wpa_supplicant: No connection using Radius+LDAP but without LDAP

Florian Prester Florian.Prester at rrze.uni-erlangen.de
Tue Aug 9 07:48:14 EDT 2005


Hi,

I use wpa_supplicant and a freeradius for authentication and it works 
fine for authentication.
But then I have problems with the encryption/wpa-mode: Wireless event: 
cmd=0x8b15 len=20
But it is not a problem in general, because if I use the same user with 
a radius local-user everything works fine.

So I think it might be a timeout problem?
If so where can I configure timeouts?

Any suggestions?

Thanks
Florian Prester


My log:
Initializing interface 'ath0' conf '../wlan_wpa.conf' driver 'madwifi'
Configuration file '../wlan_wpa.conf' ->
'/home/florian/wpa_supplicant-0.3.9/../wlan_wpa.conf'
Reading configuration file
'/home/florian/wpa_supplicant-0.3.9/../wlan_wpa.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1
Line: 314 - start of a new network block
ssid - hexdump_ascii(len=7):
     46 41 55 2d 53 45 43                              FAU-SEC
key_mgmt: 0x1
eap methods - hexdump(len=2): 15 00
identity - hexdump_ascii(len=7):
     75 6e 72 7a 31 34 38                              unrz148
password - hexdump_ascii(len=7):
     75 6e 72 7a 31 34 38                              unrz148
phase2 - hexdump_ascii(len=11):
     61 75 74 68 65 61 70 3d 4d 44 35                  autheap=MD5
priority=2 (0x2)
Priority group 2
   id=0 ssid='FAU-SEC'
Initializing interface (2) 'ath0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Own MAC address: 00:20:a6:4d:2c:56
...
wpa_driver_madwifi_set_countermeasures: enabled=0
wpa_driver_madwifi_set_drop_unencrypted: enabled=1
Setting scan request: 0 sec 100000 usec
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
Starting AP scan (broadcast SSID)
Wireless event: cmd=0x8b1a len=12
EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0
EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0
Wireless event: cmd=0x8b19 len=12
Received 470 bytes of scan results (2 BSSes)
Scan results: 2
Selecting BSS from priority group 2
0: 00:0b:0e:2f:e2:c0 ssid='FAU-SEC' wpa_ie_len=0 rsn_ie_len=22
   selected
Trying to associate with 00:0b:0e:2f:e2:c0 (SSID='FAU-SEC' freq=2442 MHz)
Cancelling scan request
Automatic auth_alg selection: 0x1
RSN: using IEEE 802.11i/D9.0
WPA: Selected cipher suites: group 16 pairwise 16 key_mgmt 1
WPA: using GTK CCMP
WPA: using PTK CCMP
WPA: using KEY_MGMT 802.1X
WPA: Own WPA IE - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f
ac 04 01 00 00 0f ac 01 00 00
No keys have been configured - skip key clearing
wpa_driver_madwifi_set_drop_unencrypted: enabled=1
wpa_driver_madwifi_associate
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b1a len=20
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:0b:0e:2f:e2:c0
Association event - clear replay counter
Associated to a new BSS: BSSID=00:0b:0e:2f:e2:c0
No keys have been configured - skip key clearing
Associated with 00:0b:0e:2f:e2:c0
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
TX EAPOL - hexdump(len=18): 00 0b 0e 2f e2 c0 00 20 a6 4d 2c 56 88 8e 01
01 00 00
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
RX EAPOL from 00:0b:0e:2f:e2:c0
RX EAPOL - hexdump(len=50): 01 00 00 2e 01 01 00 2e 01 00 6e 65 74 77 6f
72 6b 69 64 3d 46 41 55 2d 53 45 43 2c 6e 61 73 69 64 3d 6e 6f 73 2d 33
2e 30 2c 70 6f 72 74 69 64 3d 35
Setting authentication timeout: 70 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=1
EAP: EAP entering state IDENTITY
EAP: EAP-Request Identity data - hexdump_ascii(len=41):
     00 6e 65 74 77 6f 72 6b 69 64 3d 46 41 55 2d 53   _networkid=FAU-S
     45 43 2c 6e 61 73 69 64 3d 6e 6f 73 2d 33 2e 30   EC,nasid=nos-3.0
     2c 70 6f 72 74 69 64 3d 35                        ,portid=5
EAP: using real identity - hexdump_ascii(len=7):
     75 6e 72 7a 31 34 38                              unrz148
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=30): 00 0b 0e 2f e2 c0 00 20 a6 4d 2c 56 88 8e 01
00 00 0c 02 01 00 0c 01 75 6e 72 7a 31 34 38
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 50, expecting at least 99
RX EAPOL from 00:0b:0e:2f:e2:c0
RX EAPOL - hexdump(len=54): 01 00 00 2e 01 01 00 2e 01 00 6e ...
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=1
EAP: EAP entering state RETRANSMIT
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=30): 00 0b 0e 2f e2 c0 00 20 a6 4d 2c...
00 00 0c 02 01 00 0c 01 75 6e 72 7a 31 34 38
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 54, expecting at least 99
RX EAPOL from 00:0b:0e:2f:e2:c0
RX EAPOL - hexdump(len=50): 01 00 00 06 01 02 00 06 19 20 00...
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=25 id=2
EAP: EAP entering state GET_METHOD
EAP: Building EAP-Nak (requested type 25 not allowed)
EAP: allowed methods - hexdump(len=1): 15
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=24): 00 0b 0e 2f e2 c0 00 20 a6 4d 2c 56...
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 50, expecting at least 99
EAPOL: Port Timers tick - authWhile=29 heldWhile=0 startWhen=29 idleWhile=59
RX EAPOL from 00:0b:0e:2f:e2:c0
RX EAPOL - hexdump(len=50): 01 00 00 06 01 03 00 06 15 20 00 ...
