Help!!! ACS4.1 wpa_supplicant_0.5.10 eap-fast

娟 严 iamyanjuan at yahoo.com.cn
Thu Oct 30 22:49:44 EDT 2008


Dear all:
    
    I am now using wpa_supplicant_0.5.10 to implement eap-fast feature,and when I authenticate my wpa_supplicant with CISCO ACS4.1 radius server,ACS4.1 always send Access-Reject.I have been working on it for 2 weeks,but still failed. Can anyone help me,please? The flow is as follows(After wpa_supplicant send PAC TLV Acknowledgment suceess, ACS send Reject ):
    Authenticating Peer     Authenticaton
......
       Intermediate-Result TLV (Success)
       Crypto-Binding TLV(Response) ->
                                <- Result TLV (Success)
                                  [Optional PAC TLV]
       Result TLV (Success)
       [PAC TLV Acknowledgment] ->
       TLS channel torn down
       (messages sent in clear text)
                               <-Reject
 
ACS4.1 radius server reports: "EAP-FAST user was provisoned with new PAC"
 
wpa_supplicant logs are as follows:
......
EAP-FAST: No PAC found - starting provisioning
OpenSSL: cipher suites: ADH-AES128-SHA
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 50 bytes pending from ssl_out
SSL: 50 bytes left to be sent out (of total 50 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
......
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server hello A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server key exchange A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server done A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client key exchange A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write change cipher spec A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write finished A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 flush data
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read finished A
SSL: SSL_connect - want more data
SSL: 326 bytes pending from ssl_out
SSL: 326 bytes left to be sent out (of total 326 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
......
EAP-FAST: Decrypted Phase 2 TLV(s) - hexdump(len=59): 01 70 00 45 2b 81 00 00 00 3b 14 03 01 00 01 01 16 03 01 00 30 66 93 b3 a4 ec 7f 85 ad 4f 78 c2 81 af 35 c7 a4 8e a9 7a 6b cc af cd af d1 77 02 4e 18 78 27 4a 38 30 f7 a0 b1 76
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read finished A
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 0 bytes pending from ssl_out
OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)
SSL: No data to be sent out
EAP-FAST: TLS done, proceed to Phase 2
__________________________________________________________________________________________________________________________________
TLS success
__________________________________________________________________________________________________________________________________

......
EAP-FAST: received Phase 2: TLV type 3 length 2 (mandatory)
EAP-FAST: Result TLV - hexdump(len=2): 00 01
EAP-FAST: Result: Success
EAP-FAST: received Phase 2: TLV type 11 length 229 (mandatory)
91 c5 39 e6 52 10 93
EAP-FAST: PAC-Key - hexdump(len=32): [REMOVED]
len_addr=0x63640 hdr_tmp[1]=200 hdr_tmp[2]=8200 )
EAP-FAST: PAC-Opaque - hexdump(len=130): 00 02 00 04 00 10 23 af 72 83 7a a4 67 40 b5 8e 49 b2 9c dc 2f 62 00 06 00 68 00 01 00 01 8c 03 d4 5d 1d ed f0 ca 04 1c 18 5c c9 af ab 22 b7 a8 18 9a 43 e6 ed de 2e e9 14 97 fb f2 7a 6b 1d 43 c3 94 aa ea a9 51 a5 61 c0 5a 1c 7a c2 d6 a1 db 8e 7a 48 0b 4f 63 59 d5 9f 15 1d 65 c5 24 32 3c 8e 05 77 69 d6 bf 54 bb f8 af 84 1e bb 30 ed 91 95 98 8d 53 fb 6f 2b 4e 7f 50 6d 7a e9 4b 23 85 80 b3
len_addr=0x636c6 hdr_tmp[1]=900 hdr_tmp[2]=3700 )
EAP-FAST: PAC-Info - hexdump(len=55): 00 0a 00 02 00 01 00 04 00 10 23 af 72 83 7a a4 67 40 b5 8e 49 b2 9c dc 2f 62 00 05 00 07 74 65 73 74 31 32 33 00 07 00 0e 41 43 53 20 4e 41 43 20 53 65 72 76 65 72
EAP-FAST: Ignored unknown PAC-Info type 10
EAP-FAST: PAC-Info - A-ID - hexdump_ascii(len=16):
     23 af 72 83 7a a4 67 40 b5 8e 49 b2 9c dc 2f 62   #_r_z_g at __I___/b
EAP-FAST: PAC-Info - I-ID - hexdump_ascii(len=7):
     74 65 73 74 31 32 33                              test123         
EAP-FAST: PAC-Info - A-ID-Info - hexdump_ascii(len=14):
     41 43 53 20 4e 41 43 20 53 65 72 76 65 72         ACS NAC Server  
EAP-FAST: wrote 1 PAC entries into '/tmp/wpa_supplicant.eap-fast-pac'
EAP-FAST: Send PAC-Acknowledgement TLV - Provisioning completed successfully
pac ack info - hexdump(len=16): 80 03 00 02 00 01 80 0b 00 06 00 08 00 02 00 01
EAP: Received EAP-Failure
......
                              

          
________________________________
雅虎邮箱,您的终生邮箱!
________________________________
雅虎邮箱,您的终生邮箱!
________________________________
雅虎邮箱,您的终生邮箱!


      ___________________________________________________________ 
 雅虎邮箱,您的终生邮箱! 
http://cn.mail.yahoo.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20081031/eda4713c/attachment.htm 


More information about the HostAP mailing list