EAP-FAST inner Auth Fails

Jouni Malinen jkmaline at cc.hut.fi
Fri Dec 8 23:12:55 EST 2006


On Fri, Dec 08, 2006 at 11:36:03AM +0530, ramprasad.rajendran at wipro.com wrote:
> 
> The server's log says the following
> 
> ==> authReports/rejects_20061208.csv <==
> "2006-12-08","11:29:51","<ANY>","test","EAP-FAST","User name or
> credential incorrect","Inner EAP-FAST authentication
> failed","10.114.2.53"
> 
> ==> 20061208.log <==
> 12/08/2006 11:29:51 User test ultimately failed challenge sequence
> 12/08/2006 11:29:51 Sent reject response

SBR is not very helpful with the debug log.. I tried to enable full
debugging and even with that, the server was only saying that inner auth
failed.

After looking at what exactly was being sent in the inner
EAP-Response/Identity, I found a bug in wpa_supplicant. It was using
incorrect EAP identifier in this message (the one from the outer
EAP-Request and SBR happened to be using different identifier in the
inner request and refused to accept the response because of the
mismatch).

This is now fixed in the CVS version of wpa_supplicant (in both 0.5.x
and 0.6.x branches) and the fix is included in the latest snapshots. I
was able to complete EAP-FAST provisioning and authentication against
SBR with this version.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list