Does wpa supplicant version 0.6.4 support Windows Server 2008 NAP IEEE802.1X Enforcement ?

Jouni Malinen j at w1.fi
Tue Sep 30 02:47:17 EDT 2008


On Tue, Sep 30, 2008 at 12:39:29PM +0900, Tomonari Yoshimura wrote:

> I tried to test Microsoft NAP IEEE802.1x Enforcement using wpa supplicant version 0.6.4 eap_peap as a peer and Microsoft Windows
> Server 2008 as an NPS.

I don't have Windows Server 2008 and have only tested this indirectly by
implementing server side in hostapd and testing it with Windows XP SP3
supplicant and then verifying that wpa_supplicant works with the same
server implementation, too. In other words, most of the basic
implementation is there, but it has not been fully validated. In
addition, please not that the SoH that is sent as a reply does not
contain all the information and some of the (possibly required) fields
do not make much sense on non-Windows platforms.

> However the EAP PEAP sequence stops just after sending SoH TLV from Peer to Server,
> as a response to SoH Request TLV from Server.

If you can get debug log from the server (I would hope it is available
in the event log), it would be interesting to see what the server said
as a reason for rejecting the packet (I would assume it is the server
rejecting the SoH). You can see the TODO comments in src/eap_peer/tncc.c
tncc_build_soh() function for number of fields. Some of these fields are
likely required, so at minimum, some dummy values could be needed to
make the server accept the SoH.

I did not complete the implementation since I didn't have the Microsoft
server to test against. I would hope that the remaining parts are quite
minimal if a suitable server is available for testing.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list