Communication between Xsupplicant and Hostap with EAP-MD5

Jouni Malinen jkmaline at cc.hut.fi
Mon Apr 17 23:11:29 EDT 2006 

On Thu, Apr 13, 2006 at 07:08:51AM +0200, Carlos Peñafiel wrote:

> I have a problem trying to configure my network. I am trying to get this
> 
> Radius<--> HostAp <--> Xsupplicant
> 
> in order to cipher the communications with EAP-MD5. My problem is between 
> the HostAp and the Xsupplicant, because if I enable the 802.1X configuration 
> as true, the HostAp looks like it is not receive anything (it does not show 
> any messages).

Are you trying to use some form of encryption on this connection?
EAP-MD5 should not really be used on wireless connections unless it is
inside a protected tunnel (e.g., with EAP-TTLS). In addition, EAP-MD5
does not generate keying material, so it cannot be used to generate
dynamic WEP keys.

> When I run the HostAp with a Windows Client, my Client ask me for a “WEP” 
> key. If I insert a 128-bit-key, whatever!!, and I select “authentication 
> eap-md5”, and I insert the login and the password, the hostap works 
> perfectly. Is this a bug?

Working with Windows? No, that's not a bug ;-).

> But the problem is when I am on Linux (Kernel version 2.6.11-1_FC4), If I do
> 
> iwlist ath0 scanning
> 
> I can see the Hostap with “key: on”. If I do
> 
> iwconfig ath0 essid myESSID
> 
> I can do the association, but I can not work yet. But when I do
> 
> iwconfig ath0 key my-invented-key
> 
> the hostap sends a lot of messages like

I'm not really following the configuration you are trying to use.. Are
you trying to use dynamic WEP keys with IEEE 802.1X? If yes, you will
need to use another EAP method than plain EAP-MD5. If not, please give
more details of what exactly you are trying to do.

> I guess the XSupplicant configuration file is OK because I tried to test the 
> same configuration but with a wireless router instead the Hostap, and it 
> worked good. So, what can I do? What am I doing bad?
> I am using the Xsupplicant-1.2.4 with ipw2200-driver 1.1.2 and Hostap-0.4.8 
> with  madwifi.

Hmm.. This seems conflicting with the text above.. First of all, are you
actually talking about hostapd, not Host AP driver? Secondly, that
iwlist scanning command above was using ath0, i.e., most likely
madwifi.. But isn't that the AP side of this connection?

-- 
Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list