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=21 id=3
EAP: EAP entering state GET_METHOD
EAP: initialize selected EAP method (21, TTLS)
EAP-TTLS: Phase2 type: EAP
EAP-TTLS: Phase2 EAP types - hexdump(len=1): 04
EAP: EAP entering state METHOD
EAP-TTLS: Received packet(len=6) - Flags 0x20
EAP-TTLS: Start
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 102 bytes pending from ssl_out
SSL: 102 bytes left to be sent out (of total 102 bytes)
EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=126): 00 0b 0e 2f e2 c0 00 20 a6 4d ...
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 50, expecting at least 99
RX EAPOL from 00:0b:0e:2f:e2:c0
RX EAPOL - hexdump(len=1038): 01 00 04 0a 01 04 04 0a 15 c0 00...
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=21 id=4
EAP: EAP entering state METHOD
EAP-TTLS: Received packet(len=1034) - Flags 0xc0
EAP-TTLS: TLS Message Length: 1777
SSL: Need 753 bytes more input data
SSL: Building ACK
EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=24): 00 0b 0e 2f e2 c0 00 20 a6 ...
EAPOL: SUPP_BE entering state RECEIVE
IEEE 802.1X RX: version=1 type=0 length=1034
WPA: EAPOL frame (type 0) discarded, not a Key frame
RX EAPOL from 00:0b:0e:2f:e2:c0
RX EAPOL - hexdump(len=767): 01 00 02 fb 01 05 02 fb 15 80...
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=21 id=5
EAP: EAP entering state METHOD
EAP-TTLS: Received packet(len=763) - Flags 0x80
EAP-TTLS: TLS Message Length: 1777
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server hello A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server certificate A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server done A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client key exchange A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write change cipher spec A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write finished A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 flush data
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read finished A
SSL: SSL_connect - want more data
SSL: 198 bytes pending from ssl_out
SSL: 198 bytes left to be sent out (of total 198 bytes)
EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=222): 00 0b 0e 2f e2 c0 00 20 a6 4d 2c...
EAPOL: SUPP_BE entering state RECEIVE
IEEE 802.1X RX: version=1 type=0 length=763
WPA: EAPOL frame (type 0) discarded, not a Key frame
RX EAPOL from 00:0b:0e:2f:e2:c0
RX EAPOL - hexdump(len=73): 01 00 00 45 01 06 00 45 15 80 00 00 ...
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=21 id=6
EAP: EAP entering state METHOD
EAP-TTLS: Received packet(len=69) - Flags 0x80
EAP-TTLS: TLS Message Length: 59
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read finished A
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 0 bytes pending from ssl_out
SSL: No data to be sent out
EAP-TTLS: TLS done, proceed to Phase 2
EAP-TTLS: Derived key - hexdump(len=64): de 1a 2d 33 65...
EAP-TTLS: received 0 bytes encrypted data for Phase 2
EAP-TTLS: empty data in beginning of Phase 2 - use fake EAP-Request Identity
EAP-TTLS: Phase 2 EAP Request: type=1
EAP: using real identity - hexdump_ascii(len=7):
     75 6e 72 7a 31 34 38                              unrz148
EAP-TTLS: AVP encapsulate EAP Response - hexdump(len=12): 02 ...
EAP-TTLS: Encrypting Phase 2 data - hexdump(len=20): 00 00 ...
EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=114): 00 0b 0e 2f e2 ...
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 73, expecting at least 99
RX EAPOL from 00:0b:0e:2f:e2:c0
RX EAPOL - hexdump(len=120): 01 00 00 74 01 07 ...
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=21 id=7
EAP: EAP entering state METHOD
EAP-TTLS: Received packet(len=116) - Flags 0x80
EAP-TTLS: TLS Message Length: 106
EAP-TTLS: received 106 bytes encrypted data for Phase 2
EAP-TTLS: Decrypted Phase 2 AVPs - hexdump(len=32): 00 00...
EAP-TTLS: AVP: code=79 flags=0x40 length=30
EAP-TTLS: AVP data - hexdump(len=22): 01 07 00 16 04 ...
EAP-TTLS: AVP - EAP Message
EAP-TTLS: Phase 2 EAP - hexdump(len=22): 01 07 00 16 04 ...
EAP-TTLS: received Phase 2: code=1 identifier=7 length=22
EAP-TTLS: Phase 2 EAP Request: type=4
EAP-TTLS: Selected Phase 2 EAP method 4
EAP-MD5: Challenge - hexdump(len=16): 59 a1 b8 f9 f5 32 4d ...
EAP-MD5: generating Challenge Response
EAP-MD5: Response - hexdump(len=16): f6 2d b8 bd ef 90 89 ...
EAP-TTLS: AVP encapsulate EAP Response - hexdump(len=22): 02 07 ...
EAP-TTLS: Encrypting Phase 2 data - hexdump(len=32): 00 00 00 4f...
EAP-TTLS: Authentication completed successfully
EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=130): 00 0b 0e...
EAPOL: SUPP_BE entering state RECEIVE
IEEE 802.1X RX: version=1 type=0 length=116
WPA: EAPOL frame (type 0) discarded, not a Key frame
RX EAPOL from 00:0b:0e:2f:e2:c0
RX EAPOL - hexdump(len=50): 01 00 00 04 ...
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Success
EAP: Workaround for unexpected identifier field in EAP Success: reqId=9
lastId=7 (these are supposed to be same)
EAP: EAP entering state SUCCESS
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
WPA: EAPOL frame too short, len 50, expecting at least 99

