EAP-TLS Connection Problem
Joby Thampan
joby.thampan at smartbridges.com
Fri Aug 1 04:46:31 EDT 2008
Hi all,
I am trying for an EAP-TLS connection with wpa_supplicant_0.3.8 as
station, freeradius as Radius Server and an AP with hostapd 0.4.8.
but Iam not able to establish the connection.
I am attaching the debug logs I am getting at wpa_supplicant, it is
restarting the process after I receive the last
EAPOL: Port Timers tick - authWhile=29 heldWhile=0 startWhen=27 idleWhile=59
.
.
.
.
.
EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=27 idleWhile=59.
Can anyone explain me why?
This is my hostapd.conf
interface=eth0
bridge=br0
ssid=joby-wpa
ieee8021x=1
eap_server=0
wpa=1
wpa_pairwise=TKIP
wpa_key_mgmt=WPA-EAP
eap_reauth_period=300
wpa_group_rekey=300
wpa_gmk_rekey=300
aut_server_addr=192.168.0.228
auth_server_port=1812
auth_server_shared_secret=joby1234
This is my wpa_supplicant.conf
eapol_version=2
ap_scan=1
fast_reauth=1
network={
ssid=joby-wpa
scan_ssid=0
pairwise=TKIP CCMP
group=TKIP CCMP
key_mgmt=WPA-EAP
eap=TLS
identity="Joby"
password="joby1234"
ca_cert="/etc/cert/cacert.pem"
client_cert="/etc/cert/client_cert.pem"
private_key="/etc/cert/client_key.pem"
private_key_password="joby1234"
priority=10
}
Thanks in advance
wlan[0,0]->
wlan[0,0]->
wlan[0,0]->
wlan[0,0]->
wlan[0,0]-> wlan[0,0]-> ./wpa_supplicant -iath0 -c /etc/wlan/wpa_supplicant.conf -Dmadwifi - dd
Initializing interface 'ath0' conf '/etc/wlan/wpa_supplicant.conf' driver 'madwi<4>Active status = 196757
<4>Valid = 1
fi'
Configuration file '/etc/wlan/wpa_supplicant.conf' -> '/etc/wlan/wpa_supplicant.conf'
Reading configuration file '/etc/wlan/wpa_supplicant.conf'
eapol_version=1
ap_scan=1
fast_reauth=1
Line: 4 - start of a new network block
ssid - hexdump_ascii(len=8):
6a 6f 62 79 2d 77 70 61 joby-wpa
proto: 0x1
key_mgmt: 0x1
pairwise: 0x8
group: 0x8
eap methods - hexdump(len=2): 0d 00
identity - hexdump_ascii(len=4):
4a 6f 62 79 Joby
password - hexdump_ascii(len=8): [REMOVED]
ca_cert - hexdump_ascii(len=20):
2f 65 74 63 2f 63 65 72 74 2f 63 61 63 65 72 74 /etc/cert/cacert
2e 70 65 6d .pem
client_cert - hexdump_ascii(len=25):
2f 65 74 63 2f 63 65 72 74 2f 63 6c 69 65 6e 74 /etc/cert/client
5f 63 65 72 74 2e 70 65 6d _cert.pem
private_key - hexdump_ascii(len=24):
2f 65 74 63 2f 63 65 72 74 2f 63 6c 69 65 6e 74 /etc/cert/client
5f 6b 65 79 2e 70 65 6d _key.pem
private_key_passwd - hexdump_ascii(len=8): [REMOVED]
priority=10 (0xa)
Priority group 10
id=0 ssid='joby-wpa'
Initializing interface (2) 'ath0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
Setting scan request: 0 sec 0 usec
Starting AP scan (broadcast SSID)
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_del_key: keyidx=0
Wireless event: cmd=0x8b1a len=12
EAPOL: Port Timers tick - authWhile=17 heldWhile=0 startWhen=19 idleWhile=49
Wireless event: cmd=0x8b19 len=12
Received 3339 bytes of scan results (14 BSSes)
Scan results: 14
Selecting BSS from priority group 10
0: 00:1c:f0:d9:b0:b2 ssid='PH_AP' wpa_ie_len=28 rsn_ie_len=0
skip - SSID mismatch
1: 00:0b:6b:2c:06:32 ssid='joby-wpa' wpa_ie_len=24 rsn_ie_len=0
skip - blacklisted
2: 00:11:50:ec:0e:dc ssid='Matrix' wpa_ie_len=24 rsn_ie_len=0
skip - SSID mismatch
3: 00:1e:e5:42:ad:9f ssid='RPI-N' wpa_ie_len=26 rsn_ie_len=0
skip - SSID mismatch
4: 00:1b:5b:ba:c9:79 ssid='2WIRE334' wpa_ie_len=0 rsn_ie_len=0
skip - no WPA/RSN IE
5: 00:30:1a:01:00:0c ssid='rooftop' wpa_ie_len=0 rsn_ie_len=0
skip - no WPA/RSN IE
6: 00:18:39:39:29:be ssid='fresver_beauty' wpa_ie_len=0 rsn_ie_len=0
skip - no WPA/RSN IE
