wpa_supplicant on Windows & hostapd with integrated EAP server

Tran Thanh Dinh dinh107 at yahoo.com
Tue Sep 19 10:32:09 EDT 2006


  Hi,

  In order to find the suitable AP,
wpa_supplicant_select_bss() is used. This function
first checks if the found network is wpa-enalbled,
then processes the non-wpa-enabled cases.

  For non wpa-enabled part, the verification contains
the comparaision of network ssid, etc and
wpa_supplicant_match_privacy().

  In order to have the last function's return value is
1, the bss->caps must be 16 (for a suitable AP). But I
realized that this variable is always 0 in 802.1X
case, and 16 only in WPA case. Therefor, I have never
succed to have a test with 802.1X use.

wpa_supplicant eap_psk.conf
 ap_scan=1
 network={
 	ssid="eap_psk_test"
 	key_mgmt=IEEE8021X
 	eap=MD5
 	identity="psk"
 	eappsk=0123456789abcdef0123456789abcdef
 }
hostapd eap_psk.conf
 driver=madwifi
 interface=ath0
 bridge=br0
 eap_server=1
 ssid=eap_psk_test
 ieee8021x=1
 eap_user_file=/etc/hostapd.eap_user
 logger_stdout=-1
 logger_stdout_level=0

  Could anyone help me out for this please? I just one
to have a test using 802.1X (any method), the
supplucant running on Windows and hostapd using
integrated EAP server.

  Thanks a lot,
  Best regards,

Dinh Tran

--- Tran Thanh Dinh <dinh107 at yahoo.com> wrote:

