hostapd 1.3.5, madwifi, internal EAP-PEAP/MSCHAPv2 w/ WinXP supplicant

Jouni Malinen jkmaline at cc.hut.fi
Sun Feb 6 18:48:17 EST 2005


On Sun, Feb 06, 2005 at 01:57:32PM -0800, Coert Vonk wrote:

> Thanks for the reply.  Attached are the configuration files and log. 
> Sorry for the delay.  My initial reply bounced because the email
> exceeded 25kB.  This time the log file is compressed (use gunzip to
> uncompress).

Thanks.

It looks like you have configured the phase 2 authentication to use MD5,
but the Windows XP supplicant does not support this. Please re-test
after replacing MD5 with MSCHAPV2 in hostapd.eap_user.


In hostapd log, you can see this failure in negotiation for phase 2 EAP
method:

hostapd tries MD5:

EAP-Identity: Peer identity - hexdump_ascii(len=15):
     43 52 4f 58 5c 43 6f 65 72 74 20 56 6f 6e 6b      CROX\Coert Vonk
EAP-PEAP: PHASE2_ID -> PHASE2_METHOD
EAP-PEAP: try EAP type 4

client does not support it, asks for MSCHAPv2:

EAP-PEAP: received Phase 2: code=2 identifier=108 length=6
EAP-PEAP: Phase2 type Nak'ed; allowed types - hexdump(len=1): 1a
EAP: processing NAK (current EAP method index 1)

hostapd was configured not to allow MSCHAPv2 so it rejects
authentication (not very clear from the debug log, but that is what is
happening here):

EAP: list of methods supported by the peer - hexdump(len=1): 1a
EAP: new list of configured methods - hexdump(len=8): 04 00 00 00 00 00 00 00
EAP-PEAP: PHASE2_METHOD -> PHASE2_TLV

client acknowledges this:

EAP-TLV: Result TLV - hexdump(len=2): 00 02
EAP-TLV: TLV Result - Failure - requested Failure

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list