<<<< here normaly with an local user wpa starts everything before is the
same

Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
Setting scan request: 0 sec 100000 usec
Added BSSID 00:0b:0e:2f:e2:c0 into blacklist
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_del_key: keyidx=0
Starting AP scan (broadcast SSID)
Wireless event: cmd=0x8b1a len=12
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
EAPOL: Port Timers tick - authWhile=29 heldWhile=0 startWhen=28 idleWhile=59
EAPOL: Port Timers tick - authWhile=28 heldWhile=0 startWhen=27 idleWhile=58
EAPOL: Port Timers tick - authWhile=27 heldWhile=0 startWhen=26 idleWhile=57
Wireless event: cmd=0x8b19 len=12
Received 752 bytes of scan results (4 BSSes)
Scan results: 4
Selecting BSS from priority group 2
0: 00:0b:0e:2f:e2:c0 ssid='FAU-SEC' wpa_ie_len=0 rsn_ie_len=22
   selected
Trying to associate with 00:0b:0e:2f:e2:c0 (SSID='FAU-SEC' freq=2442 MHz)
Cancelling scan request
Automatic auth_alg selection: 0x1
RSN: using IEEE 802.11i/D9.0
WPA: Selected cipher suites: group 16 pairwise 16 key_mgmt 1
WPA: using GTK CCMP
WPA: using PTK CCMP
WPA: using KEY_MGMT 802.1X
WPA: Own WPA IE - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f
ac 04 01 00 00 0f ac 01 00 00
No keys have been configured - skip key clearing
wpa_driver_madwifi_set_drop_unencrypted: enabled=1
wpa_driver_madwifi_associate
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b1a len=20
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:0b:0e:2f:e2:c0
Association event - clear replay counter
Associated to a new BSS: BSSID=00:0b:0e:2f:e2:c0
No keys have been configured - skip key clearing
Associated with 00:0b:0e:2f:e2:c0
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
TX EAPOL - hexdump(len=18): 00 0b 0e 2f e2 c0 00 20 a6 4d 2c 56 88 8e 01
01 00 00
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: maintaining EAP method data for fast reauthentication
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
Setting scan request: 0 sec 100000 usec
BSSID 00:0b:0e:2f:e2:c0 blacklist count incremented to 2
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_del_key: keyidx=0
Starting AP scan (broadcast SSID)
Wireless event: cmd=0x8b1a len=12
EAPOL: Port Timers tick - authWhile=26 heldWhile=0 startWhen=29 idleWhile=59
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
EAPOL: Port Timers tick - authWhile=25 heldWhile=0 startWhen=28 idleWhile=58
Signal 2 received - terminating
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_madwifi_set_drop_unencrypted: enabled=0
wpa_driver_madwifi_set_countermeasures: enabled=0
No keys have been configured - skip key clearing
EAP: deinitialize previously used EAP method (0, TTLS) at EAP deinit
Removed BSSID 00:0b:0e:2f:e2:c0 from blacklist (clear)









-- 
--------------------------------------------------------------
Dipl. Inf. Florian Prester
Network Administration
Regionales RechenZentrum Erlangen
Universitaet Erlangen-Nuernberg
Germany

Tel.: +499131 8527813






More information about the HostAP mailing list