7: 00:0f:b5:10:41:a4 ssid='Goddess' wpa_ie_len=0 rsn_ie_len=0
skip - no WPA/RSN IE
8: 00:1c:10:4d:f5:e1 ssid='NCF' wpa_ie_len=0 rsn_ie_len=0
skip - no WPA/RSN IE
9: 00:30:1a:33:38:e8 ssid='NADAL' wpa_ie_len=0 rsn_ie_len=0
skip - no WPA/RSN IE
10: 00:0f:66:83:f6:80 ssid='' wpa_ie_len=0 rsn_ie_len=0
skip - no WPA/RSN IE
11: 00:14:bf:82:35:13 ssid='linksys' wpa_ie_len=0 rsn_ie_len=0
skip - no WPA/RSN IE
12: 00:1c:10:4d:f4:1c ssid='Eugene' wpa_ie_len=0 rsn_ie_len=0
skip - no WPA/RSN IE
13: 00:1b:5b:64:01:29 ssid='2WIRE918' wpa_ie_len=0 rsn_ie_len=0
skip - no WPA/RSN IE
No APs found - clear blacklist and try again
Removed BSSID 00:0b:6b:2c:06:32 from blacklist (clear)
Removed BSSID 00:00:00:00:00:00 from blacklist (clear)
Selecting BSS from priority group 10
0: 00:1c:f0:d9:b0:b2 ssid='PH_AP' wpa_ie_len=28 rsn_ie_len=0
skip - SSID mismatch
1: 00:0b:6b:2c:06:32 ssid='joby-wpa' wpa_ie_len=24 rsn_ie_len=0
selected
Trying to associate with 00:0b:6b:2c:06:32 (SSID='joby-wpa' freq=2432 MHz)
Cancelling scan request
Automatic auth_alg selection: 0x1
WPA: using IEEE 802.11i/D3.0
WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 1
WPA: using GTK TKIP
WPA: using PTK TKIP
WPA: using KEY_MGMT 802.1X
WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01
No keys have been configured - skip key clearing
wpa_driver_madwifi_set_drop_unencrypted: enabled=1
wpa_driver_madwifi_associate
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b1a len=21
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:0b:6b:2c:06:32
Association event - clear replay counter
Associated to a new BSS: BSSID=00:0b:6b:2c:06:32
No keys have been configured - skip key clearing
Associated with 00:0b:6b:2c:06:32
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
TX EAPOL - hexdump(len=18): 00 0b 6b 2c 06 32 00 30 1a 40 90 f7 88 8e 01 01 00 00
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
RX EAPOL from 00:0b:6b:2c:06:32
RX EAPOL - hexdump(len=9): 02 00 00 05 01 00 00 05 01
Setting authentication timeout: 70 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=0
EAP: EAP entering st
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=4):
4a 6f 62 79 Joby
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=27): 00 0b 6b 2c 06 32 00 30 1a 40 90 f7 88 8e 01 00 00 09 02 00 00 09 01 4a 6f 62 79
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, leng at least 99
RX EAPOL from 00:0b:6b:2c:06:32
RX EAPOL - hexdump(len=9): 02 00 00 05 01 01 00 05 01
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=1
EAP: EAP entering state IDENTITY
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=4):
4a 6f 62 79 Joby
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=27): 00 0b 6b 2c 06 32 00 30 1a 40 90 f7 88 8e 01 00 00 09 02 01 00 09 01 4a 6f 62 79
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 9, expecting at least 99
EAPOL: Port Timers tick - authWhile=29 heldWhile=0 startWhen=29 idleWhile=59
RX EAPOL from 00:0b:6b:2c:06:32
RX EAPOL - hexdump(len=10): 02 00 00 06 01 02 00 06 0d 20
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=13 id=2
EAP: EAP entering state GET_METHOD
EAP: initialize selected EAP method (13, TLS)
TLS: Trusted root certificate(s) loaded
EAP: EAP entering state METHOD
EAP-TLS: Received packet(len=6) - Flags 0x20
EAP-TLS: Start
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 72 bytes pending from ssl_out
SSL: 72 bytes left to be sent out (of total 72 bytes)
