wpa_supplicant on Windows & hostapd with integrated EAP server

Ambedkar R ambedkar_r at yahoo.com
Wed Sep 20 00:59:12 EDT 2006


Hi Dinh,
   
  Your configuration file is little confuse.Can you tell me that which authentication method you want to use.If you want to use IEEE802.1X with dynamic wep keys,you should use certificates.(For EAP-TLS,we should use client and root certificate) 
  In the case of WPA-PSK.no need certificates.
   
  -Ambedkar.R

Tran Thanh Dinh <dinh107 at yahoo.com> wrote:
  Hi,

Here is the config file for eap_psk on hostapd side:
eap_psk.conf
driver=madwifi
interface=ath0
bridge=br0
eap_server=1
ssid=eap_psk_test
ieee8021x=1
eap_user_file=/etc/hostapd.eap_user
logger_stdout=-1
logger_stdout_level=0

then I got the following log after lauching hostapd
[root at localhost hostapd-0.4.9]# hostapd -d
eap_psk.conf
Configuration file: eap_psk.conf
Configure bridge br0 for EAPOL traffic.
Using interface ath0 with hwaddr 00:17:9a:0c:0a:fb and
ssid 
'eap_psk_test'
Flushing old station entries
madwifi_sta_deauth: addr=ff:ff:ff:ff:ff:ff
reason_code=3
Deauthenticate all stations
l2_packet_receive - recvfrom: Network is down
Signal 2 received - terminating
Flushing old station entries
madwifi_sta_deauth: addr=ff:ff:ff:ff:ff:ff
reason_code=3
Deauthenticate all stations
madwifi_set_privacy: enabled=0
[root at localhost hostapd-0.4.9]#

On wpa_supplicant side, the config file used is: 
eap_psk.conf
ap_scan=1
network={
ssid="eap_psk_test"
key_mgmt=IEEE8021X
eap=MD5
identity="psk"
eappsk=0123456789abcdef0123456789abcdef
}

and the obtained log:
C:\cygwin\home\root\wpa_supplicant-0.4.9>wpa_supplicant.exe
-i\Device\NPF_{8FE40
90E-D22B-4769-B270-441A9F06B8B2} -c eap_psk.conf -d
Initializing interface
'\Device\NPF_{8FE4090E-D22B-4769-B270-441A9F06B8B2}'
conf
'eap_psk.conf' driver 'default' ctrl_interface 'N/A'
Configuration file 'eap_psk.conf' ->
'C:\cygwin\home\root\wpa_supplicant-0.4.9/e
ap_psk.conf'
Reading configuration file
'C:\cygwin\home\root\wpa_supplicant-0.4.9/eap_psk.con
f'
ap_scan=1
Priority group 0
id=0 ssid='eap_psk_test'
Initializing interface (2)
'\Device\NPF_{8FE4090E-D22B-4769-B270-441A9F06B8B2}'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
NDIS: Packet.dll version: 3, 1, 0, 27
NDIS: 3 adapter names found
NDIS: 3 adapter descriptions found
NDIS: 0 - \Device\NPF_GenericDialupAdapter - Generic
dialup adapter
NDIS: 1 -
\Device\NPF_{8FE4090E-D22B-4769-B270-441A9F06B8B2} -
Intel(R) PRO/Wire
less 2200BG Network Connection (Microsoft's Packet
Scheduler)
NDIS: 2 -
\Device\NPF_{63468DCC-BAAF-45CA-9684-5E7E0725A406} -
Broadcom NetXtrem
e Gigabit Ethernet Driver (Microsoft's Packet
Scheduler)
NDIS: Adapter description prefix 'Intel'
NDIS: Driver supports OID_802_11_CAPABILITY -
NoOfPMKIDs 4 NoOfAuthEncrPairs 12
NDIS: driver capabilities: key_mgmt 0xf enc 0xf auth
0x3
Own MAC address: 00:16:6f:25:8a:fe
wpa_driver_ndis_set_wpa: enabled=1
ndis_get_oid: oid=0xd010101 len (6) failed
ndis_get_oid: oid=0xd010101 len (6) failed
ndis_get_oid: oid=0xd010101 len (6) failed
ndis_get_oid: oid=0xd010101 len (6) failed
Setting scan request: 0 sec 100000 usec
Added interface
\Device\NPF_{8FE4090E-D22B-4769-B270-441A9F06B8B2}
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
NDIS: turning radio on before the first scan
ndis_get_oid: oid=0xd010101 len (6) failed
ndis_get_oid: oid=0xd010101 len (6) failed
ndis_get_oid: oid=0xd010101 len (6) failed
Scan timeout - try to get results
Scan results: 2
Selecting BSS from priority group 0
0: 00:0f:f8:58:58:cd ssid='wpa_test' wpa_ie_len=24
rsn_ie_len=0 caps=0x10
skip - SSID mismatch
1: 00:17:9a:0c:0a:fb ssid='eap_psk_test' wpa_ie_len=0
rsn_ie_len=0 caps=0x0
skip - no WPA/RSN IE
No suitable AP found.
Setting scan request: 5 sec 0 usec
ndis_get_oid: oid=0xd010101 len (6) failed
ndis_get_oid: oid=0xd010101 len (6) failed
CTRL-EVENT-TERMINATING - signal 2 received
Removing interface
\Device\NPF_{8FE4090E-D22B-4769-B270-441A9F06B8B2}
State: SCANNING -> DISCONNECTED
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_ndis_set_wpa: enabled=0
No keys have been configured - skip key clearing
Cancelling scan request

