hostapd mixing EAP ids
jkmaline at cc.hut.fi
Tue Oct 18 20:53:36 EDT 2005
On Tue, Oct 18, 2005 at 03:44:24PM -0600, Ahmet Basagalar wrote:
> We have recently upgraded to hostapd ver. 3.9 from ver 2.6. But there seems
> to be a bug regarding Radius authentication. Randomly some of our users can
> not authenticate although they are valid. When I check radius logs I see the
> following message:
> Everything is normal up to Frame 65 where RADIUS sends MD5 challenge, but
> hostapd again responds with a identity instead of challenge response, so
> RADIUS sends another challenge for this new identity, then probably hostapd
> responds to this challenge with the old EAP id I believe.
> I will try to look into the code, but if somebody resolved this before, that
> will be helpful. This happens randomly as I mentioned before.
How often does this happen? In other words, is this easy to reproduce?
If you can easily get a debug log from hostapd showing one of these
cases, it could provide useful information for finding out the details
of what happened with the client authentication. In many cases, there
will be two EAP-Request/Identity frames (one triggered by association
another by EAPOL-Start from client). It would be good to find out why
one of the EAP-Response/Identity packets does not get filtered out,
Jouni Malinen PGP id EFC895FA
More information about the HostAP