wpa_supplicant WPA Enterprise connecting with wrong credentials

raga naresh raganaresh.thatha at gmail.com
Mon Jan 23 03:21:06 EST 2012 

Hi,
I have two network blocks in my wpa_supplicant.conf file.My
wpa_supplicant.conf file is as shown below:

ctrl_interface=/var/run/wpa_supplicant
fast_reauth=0
update_config=1
network={
    ssid="Cisco21444"
    proto=RSN
    key_mgmt=WPA-EAP
    pairwise=CCMP
    auth_alg=OPEN
    eap=TLS
    identity="arvind"
    ca_cert="/etc/wireless/cacert.pem"
    private_key="/etc/wireless/linux_arvind.p12"
    private_key_passwd="password"
}

network={
    ssid="Cisco21444"
    proto=RSN
    key_mgmt=WPA-EAP
    pairwise=CCMP
    auth_alg=OPEN
    eap=TLS
    identity="arvind"
    ca_cert="/etc/wireless/abcd.pem"
    private_key="/etc/wireless/abcd.p12"
    private_key_passwd="password"
    disabled=1
}

The first network block has correct values and in the second network block
ca_cert and private_key have wrong values(even those files doesn't exist).
I have started wpa_supplicant process and I have made a following sequence
of commands through wpa_cli.
a)select_network 0
b)disconnect
c)select_network 1
Even after loading the wrong network block wpa_supplicant has connected to
the router.I can ping the router as well as my freeradius server.I think
the problem is selecting the second network block is not making  EAP
authentication again.
I have also tried another following sequence of commands through
wpa_cli(This is fresh run of wpa_supplicant process)
a)select_network 0
b)logoff
c)select_network 1
d)logon
Even in this case,logon is not starting EAP authentication and
wpa_supplicant has connected to the router.
The wpa_cli log is below for reference(second sequence of commands)
What can be the solution for this problem.


> status
<2>CTRL-EVENT-SCAN-RESULTS
<2>WPS-AP-AVAILABLE
<2>Trying to associate with 58:6d:8f:26:1a:f8 (SSID='Cisco21444' freq=2462
MHz)
<2>Associated with 58:6d:8f:26:1a:f8
<2>CTRL-EVENT-EAP-STARTED EAP authentication started
<2>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21 -> NAK
<2>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
<2>CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected
<2>CTRL-EVENT-EAP-PEER-CERT depth=1
subject='/C=IN/ST=UttarPradesh/O=SISC/OU=Connectivity/CN=THATHA RAGA NARESH
KUMAR/emailAddress=raganaresh.thatha at gmail.com'
<2>CTRL-EVENT-EAP-PEER-CERT depth=0
subject='/C=IN/ST=UttarPradesh/O=SISC/OU=Connectivity/CN=server/emailAddress=
server at gmail.com'
<2>CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
<2>WPA: Key negotiation completed with 58:6d:8f:26:1a:f8 [PTK=CCMP GTK=CCMP]
<2>CTRL-EVENT-CONNECTED - Connection to 58:6d:8f:26:1a:f8 completed (auth)
[id=0 id_str=]
bssid=58:6d:8f:26:1a:f8
ssid=Cisco21444
id=0
mode=station
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=WPA2/IEEE 802.1X/EAP
wpa_state=COMPLETED
Supplicant PAE state=AUTHENTICATED
suppPortStatus=Authorized
EAP state=SUCCESS
selectedMethod=13 (EAP-TLS)
EAP TLS cipher=DHE-RSA-AES256-SHA
> logoff
OK
> select_network 1
OK
> logon
<2>CTRL-EVENT-DISCONNECTED bssid=00:00:00:00:00:00 reason=0
<2>CTRL-EVENT-DISCONNECTED bssid=00:00:00:00:00:00 reason=0
<2>CTRL-EVENT-BSS-ADDED 11 58:6d:8f:26:1a:f9
<2>CTRL-EVENT-SCAN-RESULTS
<2>WPS-AP-AVAILABLE
<2>Trying to associate with 58:6d:8f:26:1a:f8 (SSID='Cisco21444' freq=2462
MHz)
<2>Associated with 58:6d:8f:26:1a:f8
<2>WPA: Key negotiation completed with 58:6d:8f:26:1a:f8 [PTK=CCMP GTK=CCMP]
<2>CTRL-EVENT-CONNECTED - Connection to 58:6d:8f:26:1a:f8 completed
(reauth) [id=1 id_str=]
OK
> status
bssid=58:6d:8f:26:1a:f8
ssid=Cisco21444
id=1
mode=station
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=WPA2/IEEE 802.1X/EAP
wpa_state=COMPLETED
Supplicant PAE state=AUTHENTICATED
suppPortStatus=Authorized
EAP state=SUCCESS



Thanks & Regards,
Naresh.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20120123/6a987b20/attachment.htm

More information about the HostAP mailing list