Configuration for 802.1x/EAPOL authentication with WEP keys

hareesh.khattri at ndsu.edu hareesh.khattri at ndsu.edu
Sat Mar 26 16:29:56 EST 2005


hi


 I am trying to use 802.1x/EAPOL authentication with dynamic WEP key
generation. The access point is connected to an external Freeradius
server.

 My WPA_supplicant configuration is:

 network={
	ssid="test"
	mode=0
	key_mgmt=IEEE8021X
	eap=TLS
	identity="client at example.com"
	ca_cert="/home/hareesh/supplicant/certs/CAcert.pem"
	client_cert="/home/hareesh/supplicant/certs/client-cert.pem"
	private_key="/home/hareesh/supplicant/certs/client-key.pem"
	private_key_passwd="secretkey"
	eapol_flags=3
	priority=1
}

 This I took right out of the example configuration given in the  .conf file.
 The CAcert and client certificates I generated using Tinyca. All files
seem to be loaded and working properly both with WPA_supplicant and the
Freeradius server.



My hostapd (running in uclinux kernel acting in master mode) configuration
is :

ssid=test
macaddr_acl=1
accept_mac_file=/etc/hostapd.accept
deny_mac_file=/etc/hostapd.deny
auth_algs=3
ieee8021x=1
wep_key_len_broadcast=13
wep_key_len_unicast=13
wep_rekey_period=900
own_ip_addr=134.129.123.104


# RADIUS authentication server
auth_server_addr=134.129.123.204
auth_server_port=1812
auth_server_shared_secret=secret

# RADIUS accounting server
acct_server_addr=134.129.123.204
acct_server_port=1813
acct_server_shared_secret=secret


I have attached with this mail the output given by the hostapd and
wpa_supplicant and the radius server. All running in debug.

 My problem is that I can't get the authentication to work properly.I keep
getting this message with the wpa_supplicant

WPA: EAPOL frame too short, len 10, expecting at least 99

 The wep key length I am using is the 13 (104). Also I have problems
getting the radius server to authenticate the client. The setup between
the access point and the server I think is working fine.

Another problem I am having is that when I try using the configuration for
WPA-EAP key management. Changing both the hostapd and wpa_supplicant
configuration accordingly. The wpa_supplicant doesn't recognize the access
point as WPA/RSN capable and so doesn't associate with it. The
configuration  I am using now is :

ssid=test
macaddr_acl=1
accept_mac_file=/etc/hostapd.accept
deny_mac_file=/etc/hostapd.deny
ieee8021x=1
own_ip_addr=134.129.123.104
# RADIUS authentication server
auth_server_addr=134.129.123.204
auth_server_port=1812
auth_server_shared_secret=secret
# RADIUS accounting server
acct_server_addr=134.129.123.204
acct_server_port=1813
acct_server_shared_secret=secret

wpa=1
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP CCMP
wpa_group_rekey=300
wpa_gmk_rekey=6400


network={
        ssid="test"
        proto=WPA
        key_mgmt=WPA-EAP
        pairwise=CCMP TKIP
        group=CCMP TKIP
        eap=TLS
        identity="client at example.com"
	ca_cert="/home/hareesh/supplicant/certs/CAcert.pem"
	client_cert="/home/hareesh/supplicant/certs/client-cert.pem"
	private_key="/home/hareesh/supplicant/certs/client-key.pem"
	private_key_passwd="secretkey"
        priority=1
}



 If anyone could please point to me as to what is wrong with the
configuration I am using.

Thanks

Hareesh khattri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hostapd.gz
Type: application/x-gzip
Size: 1467 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050326/4f158eea/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: radiusout.gz
Type: application/x-gzip
Size: 7397 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050326/4f158eea/attachment-0001.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wpasupp.gz
Type: application/x-gzip
Size: 2662 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050326/4f158eea/attachment-0002.bin 


More information about the HostAP mailing list