I am trying to use EAP-FAST under Windows XP SP2. I am using WPA-Supplicant 5.2. So far no luck. I am wondering if anyone has made it work under Windows. And here is my configuration and output messages. I have changed several parameters back and forth, but still not working. I'll appreciate if you can point out any mistake. Thanks!
<br clear="all"><br>config file as follow:<br>+++++++++++++++++++++++++<br>eapol_version=1<br><br>ap_scan=1<br><br><br># EAP-FAST with WPA (WPA or WPA2)<br>network={<br> ssid="Voice"<br> key_mgmt=WPA-EAP<br>
eap=FAST<br> pairwise=TKIP<br> anonymous_identity="anonymous"<br> identity="user"<br> password="password"<br> phase1="fast_provisioning=1"<br># phase2="auth=MSCHAPV2"
<br> pac_file="C:/wpa_supplicanteap-fast.pac"<br> #pac_file="blob://eap-fast-pac"<br>}<br><br>+++++++++++++++++++<br>Output :<br><br>C:\WPA-Supplicant\wpa_supplicant-windows-bin-0.5.2>.\wpa_supplicant.exe -i ORiNO
<br>CO -c EAP-FAST.conf -d<br>Initializing interface 'ORiNOCO' conf 'EAP-FAST.conf' driver 'default' ctrl_inte<br>rface 'N/A' bridge 'N/A'<br>Reading configuration file 'EAP-FAST.conf'<br>eapol_version=2<br>ap_scan=1<br>Line 19: removed CCMP from group cipher list since it was not allowed for pairwi
<br>se cipher<br>Priority group 0<br> id=0 ssid='Voice'<br>Initializing interface (2) 'ORiNOCO'<br>EAPOL: SUPP_PAE entering state DISCONNECTED<br>EAPOL: KEY_RX entering state NO_KEY_RECEIVE<br>EAPOL: SUPP_BE entering state INITIALIZE
<br>EAP: EAP entering state DISABLED<br>EAPOL: External notification - portEnabled=0<br>EAPOL: External notification - portValid=0<br>NDIS: Packet.dll version: 3, 1, 0, 27<br>NDIS: 4 adapter names found<br>NDIS: 4 adapter descriptions found
<br>NDIS: 0 - \Device\NPF_GenericDialupAdapter - Generic dialup adapter<br>NDIS: 1 - \Device\NPF_{3916E046-39B1-4861-8C57-BD59B4EAEA25} - ORiNOCO 802.11abg<br> ComboCard Gold (Microsoft's Packet Scheduler)<br>NDIS: 2 - \Device\NPF_{E81584C8-9FF2-4088-9561-C06D101E14B9} - Dell Wireless 145
<br>0 Dual Band WLAN Mini-PCI Card (Microsoft's Packet Scheduler)<br>NDIS: 3 - \Device\NPF_{47450170-B5B3-4E94-96C0-84459019AB71} - Broadcom NetXtrem<br>e Gigabit Ethernet Driver (Microsoft's Packet Scheduler)<br>NDIS: Matched interface '\Device\NPF_{3916E046-39B1-4861-8C57-BD59B4EAEA25}' bas
<br>ed on description 'ORiNOCO 802.11abg ComboCard Gold (Microsoft's Packet Schedule<br>r) '<br>NDIS: Adapter description prefix 'ORiNOCO 802.11abg ComboCard Gold'<br>ndis_get_oid: oid=0xd010122 len (512) failed<br>NDIS: verifying driver WPA capability
<br>NDIS: WPA key management supported<br>NDIS: WPA-PSK key management supported<br>NDIS: CCMP encryption supported<br>NDIS: TKIP encryption supported<br>NDIS: driver supports WPA<br>NDIS: driver capabilities: key_mgmt 0x5 enc 0xc auth 0x3
<br>Connected to ROOT\WMI.<br>Driver interface replaced interface name with '\Device\NPF_{3916E046-39B1-4861-8<br>C57-BD59B4EAEA25}'<br>Own MAC address: 00:20:a6:51:59:43<br>wpa_driver_ndis_set_wpa: enabled=1<br>ndis_get_oid: oid=0xd010101 len (6) failed
