MS 2008 NPS and PEAP/MSCHAPv2 - wpa_supplicant not connecting
Gulick Tom-WPD384
Tom.Gulick at motorolasolutions.com
Sat Mar 30 15:46:52 EDT 2013
Hi,
We're using OpenSSL 0.9.8p
Server config does not have client certificate required. I got a Wireshark trace of a Win 7 client connecting successfully and the EAP exchange seems the same as wpa_supplicant.
regards,
-tom
________________________________________
From: hostap-bounces at lists.shmoo.com [hostap-bounces at lists.shmoo.com] on behalf of Jouni Malinen [j at w1.fi]
Sent: Saturday, March 30, 2013 1:57 PM
To: hostap at lists.shmoo.com
Subject: Re: MS 2008 NPS and PEAP/MSCHAPv2 - wpa_supplicant not connecting
On Fri, Mar 22, 2013 at 08:08:05PM +0000, Gulick Tom-WPD384 wrote:
> >From Wireshark we see:
> The server sends a TLSv1 message with: Server Hello, Certificate, Certificate-Request, and Server Hello Done
> Supplicant responds with Certificate, Client Key Exchange, Change Cipher Spec, and Encrypted Handshake
> Server resends the first message and then DEAUTH's the supplicant with the reason being "802.1x failed".
>
> What seems different between MS 2008 NPS and the others is its sending Certificate-Request. The others do not have it.
> Supplicant does respond but with Cert but what looks like a zero length certificate.
Which TLS library are you using in this wpa_supplicant build? Is the
server configured to try to use client certificate with PEAP?
--
Jouni Malinen PGP id EFC895FA
_______________________________________________
HostAP mailing list
HostAP at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
More information about the HostAP
mailing list