回复: Re: wpa_supplicant problems with authentication

段宁 duanng88 at yahoo.com.cn
Wed Jul 6 04:24:11 EDT 2005


my config file is as follow,
...
network={
      ssid="cnis912"
 scan_ssid=1
 key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
 pairwise=CCMP 
 group=CCMP  WEP104 WEP40
 psk="very secret passphrase"
 eap=TTLS PEAP TLS
 identity="gu"
 password="guzhihong"
      ca_cert="/home/gu/gucert/root.pem"
      client_cert="/home/gu/gucert/cert-clt.pem"
 private_key="/home/gu/gucert/cert-clt.pem"
 private_key_passwd="whatever"
 phase1="peaplabel=0"
}
 
and I will provide the more detailed debug message of wpa_suppliant here,additionaly I didn't use any ctrl_interface ,just use wpa in command line
 
 
.....
EAP: EAP entering state INITIALIZE
EAP: maintaining EAP method data for fast reauthentication
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
GHJ RF Hexdump : (num=007) 00 60 b3 64 c3 a6 00 60 b3 64 c3 2d 88 8e 
RX EAPOL from 00:60:b3:64:c3:2d
Setting authentication timeout: 70 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: maintaining EAP method data for fast reauthentication
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=0
EAP: EAP entering state IDENTITY
EAP: EAP-Request Identity data - hexdump_ascii(len=5):
     68 65 6c 6c 6f                                    hello           
EAP: using real identity - hexdump_ascii(len=2):
     67 75                                             gu              
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 14, expecting at least 99
GHJ RF Hexdump : (num=008) 00 60 b3 64 c3 a6 00 60 b3 64 c3 2d 88 8e 
RX EAPOL from 00:60:b3:64:c3:2d
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=13 id=1
EAP: EAP entering state GET_METHOD
EAP: using previous method data for fast re-authentication
EAP: initialize selected EAP method (13, TLS)
EAP: EAP entering state METHOD
EAP-TLS: Received packet(len=6) - Flags 0x20
EAP-TLS: Start
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 132 bytes pending from ssl_out
SSL: 132 bytes left to be sent out (of total 132 bytes)
EAP: method process -> ignore=FALSE methodState=CONT decision=COND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 10, expecting at least 99
GHJ RF Hexdump : (num=009) 00 60 b3 64 c3 a6 00 60 b3 64 c3 2d 88 8e 
RX EAPOL from 00:60:b3:64:c3:2d
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=13 id=2
EAP: EAP entering state METHOD
EAP-TLS: Received packet(len=1034) - Flags 0xc0
EAP-TLS: TLS Message Length: 1726
SSL: Need 702 bytes more input data
SSL: Building ACK
EAP: method process -> ignore=FALSE methodState=CONT decision=COND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
IEEE 802.1X RX: version=2 type=0 length=1034
WPA: EAPOL frame (type 0) discarded, not a Key frame
GHJ RF Hexdump : (num=010) 00 60 b3 64 c3 a6 00 60 b3 64 c3 2d 88 8e 
RX EAPOL from 00:60:b3:64:c3:2d
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=13 id=3
EAP: EAP entering state METHOD
EAP-TLS: Received packet(len=712) - Flags 0x80
EAP-TLS: TLS Message Length: 1726
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server hello A
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=1 buf='/C=CN/ST=ShannXi/L=Xi'an/O=cnis912/OU=IT/CN=CA/emailAddress=CA at 163.com'
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=0 buf='/C=CN/ST=ShannXi/L=Xi'an/O=cnis912/OU=IT/CN=yin/emailAddress=yin at 163.com'
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server certificate A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server certificate request A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server done A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client certificate A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client key exchange A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write certificate verify A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write change cipher spec A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write finished A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 flush data
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read finished A
SSL: SSL_connect - want more data
SSL: 1842 bytes pending from ssl_out
SSL: 1842 bytes left to be sent out (of total 1842 bytes)
SSL: sending 1398 bytes, more fragments will follow
EAP: method process -> ignore=FALSE methodState=CONT decision=COND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
IEEE 802.1X RX: version=2 type=0 length=712
WPA: EAPOL frame (type 0) discarded, not a Key frame
GHJ RF Hexdump : (num=011) 00 60 b3 64 c3 a6 00 60 b3 64 c3 2d 88 8e 
RX EAPOL from 00:60:b3:64:c3:2d
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=13 id=4
EAP: EAP entering state METHOD
EAP-TLS: Received packet(len=6) - Flags 0x00
SSL: 444 bytes left to be sent out (of total 1842 bytes)
EAP: method process -> ignore=FALSE methodState=CONT decision=COND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 10, expecting at least 99
GHJ RF Hexdump : (num=012) 00 60 b3 64 c3 a6 00 60 b3 64 c3 2d 88 8e 
RX EAPOL from 00:60:b3:64:c3:2d
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=13 id=5
EAP: EAP entering state METHOD
EAP-TLS: Received packet(len=69) - Flags 0x80
EAP-TLS: TLS Message Length: 59
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read finished A
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 0 bytes pending from ssl_out
SSL: No data to be sent out
EAP-TLS: Done
EAP-TLS: Derived key - hexdump(len=64): [REMOVED]
SSL: Building ACK
EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 73, expecting at least 99
GHJ RF Hexdump : (num=013) 00 60 b3 64 c3 a6 00 60 b3 64 c3 2d 88 8e 
RX EAPOL from 00:60:b3:64:c3:2d
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Success
EAP: AS used the same Id again, but EAP packets were not identical
EAP: workaround - assume this is not a duplicate packet
EAP: EAP entering state SUCCESS
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
WPA: EAPOL frame too short, len 8, expecting at least 99
RTM_NEWLINK, IFLA_IFNAME: Interface 'wifi0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
Authentication with 00:60:b3:64:c3:2d timed out.
Added BSSID 00:60:b3:64:c3:2d into blacklist
wpa_driver_hostap_disassociate
wpa_driver_hostap_reset: type=2
No keys have been configured - skip key clearing

Jouni Malinen <jkmaline at cc.hut.fi> 写道:
On Wed, Jul 06, 2005 at 10:16:06AM +0800, ???? wrote:

> It seems that my wpa_supplicant has been authenticated successful by Radius ,but there is an timeout error in supplicant.And I cannot connect to the server ,why ?

Please include your configuration file. If you are using WPA/WPA2 or
dynamic WEP keys, wpa_supplicant expects to receive EAPOL-Key messages
after this and if it does not, the authentication will time out.

-- 
Jouni Malinen PGP id EFC895FA
_______________________________________________
HostAP mailing list
HostAP at shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap


		
---------------------------------
DO YOU YAHOO!?
  雅虎免费G邮箱-中国第一绝无垃圾邮件骚扰超大邮箱 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20050706/766feab5/attachment.htm 


More information about the HostAP mailing list