Having problem on wpa_supplicant with EAP-TTLS

Paul-Henri Gauzence de Lastours gauzence at efrei.fr
Thu Jul 13 04:49:25 EDT 2006


Hi,

I'm working on an EAP-TTLS authentication using hostapd and
wpa_supplicant on a wired Ethernet configuration, and I am experiencing
some troubles.
I'm working on µclinux, with hostapd-0.4.8 and wpa_supplicant-0.4.8.

I first tried an simple MD5 authentication and everything was working
fine. Then I came to an EAP-TTLS authentication which never ends
successfully. The hostapd part should be right, as it is perfectly
working with Windows Xp native supplicant on which I added SecureW2.
But when I'm trying with wpa_supplicant on µclinux, the SSL handshake
fails between supplicant and authenticator. I made a traffic analysis
with ethereal and here's what I can see:


Supplicant --> Authenticator  :   EAPOL Start
Authenticator --> Supplicant  :   EAP, Request, Identity [RFC3748]
Supplicant --> Authenticator  :   EAP, Response, Identity [RFC3748]
Authenticator --> Supplicant  :   EAP, Request, EAP-TTLS [Funk]


Until there, everything is fine, but the problem is that wpa-supplicant
never answers the last request, which is however correctlly built:

(+) 802.1X Authentication
      Version: 2
      Type: EAP Packet (0)
      Length: 6
  (+) Extensible Authentication Protocol
        Code: Request (1)
        Id: 104
        Length: 6
        Type: EAP-TTLS [Funk] (21)
	Flags(0x20): Start
        TTLS version 0

I'm now trying to debug this by adding some printf, but it's quite long
and I'm posting to know if somebody already got the same problem or
would know where it can come from. All suggestions are welcome.

Here's the debug ouput of wpa_supplicant:

EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:13:d7:10:00:28
RX EAPOL - hexdump(len=46): 02 00 00 06 01 68 00 06 15 20 00 00 00 00 00
00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00
00 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=21 id=104
EAP: EAP entering state GET_METHOD
EAP: initialize selected EAP method (21, TTLS)
EAP-TTLS: Phase2 type: EAP
EAP-TTLS: Phase2 EAP types - hexdump(len=2): 04 1a
TLS: Trusted root certificate(s) loaded
CTRL-EVENT-EAP-METHOD EAP method 21 (TTLS) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-TTLS: Start
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE

Thanks in advance for your help !

Paul-Henri



More information about the HostAP mailing list