hostapd 1.3.5, madwifi, internal EAP-PEAP/MSCHAPv2 w/ WinXP supplicant

Coert Vonk coert.vonk at gmail.com
Mon Feb 7 10:40:15 EST 2005


Of cause, the WEP rekeying is not needed.
I said "PC-name" because the client is not connected to a domain.  It
used the hostname as the domain name.

It was using the user/passwd used to signin to XP.  That passwd was
not set.  Correcting this got me to the point where the connection
comes up.  It only stays up for a few seconds though, before it
reauthenticates.  Looking at the traces, I see these messenges that
might be related:
  SSL: SSL_accept:error in SSLv3 read client certificate A

I used the same certificates that I use for IPsec.  This describes how
I generated them:
http://www.cybcon.com/~coert/linux/wrap/ch-ipsec.html#s2-ipsec-ca-winxp

Thanks again
Coert

On Sun, 6 Feb 2005 22:46:34 -0800, Jouni Malinen <jkmaline at cc.hut.fi> wrote:
> On Sun, Feb 06, 2005 at 09:39:54PM -0800, Coert Vonk wrote:
> 
> > It now appears to disagree during MSCHAPV2
> 
> Invalid NT-Response usually means that the peer and the authenticator
> did not agree on the password..
> 
> > I included the updated config and users file.  Sometimes it appears to
> > be looking for the username without the PC name, and other times it
> > includes the PC name.  I added both to the users file to be sure.
> 
> Do you mean domain name with "PC name"? How did you enter the user
> name/domain/password? Manually into a dialog box during authentication
> or using the same user name and password that was used to login into
> Windows (single sign-on)? You can configure this in the authentication
> tab and details for MSCHAPv2 (e.g., whether to try to authenticate as
> host, etc.).
> 
> PS.
> 
> You seem to have both WEP keys and TKIP/CCMP configured in
> hostapd.conf. If you are using WPA with TKIP/CCMP, you should not
> configure wep_key_len_broadcast, wep_key_len_unicast, or
> wep_rekey_period.
> 
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hostapd.conf
Type: application/octet-stream
Size: 570 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050207/ba761ca6/attachment.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hostapd.eap_user
Type: application/octet-stream
Size: 124 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050207/ba761ca6/attachment-0001.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: log.gz
Type: application/x-gzip
Size: 12822 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050207/ba761ca6/attachment.bin 


More information about the HostAP mailing list