Does wpa supplicant version 0.6.4 support Windows Server 2008NAP IEEE802.1X Enforcement ?
Jouni Malinen
j at w1.fi
Wed Oct 1 03:05:06 EDT 2008
On Wed, Oct 01, 2008 at 01:37:24PM +0900, Tomonari Yoshimura wrote:
> The debug log messages of wap supplicant with our debug messages (### TEST9 ###) are shown below.
Thanks!
> Could you send us the debug log messages you tested wpa supplicant with Windows XP SP3,
> if possible ?
The test I did was using Windows XP SP3 with its supplicant against
hostapd (as a EAP-PEAP server with NAP enabled). I've included the SoH
TLV data that the Microsoft code sent in the end of this message. It
could help in figuring out which values are needed for Windows Server
2008 to accept the SoH TLV.
> (2) SoH TLV is generated and sent back to Server.
> ### TEST9 ### SoH TLV is generated. (we use dummy correlationId)
> Windows Server 2008 NPS event log shows
> ReasonCode 300
> Reason: No authentication information available in the Security Package.
I've no idea what this means..
> We checked tncc_build_soh() in src/eap_peer/tncc.c and Microsoft specifications
> [MS-PEAP] and [MS-SOH], but we cannot find the cause of the error.
Did you add the field marked with TODO? If I remember correctly, some of
them were marked as mandatory in the specification. As a quick test,
you could just copy the data from the SoH example below for
MS-Machine-Inventory, MS-Quarantine-State, and MS-MachineName. It would
be interesting to see whether that is all that is needed to get the
server accepting the message.
EAP-PEAP: SoH TLV - hexdump(len=418):
SoH Header packet:
Outer Type: 00 07 (7)
Length: 01 9e
IANA SMI Code: 00 00 01 37
Inner Type: 00 02 (version 2 - Value: SoH Mode Sub-Header | SSoH |
SoHReportEntry(0+))
Inner Length: 01 96
Value:
SoH Mode Sub-Header:
Outer Type: 00 07 (7)
Length: 00 1e
IANA SMI Code: 00 00 01 37
Value:
Correlation ID: 6f a0 2d f4 d8 51 4e 00 bb 76 28 c4 8a e5 1d f1 01 c8 8d 8e f9 1f a1 32 (== MS-CorrelationId)
Intent Flag: 01 (SoH request message)
Content-Type Flag: 00
SSoH:
System-Health-Id: 00 02 00 04 00 01 37 00
Vendor-Specific: 00 07 00 4f
Vendor ID: 00 00 01 37
Value:
MS-Packet-Info: 03 11 (r=request vers=1)
MS-Machine-Inventory: 01
osVersionMajor: 00 00 00 05 (Server 2003, XP, 2000)
osVersionMinor: 00 00 00 01 (XP)
osVersionBuild: 00 00 0a 28
spVersionMajor: 00 03
spVersionMinor: 00 00
procArch: 00 00 (x86)
MS-MachineName: 05
Length: 00 06
machineName: 4a 6f 75 6e 69 00 ("Jouni")
MS-CorrelationId: 06
correlationId: 6f a0 2d f4 d8 51 4e 00 bb 76 28 c4 8a e5 1d f1 01 c8 8d 8e f9 1f a1 32
MS-Quarantine-State: 02
Flags: 00 09 (ExtState=0 f=1 qState=1)
ProbTime: ff ff ff ff ff ff ff ff
urlLenInBytes: 00 01
url 00
MS-Machine-Inventory-Ex: 08
Reserved: de ca fb ad
ProductType: 01 (The system is a client)
SoHReportEntry:
System-Health-Id: 00 02 00 04
Value: Health ID: IANA SMI Code: 00 01 37 Id: 80
Vendor: 00 07 00 08 00 01 37 80 02 00 00 00
Vendor: 00 07 00 08 00 01 37 80 00 00 01 05
Health-Class: 00 08 00 01 00
Product-Name: 00 0a 00 40 4e 00 6f 00 72 00 74 00 6f 00 6e 00 20 00 49 00 6e 00 74 00 65 00 72 00 6e 00 65 00 74 00 20 00 57 00 6f 00 72 00 6d 00 20 00 50 00 72 00 6f 00 74 00 65 00 63 00 74 00 69 00 6f 00 6e 00 00 00 ("Norton Internet Worm Protection")
Health Class Status: 00 0b 00 04 00 00 00 01
Product-Name: 00 0a 00 24 4d 00 49 00 43 00 52 00 4f 00 53 00 4f 00 46 00 54 00 20 00 50 00 52 00 4f 00 44 00 55 00 43 00 54 00 00 00 ("MICROSOFT PRODUCT")
Health Class Status: 00 0b 00 04 00 00 00 04
Health-Class: 00 08 00 01 01
Product-Name: 00 0a 00 2c 4e 00 6f 00 72 00 74 00 6f 00 6e 00 20 00 41 00 6e 00 74 00 69 00 56 00 69 00 72 00 75 00 73 00 20 00 32 00 30 00 30 00 35 00 00 00 ("Norton AntiVirus 2005")
Health Class Status: 00 0b 00 04 00 00 00 01
Health-Class: 00 08 00 01 03
Health Class Status: 00 0b 00 04 00 00 00 03
Health-Class: 00 08 00 01 04
Health Class Status: 00 0b 00 04 00 ff 00 05
Vendor: 00 07 00 08 00 01 37 80 b3 f1 00 00
Vendor: 00 07 00 05 00 01 37 80 00
Vendor: 00 07 00 08 00 01 37 80 00 40 00 00
note: 00 01 37 80 = NAPSystemHealthID for WSHA/WSHV
--
Jouni Malinen PGP id EFC895FA
More information about the HostAP
mailing list