EAP-TLS: Linux wpa_supplicant does not work for wired network

Shangguan, Xuan (FXSGSC) Xuan.Shangguan at fujixerox.com
Wed Apr 8 06:37:13 EDT 2009


Hi:
 
The testing enviornment:
------------------------
Server: FreeRadious.net V1.1.7. 
Certs: created via openssl-0.9.8i  
Clients: a linux client (wpa_supplicant) and a XP client

Testing results:
----------------
MD5 is workable from both the XP and Linux clients. 
TLS (using the same batch certs) is only workable from the XP client. 

Server config:
--------------
<<eap.conf>>
------------
default_eap_type = tls
tls {
private_key_password = whatever
private_key_file = /etc/mycerts/srv_cert.pem
certificate_file = /etc/mycerts/srv_cert.pem
}

Wpa_supplicant config:
----------------------
1. command: wpa_suppliicant -ieth0 -c/etc/wpa_supplicant/xuan/wpa_supplicant_tls.c        onf -Dwired -dd

2. <<wpa_supplicant_tls.conf>>
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
ap_scan=0
fast_reauth=0

network={
    ssid="test"
    key_mgmt=IEEE8021X
    eap=TLS
    identity="clt_cert"
    ca_cert="/etc/wpa_supplicant/xuan/root.pem"
    client_cert="/etc/wpa_supplicant/xuan/clt_cert.pem"
    private_key="/etc/wpa_supplicant/xuan/clt_cert.pem"
    private_key_passwd="whatever"
    eapol_flags=0
}

Some Error Trace:
----------------
Initializing interface 'eth0' conf '/etc/wpa_supplicant/xuan/wpa_supplicant_tls.conf' driver 'wired' ctrl_interface 'N/A'
Configuration file '/etc/wpa_supplicant/xuan/wpa_supplicant_tls.conf' -> '/etc/wpa_supplicant/xuan/wpa_supplicant_tls.conf'
Reading configuration file '/etc/wpa_supplicant/xuan/wpa_supplicant_tls.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group=0
ap_scan=0
fast_reauth=0
Line: 6 - start of a new network block
ssid - hexdump_ascii(len=4):
     74 65 73 74                                       test            
key_mgmt: 0x8
eap methods - hexdump(len=2): 0d 00
identity - hexdump_ascii(len=8):
     63 6c 74 5f 63 65 72 74                           clt_cert        
ca_cert - hexdump_ascii(len=33):
     2f 65 74 63 2f 77 70 61 5f 73 75 70 70 6c 69 63   /etc/wpa_supplic
     61 6e 74 2f 78 75 61 6e 2f 72 6f 6f 74 2e 70 65   ant/xuan/root.pe
     6d                                                m               
client_cert - hexdump_ascii(len=37):
     2f 65 74 63 2f 77 70 61 5f 73 75 70 70 6c 69 63   /etc/wpa_supplic
     61 6e 74 2f 78 75 61 6e 2f 63 6c 74 5f 63 65 72   ant/xuan/clt_cer
     74 2e 70 65 6d                                    t.pem           
private_key - hexdump_ascii(len=37):
     2f 65 74 63 2f 77 70 61 5f 73 75 70 70 6c 69 63   /etc/wpa_supplic
     61 6e 74 2f 78 75 61 6e 2f 63 6c 74 5f 63 65 72   ant/xuan/clt_cer
     74 2e 70 65 6d                                    t.pem           
private_key_passwd - hexdump_ascii(len=8): [REMOVED]
eapol_flags=0 (0x0)
Priority group 0
   id=0 ssid='test'
Initializing interface (2) 'eth0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_wired_init: Added multicast membership with packet socket
Own MAC address: 00:00:aa:7d:a7:b2
Setting scan request: 0 sec 100000 usec
Added interface eth0
RX EAPOL from 00:1c:f0:a8:ab:74
RX EAPOL - hexdump(len=46): 01 00 00 04 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
EAPOL: Received EAP-Packet frame
RX EAPOL from 00:1c:f0:a8:ab:74
RX EAPOL - hexdump(len=46): 01 00 00 0f 01 01 00 0f 01 55 73 65 72 20 6e 61 6d 65 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
EAPOL: Received EAP-Packet frame
RX EAPOL from 00:1c:f0:a8:ab:74
RX EAPOL - hexdump(len=46): 01 00 00 0f 01 02 00 0f 01 55 73 65 72 20 6e 61 6d 65 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
EAPOL: Received EAP-Packet frame




More information about the HostAP mailing list