EAP-FAST inner Auth Fails

Jouni Malinen jkmaline at cc.hut.fi
Thu Dec 7 22:18:39 EST 2006


On Thu, Dec 07, 2006 at 03:28:04PM +0530, ramprasad.rajendran at wipro.com wrote:

> I am using wpa_supplicant-0.5.5 and hostapd as the authenticator and I
> am testing over a wired interface. 
> The radius server that I'm using is Steel Belted Radius
> I had commented out code related to certificate processing to reduce on
> the size.

I've never tested EAP-FAST with SBR, so I don't know what to expect from
it.

Which TLS library are you using? Patched OpenSSL?

> As soon as Phase1 suceeds, in phase 2, the Radius server requests for
> identity, without using any inner authentication.
> Is this correct? I guess an inner authentication method should start as
> part of phase 2
> 
> Attached alongwith is the output and my configuration file

Could you please send a debug log that shows the full EAP-FAST
authentication? The one attached to the message did not include any EAP
processing, not even the identity request.

Have you configured the RADIUS server to use EAP-FAST for the user that
you configured as the 'identity' in wpa_supplicant configuration? Are
you trying to use in-band provisioning first or has that already been
taken care of? I would suggest removing phase2 option for the initial
test because there are some limits on which EAP method can be used in
the tunneled phase 2.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list