<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:10pt"><DIV>Dear all:</DIV>
<DIV style="FONT-SIZE: 10pt; FONT-FAMILY: times new roman, new york, times, serif">
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">
<DIV style="FONT-SIZE: 10pt; FONT-FAMILY: times new roman, new york, times, serif">
<DIV style="FONT-SIZE: 10pt; FONT-FAMILY: times new roman, new york, times, serif">
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">
<DIV style="FONT-SIZE: 10pt; FONT-FAMILY: times new roman, new york, times, serif">
<DIV style="FONT-SIZE: 10pt; FONT-FAMILY: times new roman, new york, times, serif">
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">
<DIV> <BR> I am now using wpa_supplicant_0.5.10 to implement eap-fast feature,and when I authenticate my wpa_supplicant with CISCO ACS4.1 radius server,ACS4.1 always send Access-Reject.I have been working on it for 2 weeks,but still failed. Can anyone help me,please? The flow is as follows(After wpa_supplicant send <FONT size=2><FONT size=3>PAC TLV Acknowledgment suceess, ACS send Reject </FONT></FONT>):</DIV>
<DIV> <FONT size=2> Authenticating Peer Authenticaton</FONT></DIV>
<DIV><FONT size=2>......</FONT><BR><FONT size=2> Intermediate-Result TLV (Success)<BR> Crypto-Binding TLV(Response) -></FONT></DIV>
<DIV><FONT size=2> <- Result TLV (Success)<BR> [Optional PAC TLV]</FONT></DIV>
<DIV><FONT size=2> Result TLV (Success)<BR> [PAC TLV Acknowledgment] -></FONT></DIV>
<DIV><FONT size=2> TLS channel torn down<BR> (messages sent in clear text)</FONT></DIV>
<DIV> <FONT size=5><STRONG> <-Reject</STRONG></FONT></DIV>
<DIV><STRONG><FONT size=5></FONT></STRONG> </DIV>
<DIV><FONT size=4><STRONG>ACS4.1 radius server reports: "EAP-FAST user was provisoned with new PAC"</STRONG></FONT></DIV>
<DIV><FONT size=4></FONT> </DIV>
<DIV><FONT size=4><STRONG>wpa_supplicant logs are as follows:</STRONG></FONT></DIV>
<DIV>......<BR><FONT size=2>EAP-FAST: No PAC found - starting provisioning<BR>OpenSSL: cipher suites: ADH-AES128-SHA<BR>SSL: (where=0x10 ret=0x1)<BR>SSL: (where=0x1001 ret=0x1)<BR>SSL: SSL_connect:before/connect initialization<BR>SSL: (where=0x1001 ret=0x1)<BR>SSL: SSL_connect:SSLv3 write client hello A<BR>SSL: (where=0x1002 ret=0xffffffff)<BR>SSL: SSL_connect:error in SSLv3 read server hello A<BR>SSL: SSL_connect - want more data<BR>SSL: 50 bytes pending from ssl_out<BR>SSL: 50 bytes left to be sent out (of total 50 bytes)<BR>EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL<BR>......</FONT></DIV>
<DIV><FONT size=2>SSL: (where=0x1001 ret=0x1)<BR>SSL: SSL_connect:SSLv3 read server hello A<BR>SSL: (where=0x1001 ret=0x1)<BR>SSL: SSL_connect:SSLv3 read server key exchange A<BR>SSL: (where=0x1001 ret=0x1)<BR>SSL: SSL_connect:SSLv3 read server done A<BR>SSL: (where=0x1001 ret=0x1)<BR>SSL: SSL_connect:SSLv3 write client key exchange A<BR>SSL: (where=0x1001 ret=0x1)<BR>SSL: SSL_connect:SSLv3 write change cipher spec A<BR>SSL: (where=0x1001 ret=0x1)<BR>SSL: SSL_connect:SSLv3 write finished A<BR>SSL: (where=0x1001 ret=0x1)<BR>SSL: SSL_connect:SSLv3 flush data<BR>SSL: (where=0x1002 ret=0xffffffff)<BR>SSL: SSL_connect:error in SSLv3 read finished A<BR>SSL: SSL_connect - want more data<BR>SSL: 326 bytes pending from ssl_out<BR>SSL: 326 bytes left to be sent out (of total 326 bytes)<BR>EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL<BR>......</FONT></DIV>
