<div dir="ltr">I succeeded to build hostapd with support for FAST. Now I'm trying to associate wpa_supplicant with hostapd using EAP-FAST.<br><br>I'm running wpa_supplicant on windows XP, and I have patched openssl to support EAP-FAST. Following is my configured network block -<br>
<br>network={<br> ssid="hostap-wpa2-ent"<br> scan_ssid=1<br> key_mgmt=WPA-EAP<br> proto=WPA2<br> pairwise=CCMP<br> group=CCMP<br> eap=FAST<br> anonymous_identity="user"<br> phase1="fast_provisioning=1"<br>
pac_file="C:\test.pac"<br> identity="user"<br> password="testing"<br> ca_cert="C:\ca.der"<br> client_cert="C:\client.der"<br> private_key="C:\clientkey.der"<br>
}<br><br>wpa_supplicant receives EAP failure from hostapd after it sends client hello. I see following error logs at hostapd end-<br><br><-------------START<br><br>ath0: STA 00:13:02:0c:fc:29 IEEE 802.1X: received EAP packet (code=2 id=28 len=56) from STA: EAP Response-FAST (43)<br>
IEEE 802.1X: 00:13:02:0c:fc:29 BE_AUTH entering state RESPONSE<br>IEEE 802.1X: 00:13:02:0c:fc:29 REAUTH_TIMER entering state INITIALIZE<br>IEEE 802.1X: 00:13:02:0c:fc:29 REAUTH_TIMER entering state INITIALIZE<br>EAP: EAP entering state RECEIVED<br>
EAP: parseEapResp: rxResp=1 respId=28 respMethod=43 respVendor=0 respVendorMethod=0<br>EAP: EAP entering state INTEGRITY_CHECK<br>EAP: EAP entering state METHOD_RESPONSE<br>SSL: Received packet(len=56) - Flags 0x01<br>SSL: Received packet: Flags 0x1 Message Length 0<br>
SSL: (where=0x10 ret=0x1)<br>SSL: (where=0x2001 ret=0x1)<br>SSL: SSL_accept:before/accept initialization<br>EAP-FAST: SessionTicket callback<br>EAP-FAST: SessionTicket (PAC-Opaque) - hexdump(len=0): [NULL]<br>EAP-FAST: Ignore invalid SessionTicket<br>
SSL: (where=0x4008 ret=0x228)<br>SSL: SSL3 alert: write (local SSL3 detected an error):fatal:handshake failure<br>SSL: (where=0x2002 ret=0xffffffff)<br>SSL: SSL_accept:error in SSLv3 read client hello C<br>OpenSSL: tls_connection_server_handshake - SSL_accept error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher<br>
SSL: TLS processing failed<br>EAP-FAST: TLS processing failed<br>EAP-FAST: PHASE1 -> FAILURE<br>EAP: EAP entering state SELECT_ACTION<br>EAP: getDecision: method failed -> FAILURE<br>EAP: EAP entering state FAILURE<br>
EAP: Building EAP-Failure (id=28)<br>IEEE 802.1X: 00:13:02:0c:fc:29 BE_AUTH entering state FAIL<br>ath0: STA 00:13:02:0c:fc:29 IEEE 802.1X: Sending EAP Packet (identifier 28)<br>TX EAPOL - hexdump(len=22): 00 13 02 0c fc 29 00 18 4d ed 65 db 88 8e 02 00 00 04 04 1c 00 04<br>
IEEE 802.1X: 00:13:02:0c:fc:29 REAUTH_TIMER entering state INITIALIZE<br>IEEE 802.1X: 00:13:02:0c:fc:29 AUTH_PAE entering state HELD<br>madwifi_set_sta_authorized: addr=00:13:02:0c:fc:29 authorized=0<br>ath0: STA 00:13:02:0c:fc:29 IEEE 802.1X: unauthorizing port<br>
ath0: STA 00:13:02:0c:fc:29 IEEE 802.1X: authentication failed - EAP type: 0 (Unknown)<br>ath0: STA 00:13:02:0c:fc:29 IEEE 802.1X: Supplicant used different EAP type: 43 (FAST)<br>IEEE 802.1X: 00:13:02:0c:fc:29 BE_AUTH entering state IDLE<br>
<br>END-----------------><br><br>Any idea where I'm going wrong?<br><br>Thanks<br>- Paresh<br><br><br><div class="gmail_quote">On Thu, Oct 16, 2008 at 7:58 PM, Jouni Malinen <span dir="ltr"><<a href="mailto:j@w1.fi">j@w1.fi</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">On Thu, Oct 16, 2008 at 01:22:56PM +0530, Paresh Sawant wrote:<br>
<br>
> I have downloaded 0.6.4 dev release, but I don't get how to build the code.<br>
> I see folder src along with hostap and patches, is it documented anywhere<br>
> how to build this 0.6.4 release?<br>
<br>
</div>Did you take a look at the README file that is in the root directory of<br>
the package?<br>
<font color="#888888"><br>
--<br>
</font><div><div></div><div class="Wj3C7c">Jouni Malinen PGP id EFC895FA<br>
_______________________________________________<br>
HostAP mailing list<br>
<a href="mailto:HostAP@lists.shmoo.com">HostAP@lists.shmoo.com</a><br>
<a href="http://lists.shmoo.com/mailman/listinfo/hostap" target="_blank">http://lists.shmoo.com/mailman/listinfo/hostap</a><br>
</div></div></blockquote></div><br></div>