Wired network and CISCO ACS
Dario Meloni
mellon85 at gmail.com
Wed Mar 29 10:03:14 EST 2006
2006/3/29, Jouni Malinen <jkmaline at cc.hut.fi>:
> On Wed, Mar 29, 2006 at 08:42:25AM +0200, Dario Meloni wrote:
>
> > == Configuration
>
> ...
>
> > eapol_flags=1
>
> Wired connection is unlikely to distribute encryption keys so
> eapol_flags should be set to 0 or removed complete.
I read on the wpa_supplicant website to use the 1.
>
> > EAP-PEAP: Start (server ver=1, own ver=1)
> > EAP-PEAP: Using PEAP version 1
>
> The first PEAP message from the authentication server is received
> successfully..
>
> > SSL: SSL_connect:SSLv3 write client hello A
> > SSL: (where=0x1002 ret=0xffffffff)
> > SSL: SSL_connect:error in SSLv3 read server hello A
> > SSL: SSL_connect - want more data
> > SSL: 101 bytes pending from ssl_out
> > SSL: 101 bytes left to be sent out (of total 101 bytes)
>
> And this is the ClientHello messsage from the supplicant..
>
> > EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
> > EAP: EAP entering state SEND_RESPONSE
> > EAP: EAP entering state IDLE
> > EAPOL: SUPP_BE entering state RESPONSE
> > EAPOL: txSuppRsp
> > EAPOL: SUPP_BE entering state RECEIVE
>
> However, the server does not seem to answer to it. Since you are using
> Cisco ACS, I would recommend testing with include_tls_length=1 added to
> the phase1 parameter. Some versions of ACS seem to require that TLS
> Message Length is in the messages even if they are not fragmented.
>
Making the 2 changes you said it works. thanks a lot for the help
More information about the HostAP
mailing list