WPA2-PEAP problems

Jouni Malinen j at w1.fi
Fri Jul 15 04:25:54 EDT 2011


On Thu, Jul 14, 2011 at 07:40:48AM -0500, Harshal Chhaya wrote:
> Thanks for following up on this. We saw the problem happen on a
> OMAP3-based (i.e. ARM) system. But I think what's more relevant is
> that the client is using an older version of the dot1X supplicant from
> Mentor Graphics (as part of the Nucleus RTOS). It's possible that the
> supplicant has some strange bug that causes this problem. Unfortunately,
> we don't have the option of updating the supplicant (this new AP has to
> work with clients that are already in the field).

OK. This looks like some kind of bug in the supplicant, but I would like
to confirm that that is indeed the case.

> I was really keen to use the authenticator built-in to hostapd but we
> had to fall back to using freeRADIUS for now.
> 
> If you need more logs or any further details, please let me know.

The debug log you sent previously had some of the long lines truncated
and made it difficult for me to manually parse the messages from the
supplicant. As such, I could not easily figure out why there would be
any difference between hostapd and FreeRADIUS as the authentication
server.

If you can easily generate that same error case, i.e., "EAP-PEAP: Length
mismatch in Phase 2 EAP frame (len=75
hdr->length=76)", I would be interested in seeing a complete debug log
from hostapd (-ddK on command line) with all information included. This
is especially needed for the hexdumps of the messages that got
truncated for longer packets.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list