wpa/winxp/peap, hostapd+madwifi - no response to EAP Identity?

Rusty Chris Holleman reverendbean at yahoo.com
Mon Jan 2 13:19:41 EST 2006

I've made some progress - I failed to mention that the client is a Linksys
 WMP54G pci card.  The standard Linksys driver and WinXP supplicant
 did not do so well, but the config utility from Ralink gets farther through
 the process.
 I now get stuck at messages from SSL that appear to be saying the
 client does not like the certificate.  I'm going to research this some, but
 if anyone knows the particular cause of this kind of error do tell.
 output from hostapd:
 ath0: STA 00:0f:66:e6:89:e9 IEEE 802.1X: received EAP packet (code=2 id=105 len=17) from STA: EAP Response
 -PEAP (25)
 IEEE 802.1X: 00:0f:66:e6:89:e9 BE_AUTH entering state RESPONSE
 EAP: EAP-Response received - hexdump(len=17): 02 69 00 11 19 81 00 00 00 07 15 03 01 00 02 02 2e
 IEEE 802.1X: 00:0f:66:e6:89:e9 REAUTH_TIMER entering state INITIALIZE
 IEEE 802.1X: 00:0f:66:e6:89:e9 REAUTH_TIMER entering state INITIALIZE
 EAP: EAP entering state RECEIVED
 EAP: parseEapResp: rxResp=1 respId=105 respMethod=25
 EAP: EAP entering state INTEGRITY_CHECK
 EAP: EAP entering state METHOD_RESPONSE
 EAP-PEAP: Received packet(len=17) - Flags 0x81
 EAP-PEAP: TLS Message Length: 7
 SSL: (where=0x4004 ret=0x22e)
 SSL: SSL3 alert: read (remote end reported an error):fatal:certificate unknown
 SSL: (where=0x2002 ret=0x0)
 SSL: SSL_accept:failed in SSLv3 read client certificate A
 SSL: 0 bytes pending from ssl_out
 SSL: No data to be sent out
 SSL: Remote end sent a fatal alert - abort handshake
 EAP-PEAP: TLS processing failed
 EAP: EAP entering state SELECT_ACTION
 EAP: getDecision: method failed -> FAILURE
 EAP: EAP entering state FAILURE
 EAP: Building EAP-Failure (id=105)

----- Original Message ----

 My setup: madwifi(-old) current subversion #1372,
           hostapd-0.4.7 using integrated EAP server
           debian w/custom 2.6.12 kernel
           WPA/PEAP/MSCHAPv2 w/ Windows XP SP2 supplicant
 WPA-PSK works fine.  I haven't been able to get PEAP or TTLS to work, though.  On the
 windows side it tries to connect for about a minute and then gives up.  The hostapd
 logs suggest that the windows box is not responding to Request-Identity.  And in
 eapol.log on the windows box, there are in fact some errors (GetWinStationUserToken?)
 that suggest problems trying to fetch an identity, but I don't know what would cause
 that or if it is the root cause or not.
 Any ideas?

More information about the HostAP mailing list