<br>ndis_get_oid: oid=0xd010101 len (6) failed<br>ndis_get_oid: oid=0xd010101 len (6) failed<br>ndis_get_oid: oid=0xd010101 len (6) failed<br>Setting scan request: 0 sec 100000 usec<br>Added interface \Device\NPF_{3916E046-39B1-4861-8C57-BD59B4EAEA25}
<br>State: DISCONNECTED -> SCANNING<br>Starting AP scan (broadcast SSID)<br>Trying to get current scan results first without requesting a new scan to speed<br>up initial association<br>Scan results: 0<br>Selecting BSS from priority group 0
<br>No suitable AP found.<br>Setting scan request: 0 sec 0 usec<br>Starting AP scan (broadcast SSID)<br>NDIS: turning radio on before the first scan<br>ndis_get_oid: oid=0xd010101 len (6) failed<br>Scan timeout - try to get results
<br>Scan results: 3<br>Selecting BSS from priority group 0<br>0: 00:13:10:bc:b6:d0 ssid='deco_designs' wpa_ie_len=24 rsn_ie_len=0 caps=0x10<br> skip - SSID mismatch<br>1: 00:11:20:ee:70:5d ssid='WLAB-A' wpa_ie_len=24 rsn_ie_len=0 caps=0x10
<br> skip - SSID mismatch<br>2: 00:12:d9:c8:be:50 ssid='Voice' wpa_ie_len=26 rsn_ie_len=0 caps=0x10<br> selected based on WPA IE<br>Trying to associate with 00:12:d9:c8:be:50 (SSID='Voice' freq=5220 MHz)<br>Cancelling scan request
<br>WPA: clearing own WPA/RSN IE<br>Automatic auth_alg selection: 0x1<br>WPA: using IEEE 802.11i/D3.0<br>WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 1<br>WPA: set AP WPA IE - hexdump(len=26): dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00
<br>00 50 f2 02 01 00 00 50 f2 01 28 00<br>WPA: clearing AP RSN IE<br>WPA: using GTK TKIP<br>WPA: using PTK TKIP<br>WPA: using KEY_MGMT 802.1X<br>WPA: Set own WPA IE default - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2
<br>02 01 00 00 50 f2 02 01 00 00 50 f2 01<br>No keys have been configured - skip key clearing<br>State: SCANNING -> ASSOCIATING<br>Setting authentication timeout: 10 sec 0 usec<br>EAPOL: External notification - portControl=Auto
<br>MSNdis_StatusMediaConnect<br> InstanceName: 'ORiNOCO 802.11abg ComboCard Gold'<br>NDIS: event - type 0<br>NDIS: Media Connect Event<br>NDIS: ReqFixed=0x3 RespFixed=0x7 off_req=40 off_resp=140 len_req=100 len_resp=68<br>
<br>NDIS: 3 BSSID items to process for AssocInfo<br>Association info event<br>req_ies - hexdump(len=100): 00 05 56 6f 69 63 65 01 08 0c 12 18 24 30 48 60 6c d<br>d 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 85 1e 00
<br>00 66 00 00 00 00 00 18 00 00 00 00 00 08 60 a4 85 00 00 00 00 00 00 00 00 00 00<br> 00 00 95 0a 00 40 96 00 00 00 00 00 00 00 dd 06 00 40 96 01 01 00 dd 05 00 40 9<br>6 03 02<br>resp_ies - hexdump(len=68): 01 08 8c 12 98 24 b0 48 60 6c 85 1e 00 00 84 00 0f 0
<br>0 ff 03 01 00 43 69 73 63 6f 31 00 c8 00 6f e3 4c 00 af dd 30 00 00 00 26 95 0a<br>00 40 96 00 0a 0a 0a 0a 01 00 dd 05 00 40 96 03 04 dd 05 00 40 96 0b 01<br>beacon_ies - hexdump(len=43): 00 05 56 6f 69 63 65 01 08 8c 12 98 24 b0 48 60 6c