C:\cygwin\home\root\wpa_supplicant-0.4.9>

wpa_supplicant sees the network eap_psk_test but it
doesnt take it as a suitable AP

I tried also with eap_leap. On hostapd side, I edited
the /etc/hostapd.eap_user file as follow

"leap" LEAP "leap"

[root at localhost hostapd-0.4.9]# hostapd -d
eap_leap.conf
Configuration file: eap_leap.conf
Unsupported EAP type 'LEAP' on line 33 in
'/etc/hostapd.eap_user'
1 errors found in configuration file 'eap_leap.conf'
[root at localhost hostapd-0.4.9]#

It seems that the EAP integrated server doesnt support
LEAP method.

Thanks for your help,
Best regards,

Dinh Tran
--- Ambedkar R wrote:

> Hi Dinh,
> 
> Can you send me your logs with -ddK option and
> include your config file also.
> 
> Regards
> Ambedkar.R
> --------------------
> Create something before destroying,because
> destruction can't be ultimate aim.
> 
> 
> Tran Thanh Dinh wrote:
> Hi,
> 
> I want to have a test with wpa_supplicant running on
> Windows XP, and hostapd with integrated EAP server
> for
> 802.1X but thanks for confirming me if it's possible
> please?
> 
> I tested succesfully for WPA_PSK, but once I changed
> to 802.1X, I always get error: No suitable AP found.
> 
> In the README file of wpa_supplicant for Windows, it
> says that 802.1X with dynamic WEP keys was tested.
> Does it mean the other methods are not yet possible
> for WIndows version please?
> 
> On hostapd side, I tried to configure for LEAP
> (dynamic WEP keys?) but the method LEAP was not
> recognized by integrated server.
> 
> Could you please help me out to have a test for
> 802.1X with wpa_supplicant on Windows and integrated
> EAP server used (any methods)?
> 
> Thanks for your help,
> Best regards,
> 
> Dinh Tran
> 
> 
> 
> 
> 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
> 
> 
> 
> ---------------------------------
> Want to be your own boss? Learn how on Yahoo! Small
> Business. 






__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


 				
---------------------------------
Want to be your own boss? Learn how on  Yahoo! Small Business. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20060919/25003f01/attachment.htm 


More information about the HostAP mailing list