>   Hi,
> 
> Here is the config file for eap_psk on hostapd side:
> eap_psk.conf
> driver=madwifi
> interface=ath0
> bridge=br0
> eap_server=1
> ssid=eap_psk_test
> ieee8021x=1
> eap_user_file=/etc/hostapd.eap_user
> logger_stdout=-1
> logger_stdout_level=0
> 
> then I got the following log after lauching hostapd
> [root at localhost hostapd-0.4.9]# hostapd -d
> eap_psk.conf
> Configuration file: eap_psk.conf
> Configure bridge br0 for EAPOL traffic.
> Using interface ath0 with hwaddr 00:17:9a:0c:0a:fb
> and
> ssid 
> 'eap_psk_test'
> Flushing old station entries
> madwifi_sta_deauth: addr=ff:ff:ff:ff:ff:ff
> reason_code=3
> Deauthenticate all stations
> l2_packet_receive - recvfrom: Network is down
> Signal 2 received - terminating
> Flushing old station entries
> madwifi_sta_deauth: addr=ff:ff:ff:ff:ff:ff
> reason_code=3
> Deauthenticate all stations
> madwifi_set_privacy: enabled=0
> [root at localhost hostapd-0.4.9]#
> 
> On wpa_supplicant side, the config file used is: 
> eap_psk.conf
> ap_scan=1
> network={
> 	ssid="eap_psk_test"
> 	key_mgmt=IEEE8021X
> 	eap=MD5
> 	identity="psk"
> 	eappsk=0123456789abcdef0123456789abcdef
> }
> 
> and the obtained log:
>
C:\cygwin\home\root\wpa_supplicant-0.4.9>wpa_supplicant.exe
> -i\Device\NPF_{8FE40
> 90E-D22B-4769-B270-441A9F06B8B2} -c eap_psk.conf -d
> Initializing interface
> '\Device\NPF_{8FE4090E-D22B-4769-B270-441A9F06B8B2}'
> conf
>  'eap_psk.conf' driver 'default' ctrl_interface
> 'N/A'
> Configuration file 'eap_psk.conf' ->
> 'C:\cygwin\home\root\wpa_supplicant-0.4.9/e
> ap_psk.conf'
> Reading configuration file
>
'C:\cygwin\home\root\wpa_supplicant-0.4.9/eap_psk.con
> f'
> ap_scan=1
> Priority group 0
>    id=0 ssid='eap_psk_test'
> Initializing interface (2)
> '\Device\NPF_{8FE4090E-D22B-4769-B270-441A9F06B8B2}'
> EAPOL: SUPP_PAE entering state DISCONNECTED
> EAPOL: KEY_RX entering state NO_KEY_RECEIVE
> EAPOL: SUPP_BE entering state INITIALIZE
> EAP: EAP entering state DISABLED
> EAPOL: External notification - portEnabled=0
> EAPOL: External notification - portValid=0
> NDIS: Packet.dll version: 3, 1, 0, 27
> NDIS: 3 adapter names found
> NDIS: 3 adapter descriptions found
> NDIS: 0 - \Device\NPF_GenericDialupAdapter - Generic
> dialup adapter
> NDIS: 1 -
> \Device\NPF_{8FE4090E-D22B-4769-B270-441A9F06B8B2} -
> Intel(R) PRO/Wire
> less 2200BG Network Connection (Microsoft's Packet
> Scheduler)
> NDIS: 2 -
> \Device\NPF_{63468DCC-BAAF-45CA-9684-5E7E0725A406} -
> Broadcom NetXtrem
> e Gigabit Ethernet Driver (Microsoft's Packet
> Scheduler)
> NDIS: Adapter description prefix 'Intel'
> NDIS: Driver supports OID_802_11_CAPABILITY -
> NoOfPMKIDs 4 NoOfAuthEncrPairs 12
> NDIS: driver capabilities: key_mgmt 0xf enc 0xf auth
> 0x3
> Own MAC address: 00:16:6f:25:8a:fe
> wpa_driver_ndis_set_wpa: enabled=1
> ndis_get_oid: oid=0xd010101 len (6) failed
> ndis_get_oid: oid=0xd010101 len (6) failed
> ndis_get_oid: oid=0xd010101 len (6) failed
> ndis_get_oid: oid=0xd010101 len (6) failed
> Setting scan request: 0 sec 100000 usec
> Added interface
> \Device\NPF_{8FE4090E-D22B-4769-B270-441A9F06B8B2}
> State: DISCONNECTED -> SCANNING
> Starting AP scan (broadcast SSID)
> NDIS: turning radio on before the first scan
> ndis_get_oid: oid=0xd010101 len (6) failed
> ndis_get_oid: oid=0xd010101 len (6) failed
> ndis_get_oid: oid=0xd010101 len (6) failed
> Scan timeout - try to get results
> Scan results: 2
> Selecting BSS from priority group 0
> 0: 00:0f:f8:58:58:cd ssid='wpa_test' wpa_ie_len=24
> rsn_ie_len=0 caps=0x10
>    skip - SSID mismatch
> 1: 00:17:9a:0c:0a:fb ssid='eap_psk_test'
> wpa_ie_len=0
> rsn_ie_len=0 caps=0x0
>    skip - no WPA/RSN IE
> No suitable AP found.
> Setting scan request: 5 sec 0 usec
> ndis_get_oid: oid=0xd010101 len (6) failed
> ndis_get_oid: oid=0xd010101 len (6) failed
> CTRL-EVENT-TERMINATING - signal 2 received
> Removing interface
> \Device\NPF_{8FE4090E-D22B-4769-B270-441A9F06B8B2}
> State: SCANNING -> DISCONNECTED
> No keys have been configured - skip key clearing
> EAPOL: External notification - portEnabled=0
> EAPOL: External notification - portValid=0
> wpa_driver_ndis_set_wpa: enabled=0
> No keys have been configured - skip key clearing
> Cancelling scan request
> 
> C:\cygwin\home\root\wpa_supplicant-0.4.9>
> 
> wpa_supplicant sees the network eap_psk_test but it
> doesnt take it as a suitable AP
> 
> I tried also with eap_leap. On hostapd side, I
> edited
> the /etc/hostapd.eap_user file as follow
> 
> "leap"	LEAP	"leap"
> 
> [root at localhost hostapd-0.4.9]# hostapd -d
> eap_leap.conf
> Configuration file: eap_leap.conf
> Unsupported EAP type 'LEAP' on line 33 in
> '/etc/hostapd.eap_user'
> 1 errors found in configuration file 'eap_leap.conf'
> [root at localhost hostapd-0.4.9]#
> 
> It seems that the EAP integrated server doesnt
> support
> LEAP method.
> 
> Thanks for your help,
> Best regards,
> 
> Dinh Tran
> --- Ambedkar R <ambedkar_r at yahoo.com> wrote:
> 
> > Hi Dinh,
> >    
> >   Can you send me your logs with -ddK option and
> > include your config file also.
> >    
> >   Regards
> >   Ambedkar.R
> >   --------------------
> >   Create something before destroying,because
> > destruction can't be ultimate aim.
> >   
> > 
> > Tran Thanh Dinh <dinh107 at yahoo.com> wrote:
> >   Hi,
> > 
> > I want to have a test with wpa_supplicant running
> on
> > Windows XP, and hostapd with integrated EAP server
> > for
> > 802.1X but thanks for confirming me if it's
> possible
> > please?
> > 
> > I tested succesfully for WPA_PSK, but once I
> changed
> > to 802.1X, I always get error: No suitable AP
> found.
> > 
> > In the README file of wpa_supplicant for Windows,
> it
> > says that 802.1X with dynamic WEP keys was tested.
> > Does it mean the other methods are not yet
> possible
> > for WIndows version please?
> > 
> > On hostapd side, I tried to configure for LEAP
> > (dynamic WEP keys?) but the method LEAP was not
> > recognized by integrated server.
> > 
> 
=== message truncated ===


 



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



More information about the HostAP mailing list