pre-authentication problem

IO te armbigendian at gmail.com
Fri Nov 30 08:27:43 EST 2007


Hi,
i'm testing pre-authentication with freeradius, hostapd and
wpa_supplicant. I have two access points and one station which are
installed on three Avila GW2348-8 boards.
The authentication between the first ap and the station, but the
preauthentication which involves the second ap fails.

Here are my configurations:

###hostapd.conf (it's the same for both the aps)###
interface=ath0
driver=madwifi
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=prova
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-EAP
wpa_pairwise=CCMP TKIP
ieee8021x=1
own_ip_addr=<access_point_ip_address>
nas_identifier=<access_point_identifier>
auth_server_addr=<radius_ip_address>
auth_server_port=1812
auth_server_shared_secret=jacvvv
rsn_preauth=1
rsn_preauth_interfaces=eth0

###wpa_supplicant.conf###
network={
        proto=RSN
        key_mgmt=WPA-EAP
        scan_ssid=1
        pairwise=CCMP TKIP
        group=CCMP TKIP
        ssid="prova"
        eap=TLS
        identity="massi"
        ca_cert="/etc/sysconfig/wpa_supplicant/cert/ca.pem"
        private_key_passwd="jacvvv"
        client_cert="/etc/sysconfig/wpa_supplicant/cert/user.pem"
        private_key="/etc/sysconfig/wpa_supplicant/cert/user.prv"
}

The communication between the aps and the radius server use an
ethernet interface (eth1), while eth0 is used for pre-authentication
with the station.

My log from wpa_supplicant is reported below (there are only the
messages which follow the authentication)
...
State: GROUP_HANDSHAKE -> COMPLETED
CTRL-EVENT-CONNECTED - Connection to <mac_ap_1> completed (auth)
EAPOL: External notification - portValid=1
RSN: processing PMKSA candidate list
RSN: PMKSA candidate <mac_ap_1> does not need pre-authentication anymore
RSN: PMKSA candidate <mac_ap_2> selected for pre-authentication
RSN: starting pre-authentication with <mac_ap_2>
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=1
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: startWhen --> 0
EAPOL: startWhen --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
TX EAPOL (preauth) - hexdump(len=4): 01 01 00 00
EAPOL: startWhen --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
TX EAPOL (preauth) - hexdump(len=4): 01 01 00 00
EAPOL: startWhen --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
TX EAPOL (preauth) - hexdump(len=4): 01 01 00 00
EAPOL: startWhen --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
TX EAPOL (preauth) - hexdump(len=4): 01 01 00 00
EAPOL: startWhen --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
TX EAPOL (preauth) - hexdump(len=4): 01 01 00 00
EAPOL: startWhen --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
TX EAPOL (preauth) - hexdump(len=4): 01 01 00 00
EAPOL: authWhile --> 0
EAPOL: startWhen --> 0
EAPOL: SUPP_PAE entering state AUTHENTICATED
RSN: failed to get master session key from pre-auth EAPOL state machines
RSN: pre-authentication with <mac_ap_2> failed

Thank you
Massimiliano



More information about the HostAP mailing list