More questions on hs20/OSU keys and configuration.

Ben Greear greearb at
Wed Mar 25 19:34:00 EDT 2015

I think I am getting quite close now...but now I am hitting something
that is a bit bothersome.

The osu_client completes, telling supplicant to connect to the real AP.
I am using the 'free' user in this case.

But, it seems that supplicant is using anonymous@, and so the radius server
does not find the user in the eap_user.db file and supplicant cannot connect.

Here is a bit of the logs from the VAP:

1427325176.340761: 1427325176.340762: vap2: STA 00:0e:8e:4e:57:97 IEEE 802.1X: received EAP packet (code=2 id=81 len=39) from STA: EAP Response-Identity (1)
1427325176.340781: IEEE 802.1X: 00:0e:8e:4e:57:97 BE_AUTH entering state RESPONSE
1427325176.340790: EAP: EAP entering state RECEIVED
1427325176.340796: EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=81 respMethod=1 respVendor=0 respVendorMethod=0
1427325176.340803: EAP: EAP entering state INTEGRITY_CHECK
1427325176.340809: EAP: EAP entering state METHOD_RESPONSE
1427325176.340815: EAP-Identity: Peer identity - hexdump_ascii(len=34):
     61 6e 6f 6e 79 6d 6f 75 73 40 62 65 6e 2d 6f 74   anonymous at ben-ot
     61 2d 32 2e 6c 61 6e 66 6f 72 67 65 2e 6c 6f 63   a-2.lanforge.loc
     61 6c                                             al
1427325176.340845: EAP: EAP entering state SELECT_ACTION
1427325176.340851: EAP: getDecision: -> PASSTHROUGH
1427325176.340857: EAP: EAP entering state INITIALIZE_PASSTHROUGH
1427325176.340863: EAP: EAP entering state AAA_REQUEST
1427325176.340869: EAP: EAP entering state AAA_IDLE
1427325176.340878: 1427325176.340879: vap2: STA 00:0e:8e:4e:57:97 IEEE 802.1X: STA identity 'anonymous at ben-ota-2.lanforge.local'
1427325176.340885: Encapsulating EAP message into a RADIUS packet
1427325176.340914: 1427325176.340914: vap2: RADIUS Sending RADIUS message to authentication server
1427325176.340922: RADIUS message: code=1 (Access-Request) identifier=2 length=256
1427325176.340928:    Attribute 1 (User-Name) length=36

The last bit of the osu-client logs look like this:

CURLINFO_DATA_IN[<soap12:Envelope xmlns:soap12=""><soap12:Body><spp:sppExchangeComplete
xmlns:spp="" spp:sppVersion="1.0" spp:sessionID="7cd5588f3220d9cb8811e6984fb80adb"
spp:sppStatus="Exchange complete, release TLS connection"/></soap12:Body></soap12:Envelope>]
CURLINFO_TEXT[STATE: PERFORM => DONE handle 0x1798328; line 1626 (connection #1) ]
CURLINFO_TEXT[Connection #1 to host osu-server.ben-ota-2.lanforge.local left intact]
SOAP: Server response code 200
Server response:
<soap12:Envelope xmlns:soap12=""><soap12:Body><spp:sppExchangeComplete
xmlns:spp="" spp:sppVersion="1.0" spp:sessionID="7cd5588f3220d9cb8811e6984fb80adb"
spp:sppStatus="Exchange complete, release TLS connection"/></soap12:Body></soap12:Envelope>
SOAP body localname: 'sppExchangeComplete'
[hs20] sppExchangeComplete: '<spp:sppExchangeComplete xmlns:spp="" spp:sppVersion="1.0"
spp:sessionID="7cd5588f3220d9cb8811e6984fb80adb" spp:sppStatus="Exchange complete, release TLS connection"/>'
[hs20] sppStatus: 'Exchange complete, release TLS connection'  sessionID: '7cd5588f3220d9cb8811e6984fb80adb'
Updating wpa_supplicant credentials
Set PPS MO info to wpa_supplicant - SP FQDN ben-ota-2.lanforge.local
wpa_command(ifname='wlan1', cmd='REMOVE_CRED provisioning_sp=ben-ota-2.lanforge.local')
- UpdateIdentifier = 1
wpa_command(ifname='wlan1', cmd='ADD_CRED')
wpa_command(ifname='wlan1', cmd='SET_CRED 0 update_identifier 1')
wpa_command(ifname='wlan1', cmd='SET_CRED 0 provisioning_sp "ben-ota-2.lanforge.local"')
credential localname: 'Credential1'
- CredentialPriority = 1
wpa_command(ifname='wlan1', cmd='SET_CRED 0 sp_priority 1')
- AAAServerTrustRoot - TODO
- SubscriptionUpdate
- HomeSP
- HomeSP/FriendlyName = LANforge Example Operator
- HomeSP/FQDN = ben-ota-2.lanforge.local
wpa_command(ifname='wlan1', cmd='SET_CRED 0 domain "ben-ota-2.lanforge.local"')
wpa_command(ifname='wlan1', cmd='SET_CRED 0 domain_suffix_match "ben-ota-2.lanforge.local"')
- SubscriptionParameters
- Credential
- Credential/CreationDate = 2015-03-25T23:12:12Z
- Credential/UsernamePassword
- Credential/UsernamePassword/Username = free
wpa_command(ifname='wlan1', cmd='SET_CRED 0 username "free"')
- Credential/UsernamePassword/Password = free
wpa_command(ifname='wlan1', cmd='SET_CRED 0 password 66726565')
- Credential/UsernamePassword/MachineManaged = TRUE
- Credential/UsernamePassword/EAPMethod - TODO
- Credential/Realm = ben-ota-2.lanforge.local
wpa_command(ifname='wlan1', cmd='SET_CRED 0 realm "ben-ota-2.lanforge.local"')
wpa_command(ifname='wlan1', cmd='SET_CRED 0 ca_cert "/home/lanforge/wifi/osu_wlan1/SP/ben-ota-2.lanforge.local/aaa-ca.pem"')
Remove OSU network connection
wpa_command(ifname='wlan1', cmd='REMOVE_NETWORK 1')
Requesting reconnection with updated configuration
wpa_command(ifname='wlan1', cmd='INTERWORKING_SELECT auto')

Any idea what may be the issue?


Ben Greear <greearb at>
Candela Technologies Inc

More information about the HostAP mailing list