Does wpa supplicant version 0.6.4 support Windows Server2008NAP IEEE802.1X Enforcement ?

[Jouni Malinen]

On Wed, Oct 01, 2008 at 04:39:14PM -0700, James Woo wrote:

> I got thru if I use Jouni's SoH data.

I added generation of all the mandatory fields into wpa_supplicant (in
git development branch 0.6.x). It would be interesting to see whether
you'll get the same results with that one. The vendor specific
attributes in SSoH are more or less the same, but there is no
SoHReportEntry. Anyway, there should be zero or more of those, so zero
sounds like the easiest option here.. ;-)

> But it still failed authentication with the following error messages:
> "EAP-TLV: Unsupported TLV Type 7" and

That is most likely fine. TLV type 7 is vendor specific TLV and the
vendor id seems to indicate this is some Microsoft data. I would assume
this can be safely ignored since it does not have mandatory bit set. If
not, one would hope this is documented somewhere.

> "EAP-PEAP: Invalid Compound_MAC in cryptobinding TLV"

This is unfortunate. I haven't seen problems with Compound_MAC when
testing my server code with Windows XP SP3 supplicant. Since
wpa_supplicant works with that server code, I would have hoped this
would also mean it works with Windows Server. I'm not sure what could be
causing this here. The test runs I've done with hostapd as the server
and Windows XP as the client seem to go through the exact same sequence
and Compound_MAC is matching there. Have you tested crypto binding
without SoH/NAP?

-- 
Jouni Malinen                                            PGP id EFC895FA