<DIV><FONT size=2>EAP-FAST: Decrypted Phase 2 TLV(s) - hexdump(len=59): 01 70 00 45 2b 81 00 00 00 3b 14 03 01 00 01 01 16 03 01 00 30 66 93 b3 a4 ec 7f 85 ad 4f 78 c2 81 af 35 c7 a4 8e a9 7a 6b cc af cd af d1 77 02 4e 18 78 27 4a 38 30 f7 a0 b1 76<BR>SSL: (where=0x1001 ret=0x1)<BR>SSL: SSL_connect:SSLv3 read finished A<BR>SSL: (where=0x20 ret=0x1)<BR>SSL: (where=0x1002 ret=0x1)<BR>SSL: 0 bytes pending from ssl_out<BR>OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)<BR>SSL: No data to be sent out<BR>EAP-FAST: TLS done, proceed to Phase 2<BR>__________________________________________________________________________________________________________________________________<BR>TLS success<BR>__________________________________________________________________________________________________________________________________<BR></FONT></DIV>
<DIV><FONT size=2>......</FONT></DIV>
<DIV><FONT size=2>EAP-FAST: received Phase 2: TLV type 3 length 2 (mandatory)<BR>EAP-FAST: Result TLV - hexdump(len=2): 00 01<BR>EAP-FAST: Result: Success<BR>EAP-FAST: received Phase 2: TLV type 11 length 229 (mandatory)<BR>91 c5 39 e6 52 10 93<BR>EAP-FAST: PAC-Key - hexdump(len=32): [REMOVED]<BR>len_addr=0x63640 hdr_tmp[1]=200 hdr_tmp[2]=8200 )<BR>EAP-FAST: PAC-Opaque - hexdump(len=130): 00 02 00 04 00 10 23 af 72 83 7a a4 67 40 b5 8e 49 b2 9c dc 2f 62 00 06 00 68 00 01 00 01 8c 03 d4 5d 1d ed f0 ca 04 1c 18 5c c9 af ab 22 b7 a8 18 9a 43 e6 ed de 2e e9 14 97 fb f2 7a 6b 1d 43 c3 94 aa ea a9 51 a5 61 c0 5a 1c 7a c2 d6 a1 db 8e 7a 48 0b 4f 63 59 d5 9f 15 1d 65 c5 24 32 3c 8e 05 77 69 d6 bf 54 bb f8 af 84 1e bb 30 ed 91 95 98 8d 53 fb 6f 2b 4e 7f 50 6d 7a e9 4b 23 85 80 b3<BR>len_addr=0x636c6 hdr_tmp[1]=900 hdr_tmp[2]=3700 )<BR>EAP-FAST: PAC-Info - hexdump(len=55): 00 0a 00 02 00 01 00 04 00 10 23 af 72 83 7a a4 67 40 b5 8e 49 b2 9c dc 2f 62 00 05 00 07 74
65 73 74 31 32 33 00 07 00 0e 41 43 53 20 4e 41 43 20 53 65 72 76 65 72<BR>EAP-FAST: Ignored unknown PAC-Info type 10<BR>EAP-FAST: PAC-Info - A-ID - hexdump_ascii(len=16):<BR> 23 af 72 83 7a a4 67 40 b5 8e 49 b2 9c dc 2f 62 </FONT><A href="mailto:#_r_z_g@__I___/b" target=_blank rel=nofollow ymailto="mailto:#_r_z_g@__I___/b"><FONT size=2>#_r_z_g@__I___/b</FONT></A><BR><FONT size=2>EAP-FAST: PAC-Info - I-ID - hexdump_ascii(len=7):<BR> 74 65 73 74 31 32 33 test123 <BR>EAP-FAST: PAC-Info - A-ID-Info - hexdump_ascii(len=14):<BR> 41 43 53 20 4e 41 43 20 53 65 72 76 65 72 ACS NAC Server <BR>EAP-FAST: wrote
1 PAC entries into '/tmp/wpa_supplicant.eap-fast-pac'<BR><FONT size=4>EAP-FAST: Send PAC-Acknowledgement TLV - Provisioning completed successfully</FONT><BR>pac ack info - hexdump(len=16): 80 03 00 02 00 01 80 0b 00 06 00 08 00 02 00 01<BR></FONT><FONT size=2>EAP: Received EAP-Failure<BR>......</FONT></DIV>
<DIV> <BR></DIV>
<DIV> </DIV></DIV><BR>
<HR SIZE=1>
<A href="http://cn.mail.yahoo.com/" target=_blank rel=nofollow>ÑÅ»¢ÓÊÏ䣬ÄúµÄÖÕÉúÓÊÏ䣡</A></DIV></DIV></DIV><BR>
<HR SIZE=1>
<A href="http://cn.mail.yahoo.com/" target=_blank rel=nofollow>ÑÅ»¢ÓÊÏ䣬ÄúµÄÖÕÉúÓÊÏ䣡</A></DIV></DIV></DIV><BR>
<HR SIZE=1>
<A href="http://cn.mail.yahoo.com/" target=_blank rel=nofollow>ÑÅ»¢ÓÊÏ䣬ÄúµÄÖÕÉúÓÊÏ䣡</A></DIV></DIV></div><br>
<hr size=1><a href="http://cn.mail.yahoo.com/"> ÑÅ»¢ÓÊÏ䣬ÄúµÄÖÕÉúÓÊÏ䣡</a></body></html>