MS 2008 NPS and PEAP/MSCHAPv2 - wpa_supplicant not connecting

Gulick Tom-WPD384 Tom.Gulick at
Wed Apr 3 15:17:59 EDT 2013

Hi Jouni,

That's my take as well. I hope to get the logs from the MS2008 NPS next week and hopefully they will provide insight as to why it's not happy with wpa_supplicant.


-----Original Message-----
From: hostap-bounces at [mailto:hostap-bounces at] On Behalf Of Jouni Malinen
Sent: Wednesday, April 03, 2013 2:56 PM
To: hostap at
Subject: Re: MS 2008 NPS and PEAP/MSCHAPv2 - wpa_supplicant not connecting

On Wed, Apr 03, 2013 at 05:27:34PM +0000, Gulick Tom-WPD384 wrote:
> Here's the log from wpa_supplicant:

This seemed to show OpenSSL completing TLS exchange for Phase 1 and waiting for the server to start Phase 2.. just to be rejected by EAP-Failure. I don't see anything obviously wrong in this exchange until the part where the server sends EAP-Failure.

> We're using OpenSSL 0.9.8p
> Server config does not have client certificate required. I got a Wireshark trace of a Win 7 client connecting successfully and the EAP exchange seems the same as wpa_supplicant. 

Could you please send me capture files showing a successful exchange with a Windows 7 client and the failed one with wpa_supplicant?

Jouni Malinen                                            PGP id EFC895FA
HostAP mailing list
HostAP at

More information about the HostAP mailing list