eapol_test configuration

Jouni Malinen jkmaline at cc.hut.fi
Mon Dec 12 09:17:50 EST 2005

On Mon, Dec 12, 2005 at 11:40:29AM +0100, Norbert Wegener wrote:

> I have setup freeradius for 802.1x port authentication at a cisco switch 
> with eap-tls and an appended look into an ad-server to get needed values 
> form there. This works without problems.

> Now I want to do some automated tests using eapol_test instead of the 
> cisco switch.
> Therefore I setup this configfile file:


>         phase1="TLS tunnel"

This option is not a valid paramter for wpa_supplicant. It is just
ignored, though, so it shouldn't break anything.

> freeradius receives:
> ad_recv: Access-Request packet from host port 32777, 
> id=0, length=204
>         User-Name = "myid"
>         EAP-Message = 
> 0x02000035012f4f3d5369656d656e732d323030352f434e3d4e6f726265727420576567656e65722054434749443d5a5a5a5a5a3145

> but does not start an eap-tls authentication. Instead it directly 
> searches the AD server.

This sounds like a configuration issue on the FreeRADIUS end of the
connection, so I would recommend going through its configuration and
asking on freeradius-users mailing list, if needed. Maybe that
User-Name is not configured to use EAP authentication.

Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list