Pre-authentication

Manoj Verma, Noida manojv at hcltech.com
Mon Jan 24 03:07:05 EST 2005


Hi,

I wanted to know how I can test the WPA2 pre-authentication functionality.

We have a WPA2 enabled Access point (CISCO 1200 Series) which doesn't seems
to support pre-authetication, i.e. the pre-authetication bit in the WPA2-IE
is not set to 1.

Is there any commercial Access point available that supports
Pre-authentication?

Thanks & Regards,
Manoj


>-----Original Message-----
>From: hostap-bounces+manojv=noida.hcltech.com at shmoo.com [mailto:hostap-
>bounces+manojv=noida.hcltech.com at shmoo.com] On Behalf Of Jouni Malinen
>Sent: Saturday, January 22, 2005 11:33 AM
>To: Zimmermann, Christopher Brian (Chris)
>Cc: hostap at shmoo.com
>Subject: Re: PMKSA/PMKID issue(s)
>
>On Sat, Jan 22, 2005 at 12:41:21AM -0500, Zimmermann, Christopher Brian
>(Chris) wrote:
>
>> You can see the EAP-SUCCESS, but the PMKID does not get processed via
>> rsn_preauth_eapol_cb().  Both of these APs come from the Terrawave
>> WPA2/WMM testbed package.
>
>Interesting.. wpa_supplicant is discarding the EAP-Success packet for
>the pre-authentication case even though it was accepted for the normal
>authentication. It looks like I have not tested pre-authentication with
>RADIUS servers that do not conform to EAP RFC (i.e., ones that require
>EAP workarounds in wpa_supplicant).. EAPOL state machine initialization
>in rsn_preauth_init() was not initializing couple of configuration
>fields and this disabled EAP workarounds for pre-authentication even if
>they were enabled for the normal authentication.
>
>Please let me know whether the attached patch fixes this issue. This
>change is already committed to CVS, too.
>
>> But I don't get a add_pmkid() call into the driver interface.  And the
>> timeout gets called, too.
>
>This is because the EAP-Success was never processed..
>
>> EAP: EAP entering state RECEIVED
>> EAP: Received EAP-Success
>> EAP: Workaround for unexpected identifier field in EAP Success: reqId=6
>lastId=5 (these are supposed to be same)
>> EAP: EAP entering state SUCCESS
>> EAPOL: SUPP_BE entering state RECEIVE
>> EAPOL: SUPP_BE entering state SUCCESS
>
>This is the EAP-Success for the normal authentication.
>
>> EAPOL: Received EAP-Success
>> EAPOL: Received EAP-Packet frame
>> EAPOL: SUPP_BE entering state REQUEST
>> EAPOL: getSuppRsp
>> EAP: EAP entering state RECEIVED
>> EAP: Received EAP-Success
>> EAP: EAP entering state DISCARD
>
>This is for pre-authentication and it is discarded because of the EAP
>workaround not being enabled here.
>
>--
>Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list