EAP-FAST authentication on a university campus

Stephen posting at vodacomm.ca
Fri Apr 15 13:02:36 EDT 2011


On 15.04.2011 17:09, Jouni Malinen wrote:
> On Fri, Apr 15, 2011 at 02:11:06PM +0200, Stephen Bosch wrote:
>> my university recently switched to EAP-FAST authentication. Support
>> for Linux users is non-existent.
> 
>> The institution provides the following configuration information and
>> instructions to users:
>>
>> WPA2 Enterprise authentication
>> Encryption: AES (I assume that this is CCMP)
>> Network authentication: PEAP
> 
> That PEAP is in conflict with the switch to EAP-FAST.. Anyway, the logs
> you showed did not get as far as even starting EAP, so this would not
> have changed them.

So, it's not an EAP-FAST network, then? I just assumed it was, since it
doesn't seem to require a certificate.

>>> ap_scan=1
>>> ctrl_interface=/var/run/wpa_supplicant
>>> network={
>>>        ssid="HAB"
>>>        scan_ssid=1
>>>        proto=RSN WPA
>>>        pairwise=CCMP TKIP
>>>        group=CCMP TKIP
>>>        key-mgmt=WPA-EAP
> 
> That "key-mgmt" should be "key_mgmt".

The wicd project seems to be stagnating :(

(Can you suggest a good alternative?)

>>> ap_scan=1
>>> ctrl_interface=/var/run/wpa_supplicant
>>> network={
>>>        ssid="HAB"
>>>        scan_ssid=1
>>>        proto=RSN
>>>        key_mgmt=WPA-EAP
>>>        pairwise=CCMP
>>>        group=CCMP
>>>        eap=PEAP
>>>        identity="<windows_userid>"
>>>        password="<windows_password>"
>>>        phase1="fast_provisioning=1"
>>>        phase2="auth=MSCHAPV2"
> 
> This looks fine in general.
> 
>> It actually attempts a connection then, but still fails:
> 
>>> 0: 00:26:3e:07:21:00 ssid='HAB' wpa_ie_len=0 rsn_ie_len=20 caps=0x11
>>>   selected based on RSN IE
>>>   selected WPA AP 00:26:3e:07:21:00 ssid='HAB'
>>> Trying to associate with 00:26:3e:07:21:00 (SSID='HAB' freq=2462 MHz)
> 
> wpa_supplicant asks the driver to associate with the AP, but the driver
> does not seem to be able to do that. Which driver are you using?

I use the wireless extensions; the command line looks like this:

> wpa_supplicant -i eth2 -c /var/lib/wicd/configurations/00263e072100 -D wext -d

It's odd that it can't associate. The IT department runs a parallel
wireless network, with which I have been able to associate -- although
that network is unencrypted and unauthenticated. We did everything
through a VPN before.

Should I be using a specific driver?

The adapter is an Intel 2915:

> 02:02.0 Network controller: Intel Corporation PRO/Wireless 2915ABG [Calexico2] Network Connection (rev 05)
>         Subsystem: Intel Corporation Device 1012
>         Kernel driver in use: ipw2200
>         Kernel modules: ipw2200

Thanks for the help and wpa_supplicant, Jouni, we'd really be screwed
without you :)

-Stephen


More information about the HostAP mailing list