wext).
> 
> 
> Yes, indeed, this time the EAPOL negotiation was at least started.
> However, the AP/authentication server did not seem to like the identity
> response from the client.
> 
> 
>>EAP: Received EAP-Request method=1 id=2
>>EAP: EAP entering state IDENTITY
>>EAP: EAP-Request Identity data - hexdump_ascii(len=0):
>>EAP: using real identity - hexdump_ascii(len=10):
>>     45 43 2f 6d 72 65 61 30 30 35                     EC/mrea005
> 
> 
> Are you sure that is the current username? If "EC" is the domain part,
> that should most likely be EC\mrea005, not EC/mrea005.. 
> 
> 
>>Wireless event: cmd=0x8b15 len=20
>>Wireless event: new AP: 00:00:00:00:00:00
>>Setting scan request: 0 sec 100000 usec
>>EAPOL: External notification - portEnabled=0
>>EAPOL: SUPP_PAE entering state DISCONNECTED
> 
> 
> It looks like the AP disassociated the stations. This could have
> happened, e.g., because the authentication server rejected access to
> EC/mrea005 identity.
> 

-- 
Morgan Read
<mailto:mstuffATplDOTnet>



More information about the HostAP mailing list