EAP-FAST inner Auth Fails
Jouni Malinen
jkmaline at cc.hut.fi
Fri Dec 8 00:45:28 EST 2006
On Fri, Dec 08, 2006 at 10:37:44AM +0530, ramprasad.rajendran at wipro.com wrote:
> TLSv1: Received Finished
> TLSv1: Handshake completed successfully
> SSL: No data to be sent out
> EAP-FAST: TLS done, proceed to Phase 2
OK, so the TLS handshake does indeed seem to be completed successfully.
> EAP-FAST: Decrypted Phase 2 TLV(s) - hexdump(len=9): 80 09 00 05 01 01 00 05 01
> EAP-FAST: received Phase 2: TLV type 9 length 5 (mandatory)
> EAP-FAST: EAP Payload TLV - hexdump(len=5): 01 01 00 05 01
> EAP-FAST: Phase 2 Request: type=1
And the server is sending out EAP-Request/Identity frame in the tunnel
and that is received successfully.
> EAP: using real identity - hexdump_ascii(len=4):
> 74 65 73 74 test
> EAP-FAST: Encrypting Phase 2 data - hexdump(len=13): 80 09 00 09 02 04 00 09 01 74 65 73 74
The EAP-Response/Identity from the client looks fine, too.
> EAP-FAST: Decrypted Phase 2 TLV(s) - hexdump(len=6): 80 03 00 02 00 02
> EAP-FAST: Result TLV - hexdump(len=2): 00 02
> EAP-FAST: Result: Failure
But the server is rejecting this identity.
Have you been able to use this server with another client
implementation? Are you sure that the server is configured to allow this
identity to be used? Do you have access to the logs from the server?
--
Jouni Malinen PGP id EFC895FA
More information about the HostAP
mailing list