EAP: method process -> ignore=FALSE methodState=CONT decision=COND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=96): 00 0b 6b 2c 06 32 00 30 1a 40 90 f7 88 8e 01 00 00 4e 02 02 00 4e 0d 00 16 03 01 00 43 01 00 00 3f 03 01 48 93 26 0d 88 c1 e1 44 4d cc bf 7e b5 16 bc f5 41 75 8e 4a 13 1e 5b 24 df 3f 1f ef 94 87 97 b0 00 00 18 00 39 00 35 00 16 00 0a 00 33 00 2f 00 07 00 62 00 15 00 09 00 14 00 08 01 00
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 10, expecting at least 99
RX EAPOL from 00:0b:6b:2c:06:32
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=13 id=3
EAP: EAP entering state METHOD
EAP-TLS: Received packet(len=1024) - Flags 0xc0
EAP-TLS: TLS Message Length: 1808
SSL: Need 794 bytes more input data
SSL: Building ACK
EAP: method process -> ignore=FALSE methodState=CONT decision=COND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=24): 00 0b 6b 2c 06 32 00 30 1a 40 90 f7 88 8e 01 00 00 06 02 03 00 06 0d 00
EAPOL: SUPP_BE entering state RECEIVE
IEEE 802.1X RX: version=2 type=0 length=1024
WPA: EAPOL frame (type 0) discarded, not a Key frame
EAPOL: Port Timers tick - authWhile=29 heldWhile=0 startWhen=28 idleWhile=59
RX EAPOL from 00:0b:6b:2c:06:32
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=13 id=4
EAP: EAP entering state METHOD
EAP-TLS: Received packet(len=804) - Flags 0x80
EAP-TLS: TLS Message Length: 1808
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server hello A
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=1 buf='/C=SG/ST=Singapore/O=SB/OU=SB/CN=sr/emailAddress=sr at sb.com'
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=0 buf='/C=SG/ST=Singapore/L=Singapore/O=SB/OU=SB/CN=rs/emailAddress=rs at sb.com'
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server certificate A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server key exchange A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server certificate request A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server done A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client certificate A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client key exchange A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write certificate verify A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write change cipher spec A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write finished A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 flush data
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read finished A
SSL: SSL_connect - want more data
SSL: 1607 bytes pending from ssl_out
SSL: 1607 bytes left to be sent out (of total 1607 bytes)
SSL: sending 1398 bytes, more fragments will follow
EAP: method process -> ignore=FALSE methodState=CONT decision=COND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - len=1426
EAPOL: SUPP_BE entering state RECEIVE
IEEE 802.1X RX: version=2 type=0 length=804
WPA: EAPOL frame (type 0) discarded, not a Key frame
EAPOL: Port Timers tick - authWhile=29 heldWhile=0 startWhen=27 idleWhile=59
EAPOL: Port Timers tick - authWhile=28 heldWhile=0 startWhen=26 idleWhile=58
EAPOL: Port Timers tick - authWhile=27 heldWhile=0 startWhen=25 idleWhile=57
EAPOL: Port Timers tick - authWhile=26 heldWhile=0 startWhen=24 idleWhile=56
EAPOL: Port Timers tick - authWhile=25 heldWhile=0 startWhen=23 idleWhile=55
EAPOL: Port Timers tick - authWhile=24 heldWhile=0 startWhen=22 idleWhile=54
EAPOL: Port Timers tick - authWhile=23 heldWhile=0 startWhen=21 idleWhile=53
EAPOL: Port Timers tick - authWhile=22 heldWhile=0 startWhen=20 idleWhile=52
EAPOL: Port Timers tick - authWhile=21 heldWhile=0 startWhen=19 idleWhile=51
More information about the HostAP
mailing list