how to use wpa_supplicant on wpa network with peap and credentialing

Jouni Malinen jkmaline at cc.hut.fi
Tue Aug 1 23:33:42 EDT 2006


On Tue, Aug 01, 2006 at 12:23:57PM -0500, John H. wrote:

> i am attaching again and it should come to you.  i don't know if it's
> a bug or not, so should i do that at the website?

No need to report it there.

> phase1 - hexdump_ascii(len=11):
>      70 65 61 70 6c 61 62 65 6c 3d 31                  peaplabel=1     

Is that really required? Or to be more specific, why did you add this in
the configuration? I'm aware of only one RADIUS authentication server
that uses this with PEAPv1. Do you know which authentication server is
used here? Interestingly enough, it seemed to advertise support for
PEAPv2. In addition, it seems to use a somewhat incorrect implementation
of EAP-MSCHAPv2.

Based on the debug log, my guess would be that the keying material (PMK)
is derived differently in the authentication server and the supplicant
because of this peaplabel=1 configuration. I would recommend removing it
and trying again. EAP authentication is completed successfully, so it
should be enough concentrate on resolving the part happening after this,
i.e., 4-way handshake which is using PMK.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list