<br> dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 28 00<br>WPA: set own WPA/RSN IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 0<br>1 00 00 50 f2 02 01 00 00 50 f2 01<br>WPA: set AP WPA IE - hexdump(len=26): dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00
<br>00 50 f2 02 01 00 00 50 f2 01 28 00<br>WPA: clearing AP RSN IE<br>State: ASSOCIATING -> ASSOCIATED<br>Associated to a new BSS: BSSID=00:12:d9:c8:be:50<br>No keys have been configured - skip key clearing<br>Associated with 00:12:d9:c8:be:50
<br>WPA: Association event - clear replay counter<br>EAPOL: External notification - portEnabled=0<br>EAPOL: External notification - portValid=0<br>EAPOL: External notification - portEnabled=1<br>EAPOL: SUPP_PAE entering state CONNECTING
<br>EAPOL: SUPP_BE entering state IDLE<br>EAP: EAP entering state INITIALIZE<br>EAP: EAP entering state IDLE<br>Setting authentication timeout: 10 sec 0 usec<br>RX EAPOL from 00:12:d9:c8:be:50<br>Setting authentication timeout: 70 sec 0 usec
<br>EAPOL: Received EAP-Packet frame<br>EAPOL: SUPP_PAE entering state RESTART<br>EAP: EAP entering state INITIALIZE<br>EAP: EAP entering state IDLE<br>EAPOL: SUPP_PAE entering state AUTHENTICATING<br>EAPOL: SUPP_BE entering state REQUEST
<br>EAPOL: getSuppRsp<br>EAP: EAP entering state RECEIVED<br>EAP: Received EAP-Request id=1 method=1 vendor=0 vendorMethod=0<br>EAP: EAP entering state IDENTITY<br>CTRL-EVENT-EAP-STARTED EAP authentication started<br>EAP: EAP-Request Identity data - hexdump_ascii(len=38):
<br> 00 6e 65 74 77 6f 72 6b 69 64 3d 56 6f 69 63 65 _networkid=Voice<br> 2c 6e 61 73 69 64 3d 43 69 73 63 6f 31 2c 70 6f ,nasid=Cisco1,po<br> 72 74 69 64 3d 30 rtid=0<br>EAP: using anonymous identity - hexdump_ascii(len=9):
<br> 61 6e 6f 6e 79 6d 6f 75 73 anonymous<br>EAP: EAP entering state SEND_RESPONSE<br>EAP: EAP entering state IDLE<br>EAPOL: SUPP_BE entering state RESPONSE<br>EAPOL: txSuppRsp<br>EAPOL: SUPP_BE entering state RECEIVE
<br>RX EAPOL from 00:12:d9:c8:be:50<br>EAPOL: Received EAP-Packet frame<br>EAPOL: SUPP_BE entering state REQUEST<br>EAPOL: getSuppRsp<br>EAP: EAP entering state RECEIVED<br>EAP: Received EAP-Request id=2 method=43 vendor=0 vendorMethod=0
<br>EAP: EAP entering state GET_METHOD<br>EAP: initialize selected EAP method: vendor 0 method 43 (FAST)<br>EAP-FAST: Automatic PAC provisioning is allowed<br>EAP-FAST: Phase2 EAP types - hexdump(len=8): 00 00 00 00 1a 00 00 00
<br>EAP-FAST: read 1 PAC entries from 'C:/wpa_supplicanteap-fast.pac'<br>CTRL-EVENT-EAP-METHOD EAP vendor 0 method 43 (FAST) selected<br>EAP: EAP entering state METHOD<br>SSL: Received packet(len=26) - Flags 0x21<br>EAP-FAST: Start (server ver=1, own ver=1)
<br>EAP-FAST: Using FAST version 1<br>EAP-FAST: A-ID - hexdump_ascii(len=16):<br> 4c 4f 43 41 4c 20 52 41 44 49 55 53 20 53 45 52 LOCAL RADIUS SER<br>EAP-FAST: PAC found for this A-ID<br>SSL: (where=0x10 ret=0x1)<br>
SSL: (where=0x1001 ret=0x1)<br>SSL: SSL_connect:before/connect initialization<br>SSL: (where=0x1001 ret=0x1)<br>SSL: SSL_connect:SSLv3 write client hello A<br>SSL: (where=0x1002 ret=0xffffffff)<br>SSL: SSL_connect:error in SSLv3 read server hello A
<br>SSL: SSL_connect - want more data<br>SSL: 240 bytes pending from ssl_out<br>SSL: 240 bytes left to be sent out (of total 240 bytes)<br>EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL<br>EAP: EAP entering state SEND_RESPONSE
<br>EAP: EAP entering state IDLE<br>EAPOL: SUPP_BE entering state RESPONSE<br>EAPOL: txSuppRsp<br>EAPOL: SUPP_BE entering state RECEIVE<br>RX EAPOL from 00:12:d9:c8:be:50<br>EAPOL: Received EAP-Packet frame<br>EAPOL: SUPP_BE entering state REQUEST
<br>EAPOL: getSuppRsp<br>EAP: EAP entering state RECEIVED<br>EAP: Received EAP-Request id=3 method=43 vendor=0 vendorMethod=0<br>EAP: EAP entering state METHOD<br>SSL: Received packet(len=594) - Flags 0x81<br>SSL: TLS Message Length: 584
<br>EAP-FAST: client_random - hexdump(len=32): 44 20 ab 13 3c 51 4c b4 fd b5 86 7b d<br>e 88 31 9a f6 79 6d 03 22 c9 0c 5b e5 f1 1e 80 92 dc 10 9c<br>EAP-FAST: server_random - hexdump(len=32): d3 f8 78 7b 75 d3 f8 36 19 47 31 19 c
<br>f 19 47 b6 0d 61 7f 64 bc 0d 61 70 59 5a 14 74 9f 59 5a bb<br>EAP-FAST: TLS pre-master-secret - hexdump(len=48): [REMOVED]<br>SSL: (where=0x4008 ret=0x22f)<br>SSL: SSL3 alert: write (local SSL3 detected an error):fatal:illegal parameter
<br>SSL: (where=0x1002 ret=0xffffffff)<br>SSL: SSL_connect:error in SSLv3 read server hello B<br>OpenSSL: tls_connection_handshake - SSL_connect error:14092105:SSL routines:SSL3<br>_GET_SERVER_HELLO:wrong cipher returned<br>
SSL: 7 bytes pending from ssl_out<br>SSL: Failed - tls_out available to report error<br>SSL: 7 bytes left to be sent out (of total 7 bytes)<br>EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL<br>EAP: EAP entering state SEND_RESPONSE
<br>EAP: EAP entering state IDLE<br>EAPOL: SUPP_BE entering state RESPONSE<br>EAPOL: txSuppRsp<br>EAPOL: SUPP_BE entering state RECEIVE<br>RX EAPOL from 00:12:d9:c8:be:50<br>EAPOL: Received EAP-Packet frame<br>EAPOL: SUPP_BE entering state REQUEST
<br>EAPOL: getSuppRsp<br>EAP: EAP entering state RECEIVED<br>EAP: Received EAP-Failure<br>EAP: EAP entering state FAILURE<br>CTRL-EVENT-EAP-FAILURE EAP authentication failed<br>EAPOL: SUPP_PAE entering state HELD<br>EAPOL: SUPP_BE entering state RECEIVE
<br>EAPOL: SUPP_BE entering state FAIL<br>EAPOL: SUPP_BE entering state IDLE<br>CTRL-EVENT-TERMINATING - signal 0 received<br>Removing interface \Device\NPF_{3916E046-39B1-4861-8C57-BD59B4EAEA25}<br>State: ASSOCIATED -> DISCONNECTED
<br>No keys have been configured - skip key clearing<br>EAPOL: External notification - portEnabled=0<br>EAPOL: SUPP_PAE entering state DISCONNECTED<br>EAPOL: SUPP_BE entering state INITIALIZE<br>EAP: EAP entering state DISABLED
<br>EAPOL: External notification - portValid=0<br>wpa_driver_ndis_set_wpa: enabled=0<br>No keys have been configured - skip key clearing<br>ndis_set_oid: oid=0xd010115 len (4) failed<br>NDIS: failed to disassociate and turn radio off
<br>EAP: deinitialize previously used EAP method (43, FAST) at EAP deinit<br>Cancelling scan request<br><br>C:\WPA-Supplicant\wpa_supplicant-windows-bin-0.5.2><br>